Glossary of Security Terminology

A5: a trade-secret cryptographic algorithm used in European cellular telephones.

Access Control: a method of restricting access to resources, allowing only privileged entitles access.

Active attack: An attack which results in on unauthorized state change, such as the manipulation of files or the adding of unauthorized files or programs.

Active cheater: An attacker that is one of the parties involved in the protocol and disrupts the process in an attempt to cheat (PKCS #1 SS~ attack).

AES (Advanced Encryption Standard): NIST approved standards, assumed for next 20 - 30 years.

AH (Authentication Header): provides connectionless integrity, data origin authentication, and an optional anti-reply service for IPsec.

AKEP (Authentication Key Exchange Protocol): Key transport based on symmetric encryption allowing two parties to exchange a shared secret key, secure against passive adversaries.

Algorithm (encryption): A set of mathematical rules (logic) used in the processes of encryption and decryption.

Anonymity: of unknown or undeclared origin or authorship, concealing an entity’s identification.

Anonymous remailer: usually an Internet email service, in which you con send and receive email without knowing ifs origins (sender) or receiver.

ANSI (American National Standards Instituted): develops standards through various Accredited Standards Committees (ASC). X9 committee focuses on security standards for the financial services industry.

API (Application Programming Interface): provides the means to take advantage of software features, allowing dissimilar software products to interact upon one another.

ASN.1 (Abstract Syntax Notation One): ISO/IEC standard for encoding rules used in X.509 certificates, two types exist; DER (Distinguished Encoding Rules), BER (Basic Encoding Rules).

Asymmetric keys: a separate but integrated user key-pad comprised of one public-key and one private-key. Each key is one way, meaning that a key used to encrypt information cannot be used to decrypt the same data.

Authentication: to prove genuine by corroboration of the identity of an entity.

Authorization Certificate: an electronic document to prove one’s access or privilege rights; also to prove one is who they say they are.

Attack: An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures.

Audit trail: In computer security systems, a chronological record of system resource usage. This includes user login, file access, other various activities, and whether any actual or attempted security violations occurred, legitimate and unauthorized.

Authorization: to convey official sanction, access or legal power to an entity.

Back Door: A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with trap door; a hidden software or hardware mechanism used to circumvent security controls. A secret way to enter a computer or program that bypasses normal operating mode.

Birthday attack: Based on the statistical probability that finding two identical elements in a known finite space, the expected effort takes the square root of the key space number of steps. With only 23 people in a room, there is a better chance than even, that two have the same birthday.

Blind Signature: ability to sign documents without knowledge of content, similar to a notary public.

Block Cipher: a symmetric cipher operating on blocks of plaintext and cipher text, usually 64 bits.

Block-Hat hacker: A criminal or malicious hacker, opposite of a white hat hacker.

Blowfish: a 64-bit block symmetric cipher consisting of key expansion and data encryption. A fast, simple, and compact algorithm in the public domain written by Bruce Schneier.

Bomb: A general synonym for crash, normally of software or operating system failures.

Brute force attack: Typically a known-plaintext attack that exhausts all possible key or password combinations.

CA (Certificate Authority): a trusted third party (TIP) who creates certificates that consist of assertions on various attributes and binds them to an entity and or to their public key.

CAPI (Crypto API): Microsoft’s crypto API for Windows-based operating systems and applications.

Capstone: an NSA-developed cryptographic chip that implements a US government Key Escrow capability.

Carding: The act of generating and or creating phony credit cards or calling cards, usually by knowing something about the card numbering algorithm.

CAST: A 64-bit block cipher using 64-bit key, six S-boxes with 8-bit input and 32-bit output, developed in Canada by Carlisle Adams and Stafford Tavares. CAT (Common Authentication Technology): an IETF developed distributed security service for other security protocol callers.

CBC (Cipher Block Chaining): the process of having plaintext XORed with the previous cipher text block before it is encrypted, thus adding a feedback mechanism to a block cipher.

CDK (Crypto Developer Kit): a documented environment, including an API for third parties to write secure applications using a specific vendor’s cryptographic library.

CDSA(Common Data Security Architecture): Intel Architecture Labs (IAL) developed this framework to address the data security problems inherent to Internet and Intranet for use in Intel and others’ Internet products.

CERT (Computer Emergency Response Team): Security clearinghouse that promotes security awareness. CERT provides 24-hour technical assistance for computer and network security incidents. CERT is located at the Software Engineering Institute at Carnegie Mellon University in Pittsburgh, PA.

Certificate (digital certificate): An electronic document attached to a public key by a trusted third party, which provides proof that the public key belongs to a legitimate owner and has not been compromised.

Certification: endorsement of information by a trusted entity.

CFB (Cipher Feedback Mode): A block cipher that has been implemented as a self-synchronizing stream cipher.

CHAP (Challenge Handshake Authentication Protocol): a session-based, two-way password authentication scheme.

Chosen cipher text attack: A cryptanalytic attack by choosing known cipher text to be decrypted and have access to the decrypted plaintext. For example, having access to a tamperproof black box that does automatic decryption.

Chosen-key attack: The attacker does not possess the key, but only some knowledge about the relationship between different keys. This is an obscure and usually impractical attack.

Chosen-plaintext attack: A cryptanalytic attack having chosen the associated plaintext for several cipher text messages. A more powerful attack than known-plaintext, because more information can be obtained to help deduce the key.

Cipher text: the results of manipulating either characters or bits via substitution, transposition or cryptographic operations.

Cipher text-only attack: The cryptanalyst has the cipher text of several messages, all of which nave been encrypted using the same encryption algorithm. The attacker is trying to recover the plaintext message or key.

Clear text: characters in a human readable form or bits in a machine readable form (also called plaintext).

Confidentiality: the act of keeping something private and secret from all but those who are authorized to see it.

Cookie: a file or token of sorts, that is passed from the web server to the web client (browser) that is used to identify and could record personal information such as ID and password, mailing address, credit card number and other information.

Correlation attack: Combining the output of several stream cipher text sequences in some nonlinear manner. Thus revealing a correlation with the combined key stream and attacked using linear algebra.

Countermeasures: An active process that responds to an attack, putting up a defense or launching a retaliatory response.

CR1 (Certificate Revocation List): an online, up-to-date list of previously issued certificates that are no longer valid.

Crab: a 1024-byte block cipher (similar to MD5), using techniques from a one-way hash function, developed by Burt Kaliski and Mall Robshaw at RSA Laboratories.

Crack: A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to assess weak passwords by novice users in order to enhance the security.

Cracker: One who breaks into computer systems or accounts.

Cracking: The act of breaking into a computer system or account; what a cracker does. Contrary to widespread myth, this does not usually involve some mysterious leap of hacker brilliance, but rather persistence and the dogged repetition of a handful of fairly well-known tricks that exploit common weaknesses in the security of target systems.

Craming: A subtle scam used to get someone to change telephone long distance carriers without their knowledge.

Credentials: something that provides a basis for credit or confidence.

Cross-certification: two or more organizations or Certificate Authorities that share some level of trust.

Cryptanalysis:

1. The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data including clear text.
2. Operations performed in converting encrypted messages to plaintext without initial knowledge of the crypto-algorithm and/or key employed in the encryption. Data driven attack: A form of attack that is encoded in innocuous seeming data that is executed by a user or a process to implement an attack. A data driven attack is a concern for firewalls, since it may get through the firewall in data form and launch an attack against a system behind the firewall.

Cryptography: the art and science of creating messages that have some combination of being private, signed, unmodified, with non-repudiation.

Cryptosystem: a system comprised of cryptographic algorithms, all possible plaintext, cipher text, and keys.

Data Diddling: The act of intentionally entering false information into a system or modifying existing data. Also known as a darkside hacker.

Data Integrity: a method of ensuring information has not been altered by unauthorized or unknown means.

Data mining (warehousing): The act of collecting information to build a database or personal dossier.

Decryption: the process of turning cipher text back into plaintext.

Demon dialer (see war dialer): A program, which repeatedly calls the same telephone number. This is benign and legitimate for access to a BBS or malicious when used as a denial of service attack.

Denial of service: Action(s) that prevent any part of an information system from functioning in accordance with its intended purpose. Usually flooding a system to prevent it from servicing normal and legitimate requests.

Derf: Gaining physical access to a computer that is currently logged in by an absent minded individual.

DES (Data Encryption Standard): a 64-bit block cipher, symmetric algorithm also known as Data Encryption Algorithm (DEA) by ANSI and DEA-1 by ISO. Widely used for over 20 years, adopted in 1 976 as FIPS 46.

Dictionary Attack: a calculated brute-force attack to reveal a password by trying obvious and logical combinations of words.

Differential linear cryptanalysis: A relatively new attack that combines both differential and linear cryptanalysis.

Diffie-Hellman: the first public key algorithm, invented in 1 976, using discrete logarithms in a finite field.

Digital Cash: electronic money that stored and transferred through a variety of complex protocols.

Digital Signature: The digital equivalent of a written signature, providing cryptographic evidence that the original document is authentic unaltered, not forged and non-reputable, almost always using a public-key algorithm. Direct Trust: an establishment of peer-to-peer confidence.

Discrete Logarithm: the underlying mathematical problem used by asymmetric algorithms, like Diffie-Hellman and Elliptic Curve. It is the inverse problem of modular exponentiation, which is a one-way function.

DMS (Defense Message System): standards designed by the U.S. Department of Defense to provide a secure and reliable enterprise-wide messaging infrastructure for government and military agencies.

DNSSEC (Domain Name System Security Working Group): a proposed IETF draft that will specify enhancements to the DNS protocol to protect the DNS against unauthorized modification of data and against masquerading of data origin. It will add data integrity and authentication capabilities to the DNS via digital signatures.

DNS spoofing: Assuming the DNS name of another system by either corrupting the name service cache to a victim system, or by compromising a domain name server for a valid domain.

DSA (Digital Signature Algorithm): a public-key digital signature algorithm proposed by NIST for use in DSS.

DSS (Digital Signature Standard): a NIST proposed standard (FIPS) for digital signatures using DSA.

ECC (Elliptic Curve Cryptosystem): a unique method for creating public-key algorithms based on mathematical curves over finite fields or with large prime numbers.

EDI (Electronic Data Interchange): is the direct, standardized computer-to-computer exchange of business documents (purchase orders, invoices, payments, inventory analyses, and others) between an organization and its suppliers and customers.

EES (Escrowed Encryption Standard): a proposed U.S. government standard for escrowing private keys.

Electronic attack: The use of electromagnetic, directed energy, or anti-radiation weapons to attack personnel, facilities, or equipment with the intent of degrading, neutralizing, or destroying enemy combat capability. EA includes: actions taken to prevent or reduce an enemy’s effective use of the electromagnetic spectrum, such as jamming and electromagnetic deception and employment of weapons that use either electromagnetic or directed energy as their primary destructive mechanism (lasers, radio frequency, particle beams).

El Gamal Scheme: used for both digital signatures and encryption based on discrete logarithms in a finite field, can be used with the DSA function. Encryption: the process of disguising a message in such a way as to hide its substance.

Entropy: a mathematical measurement of the amount of uncertainty or randomness.

ES (End Station): a networking term that describes either the original source or final destination host machine.

ESP (Encapsulating Security Payload): a vehicle for access control based on distribution of cryptographic keys that provides data confidentiality and limited traffic flow confidentiality.

FEAL: a block cipher using 64-bit block and 64-bit key, design by A. Shimizu and S. Miyaguchi at NiT Japan.

FIN attack: Using the FINish flag within the TCP header to tear down a session or as a method of stealth scanning against ports.

FIPS (Federal Information Processing Standard): U.S. government standards published by NIST.

Firewall: a combination of hardware and software that protects the perimeter between the public and private network against certain attacks to ensure some degree of security.

Fork Bomb: (see Logic Bomb): Also known as Logic Bomb - Code that can be written in one line of code on any Unix system; used to recursively spawn copies of itself, “explodes” eventually eating all the process table entries and effectively locks up the system.

GAK (Government Access to Keys): a method for the government to escrow individuals’ private keys.

Gost: a 64-bit symmetric block cipher using a 256-bit key, developed in the former Soviet Union.

GSS-API (Generic Security Services API): IETF RFC 1 508 is a high level security API, which isolates session-oriented application code from implementation details.

Hacker: A person who enjoys exploring the details of computers and how to stretch their capabilities. A malicious or inquisitive meddler who tries to discover information by poking around. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary.

Hacking: Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network.

Hash: a one-way function - a function that produces a message digest that cannot be reversed to produce the original.

Hierarchical Trust: a graded series of entities that distribute trust in an organized fashion, commonly used in X509 issuing certifying authorities.

Hijacking (IP): An action whereby an active, established session is intercepted and co-opted by the unauthorized user. IP splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP splicing rely on encryption at the session or network layer.

IDEA (International Data Encryption Algorithm): a 64-bit block symmetric cipher using 1 28-bit keys based on mixing operations from different algebraic groups. Considered one of the strongest algorithms.

Identity Certificate: a signed statement which binds a key to the name of an individual and has the intended purpose of delegating authority from that named individual to the public key.

IETF (Internet Engineering Task Force): a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual.

IKE (Internet Key Exchange): a manual and automatic key exchange method combining ISA/KMP and Oakley Key Exchange, as described in IETF IPsec specification.

Indirection: Covering your tracks so that the target can not identify or prove who is attacking them.

Integrity: assurance that data is not modified (by unauthorized persons) during storage or transmittal.

Internet worm: A worm program that was unleashed on the Internet in 1988. Robert T. Morris wrote it as an experiment that got out of hand.

Intrusion detection: Pertaining to techniques, which attempt to detect intrusion into a computer or network by observation of actions, security, logs, or audit data. Detection of break-ins or attempts either manually or via software expert systems that operate on logs or other information available on the network.

IP spoofing: An attack whereby a system attempts to impersonate another system by using a false source IP address.

IPsec (Internet Protocol Security): an IETF standard for TCP/IP layer security that provides encryption, host authentication and data integrity.

IRA (Local Registration Agent): an entity appointed by a CA or RA to assist other entities in applying for certificates, revoking their certificates or both.

IS (Intermediate Station): a networking term that describes a network device (usually a router or firewall) that is in between ES or other IS devices.

ISA/KMP (Internet Security Association, Key MgI. Protocol): defines the procedures for authenticating a communicating peer, creation and management of Security Associations, key generation techniques, and threat mitigation (e.g., denial of service and replay attacks).

ISO (International Organization for Standardization): responsible for a wide range of standards, like the 051 model and international relationship with ANSI on X.509.

ITU-T (International Telecommunication Union-Telecommunication): formally the CCIII (Consultative Committee for International Telegraph and Telephone), a worldwide telecommunications technology standards organization.

Joe account: An account where the user name and password are the same.

KDC (Key Distribution Center): a trusted networked server that supplies session keys.

Kerberos: a trusted-third-party authentication protocol developed at MIT.

Key Escrow/Recovery: a mechanism that allows a third party to retrieve the cryptographic keys used for data confidentially, with the ultimate goal of recovery of encrypted data.

Key Exchange: a scheme for two or more nodes to transfer a secret session key across an unsecured channel.

Key Infrastructure): an IETF internet draft, (by Ellison, Frantz, Thomas) public key certificate format, associated signature and other formats, and key acquisition protocol. Recently merged with Rivest & Lampson’s SDSI proposal.

Key Length: the number of bits representing the key size; the longer the key, the stronger it is.

Key Management: the process and procedure for safely storing and distributing accurate cryptographic keys, the overall process of generating and distributing cryptographic key to authorized recipients in a secure manner.

Key Splitting: a process for dividing portions of a single key between multiple parties, none having the ability to reconstruct the whole key.

Key: a means of gaining or preventing access, possession, or control represented by any one of a large number of values.

Keystroke logger: A program that records everything a user enters via a keyboard.

Known-plaintext attack: The cryptanalyst has access not only to the cipher text of several messages, and also the plaintext. The challenge is to deduce the key or keys used to encrypt or an algorithm to decrypt any new messages encrypted with the same key or keys.

KTC (Key Translation Center): a trusted server that makes a key chosen by one party available to another party by re-encrypting (translating) it by a key shared with the requesting party.

LEAF (Law Enforcement Access Field): A controversial key escrow mechanism in the original EES/Clipper specifications where the sending chip would generate/send a copy of the current session key encrypted with a special “unit” key allowing any (authorized) government eavesdropper to recover the session key and decrypt the secure conversation.

Leaf Node: A person or entity that is being certified.

Leapfrog attack: Use of user-id and password information obtained illicitly from one host to compromise another host. The act of TELNETing through one or more hosts in order to preclude a trace (a standard cracker procedure).

Letterbomb: A piece of email containing live data intended to do malicious things to the recipient’s machine or terminal. Under UNIX, a letterbomb can also try to get part of its contents interpreted as a shell command to the mailer. The results of this could range from silly to denial of service.

Linear crypt analysis: An attack using linear approximations to describe the action of a block cipher. If you XOR some plaintext, XOR cipher text, then the results, you get a single bit that is the XOR of some of the key bits.

Logic Bomb: Also known as a Fork Bomb - A resident computer program which, when executed, checks for a particular condition or particular state of the system which, when satisfied, triggers the perpetration of an unauthorized act.

MAA (Message Authenticator Algorithm): an ISO standard that produces a 32-bit hash, designed for IBM mainframes.

MAC (Message Authentication Code): a key-dependent one-way hash function, requiring the use of the identical key to verify the hash.

Mail bomb: The mail sent to urge others to send massive amounts of email to a single system or person, with the intent to crash the recipient’s system. Mail bombing is widely regarded as a serious offense.

Malicious code: Hardware, software, of firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse.

Man-in-the-middle: An. active attack that typically is gaining information by sniffing or tapping a line between two unsuspecting parties.

MD2 (Message Digest 2): 1 28-bit one-way hash function designed by Ron Rivest, dependent on a random permutation of bytes.

MD4 (Message Digest 4): The predecessor of MD5, later found to be weak.

MD5 (Message Digest 5): 1 28-bit one-way hash function designed by Ron Rivest, very widely used.

Message Digest (also MD): A number that is derived from a message. Change a single character in the message and the message will have a different message digest.

MIC (Message Integrity Check): Same as Message Digest. Micalg (MIC algorithm) used to identify the MIC algorithm used in signing MIME Messages.

MIME (Multipurpose Internet Mail Extensions): a freely available set of specifications that offers a way to interchange text in languages with different character sets, and multi-media e-mail among many different computer systems that use Internet mail standards.

MMB (Modular Multiplication-based Block): based on IDEA, Joan Daemen developed this 1 28-bit key with a 1 28-bit block size symmetric algorithm, not used because of its susceptibility to linear Cryptanalysis.

MOSS (MIME Object Security Service): defined in RFC 1848, that facilitates encryption and signature services for MIME, including key management based on asymmetric techniques (not widely used).

MSP (Message Security Protocol): the military equivalent of PEM, an X.400-compatible application level protocol for securing e-mail, developed by the NSA in late 1 980. See also DM5.

MTI: one-pass key agreement protocol by Matsumoto, Takashima and lmai, that provides mutual-key authentication without key confirmation or entity authentication.

NAK attack: Negative Acknowledgment - A penetration technique which capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus, leaves the system in an unprotected state during such interrupts.

NAT (Network Address Translator): RFC 1 631, a router connecting two networks together one designated as inside, is addressed with either private or obsolete addresses that need to be converted into legal addresses before packets are forwarded onto the other network (designated as outside).

NetLOCK: the first end-to-end software product that addresses IP security, originally developed by Hughes Electronics in the early 1 990s.

NIST (National Institute for Standards and Technology): a division of the U.S. Dept. of Commerce that publishes open, interoperability standards called FIPS.

Non-repudiation: preventing the denial of previous commitments or actions.

NSA (National Security Agency): a United States cryptologic organization tasked with making and breaking codes and ciphers.

Oakley: The "OakleySession KeyExchange" provides a hybrid Diffie-Hellman session key exchange for use within the ISA/KMP framework. Oakley provides the important property of “Perfect Forward Secrecy.”

One-Time Pad: a large nonrepeating set of truly random key letters used for encryption, considered the only perfect encryption scheme, invented by Malor J. Mauborgne and G. Vernam in 1 91 7. Not widely used because key management is impractical.

One-Way function: a function of a variable string to create a fixed length value representing the original pre-image, also called message digest, fingerprint, message integrity check (MIC).

Orange Book: the National Computer Security Center book entitled “Department of Defense Trusted Computer Systems Evaluation Criteria” that defines security requirements.

OTP (One Time Password): an IEFF protocol to protect against replay attacks, a similar protocol to Bellcore S/Key

Packet sniffing: The act of monitoring the packets on a network segment to pick up useful information like logins and passwords. See also Sniffer.

PAP (Password Authentication Protocol): an authentication protocol that allows PPP peers to authenticate one another, does not prevent unauthorized access but merely identifies the remote end.

Passive attack: Attack, which does not result in on unauthorized state change, such as an attack that only monitors and/or records data.

Passphrase: an easy-to-remember phrase used for better security than a single password, key crunching converts it into a random key.

Password: a sequence of characters or word that a subject submits to a system for purposes of authentication, validation, or verification.

PCI (Private Communication Technology): Protocol developed by Microsoft and Visa for secure communications on the Internet.

PEM (Privacy Enhanced Mail): a protocol to provide secure internet mail, (RFC 1421-1424) including services for encryption, authentication, message integrity, and key management. PEM uses X.509 certificates. Perfect Forward Secrecy: a cryptosystem in which the cipher text yields no possible information about the plaintext, except possibly the length. PGP (Pretty Good Privacy): an application & protocol (RFC 1991) for secure email and file encryption developed by Phillip R. Limmermann, originally published as Freeware, the source code has always been available for public scrutiny. PGP uses a variety of algorithms, like IDEA, RSA, Diffie-Hellman, CAST, DSA, MD5, SHA-1 for providing encryption, authentication, message integrity, and key management. PGP is based on the “Web-of-Trust” model and has world-wide deployment.

Penetration: The successful unauthorized access to an automated system.

Perimeter security: The technique of securing a network by controlling access to all entry and exit points of the network. Usually associated with firewalls and/or filters.

PGP/MIME: an IETF standard (RFC 201 5) that provides privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC 1 847, currently deployed in PGP 5.0 and later.

Phage: A program that modifies other programs or databases in unauthorized ways; especially one that propagates a virus or Trojan horse.

PHF hack: The phf.cgi script which comes with some web servers as a diagnostic tool can be used by an attacker to run other commands at a privileged level.

Phracker: An individual who combines phone phreaking with computer hacking.

Phreaker: An individual fascinated by the telephone system. Commonly, an individual who uses his knowledge of the telephone system to make calls at the expense of another.

Piggyback attack: The gaining of unauthorized access to a system via another user’s legitimate connection.

Ping-of-Death: An attack using an echo request (ping) IP datagram with over 65,507 bytes of data (creating an illegal, oversized IP datagram). This buffer overflow causes some systems to crash or lock up.

PKCS (Public Key Crypto Standards): set of “dc facto” standards for public key cryptography developed in cooperation with an informal consortium (Apple, DEC, Lotus, Microsoft, MIT, RSA and Sun) that includes algorithm specific and algorithm independent implementation standards. Specifications defining message syntax and other protocols controlled by RSA Data Security Inc.

PKI (Public Key Infrastructure): a widely available and accessible certificate system for obtaining an entity’s public-key with some degree of certainty that you have the ‘right’ key and it has not been revoked. Plaintext (or clear text): the human readable data or message before it is encrypted.

Port scanning: see scanner.

Private Key: the privately held “secret” component of an integrated asymmetric key pair, often referred to as the decryption key.

Probe: Any effort to gather information about a machine or its users for the apparent purpose of gaining unauthorized access to the system at a later date.

Prowler: A daemon that is run periodically to seek out and erase core files, truncate administrative log files, nuke lost & found directories, and otherwise clean up.

Public Key: the publicly available component of an integrated asymmetric key pair often referred to as the encryption key.

RA (Registration Authority): responsible for authorizing entities or LRA, distinguished by unique names, as members of a security domain, this involves associated a user with specific key material. RAs work on behalf of the CA.

RADIUS (Remote Authentication Dial-In User Service): an IETF protocol (developed by Livingston, Enterprise), for distributed security that secures remote access to networks and network services against unauthorized access. RADIUS comprised of two pieces: authentication server code and client protocols.

Random Number: an important aspect to many cryptosystems, and a necessary element in generating a unique key(s) that are unpredictable to an adversary.

RC2 (Rivest Cipher 2): variable key size, 64-bit block symmetric cipher once a proprietary algorithm of RSA, Data Security Inc.

RC4 (Rivest Cipher 4): variable key size stream cipher once a proprietary algorithm of RSA Data Security, Inc.

RC5 (Rivest Cipher 5): a block cipher with a variety of parameters, block size, key size, and number of rounds.

REDOC: a US patented block cipher algorithm developed by M. Wood, using a 1 60-bit key and an 80-bit block.

Replicator: Any program that acts to produce copies of itself. Examples include; a program, a worm, a fork bomb or virus. It is even claimed by some that UNIX and C are the symbolic halves of an extremely successful replicator.

Retro-Virus: A retro-virus is a virus that waits until all possible backup media ore infected too, so that it is not possible to restore the system to an uninfected state.

Root kit: A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan Horse software.

Revocation: retraction of certification or authorization.

RFC (Request for Comment): the document series serving as the backbone for IETF work. Includes the FYI (informational) and STD (standard) subseries, as well as draft and proposed standards. No cryptographic protocol has yet achieved full IETF standards status. RFC’s are referenced by their RFC number.

RIPE-MD: an algorithm developed for the European Community’s RIPE project, designed to resist known cryptanalysis attacks and produce a 1 28/1 60-bit hash value, a variation of MD4.

Root: The highest level of access to a Unix computer.

ROT-i 3 (Rotation Cipher): a simple substitution (Caesar) cipher, rotating each 26 letters 1 3 places.

RSA: short for RSA Data Security, Inc.; or referring to: Ron Rivest, Adi Shami~ and Len Adleman; or to the algorithm they invented. The RSA algorithm is used in public-key cryptography and is based on the fact that it is easy to multiply two large prime numbers together, but hard to factor them out of the product.

Rubber-hose cryptanalysis: To threaten, blackmail or torture someone until they provide the password, passphrase or key. Also purchase-key attack

S/MIME (Secure Multipurpose Mail Extension): a proposed standard developed by a consortium of e-mail software vendors led by RSADSI, for encrypting and/or authenticating MIME data. S/MIME defines a format for the MIME data, the algorithms that must be used for interoperability (RSA, RC2, SHA-1), and the additional operational concerns such as X.509 certificates and transport over the Internet.

S/WAN (Secure Wide Area Network): RSA Data Security, Inc. driven specifications for implementing IPSEC to ensure interoperability among firewall and TCP/IP products. S/WAN’s goal is to use IPSEC to allow companies to mix-and-match firewall and TCP/IP stack products to build Internet-based Virtual Private Networks (VPNs).

SA (Security Association): a simplex (uni-directional) logical connection that specifies a security process through the use of AH and ESP.

SAFER (Secure And Fast Encryption Routine): a non-proprietary block cipher 64-bit key encryption algorithm. Not patented, available license free. Developed by Massey, who developed IDEA.

Salt: a random string that is concatenated with passwords before operated on by a one-way function; helps prevent against successful dictionary attacks.

SATAN: Security Administrator Tool for Analyzing Networks - A tool for remotely probing and identifying the vulnerabilities of systems on IP networks. A freeware program which helps to identify system security weaknesses.

S-Box: A nonlinear substitution function (thus “S-Box”) basic to block ciphers (eg. DES and CAST), where an input is XOR-ed and converted to an output (6 bits and 4 bits, respectively, in DES) and which provides the core of such ciphers’ security.

Scanner/port scanning: An information gathering method or tool in which all possible port numbers are accessed to determine which services are running or available on a host.

Script-Kiddie: A person who aspires to be a hacker/cracker but has very limited knowledge or skills related to information system. Usually associated with young teens that collect and use simple malicious programs obtained from the Internet.

SDSI (Simple Distributed Security Infrastructure): a new PKI proposal from Ronald L. Rivest (MIT), and Bufler Lampson (Microsoft). A means of defining groups and issuing group-membership, access-control lists and security policies. SDSI’s design emphasizes linked local name spaces rather than a hierarchical global name space. A proposed Public Key Infrastructure using 'authorization certificates'.

SEAL (Software-optimized Encryption Algorithm): A fast stream cipher for 32-bit machines designed by Rogaway and Coppersmith.

Secret Key: either the “private key” in public-key (asymmetric) algorithms or the “session key” in symmetric algorithms.

Secure Channel: a means of conveying information from one entity to another such that an adversary does not have the ability to reorder, delete, insert or read (SSL, IPSEC, whispering in someone’s ear).

Secure shell: A completely encrypted shell connection between two machines protected by a super long pass-phrase.

Self-Signed Key: a public-key that has been signed by the corresponding private key for proof of ownership.

SEPP (Secure Electronic Payment Protocol): Open specification for secure bank card transactions over the Internet. Developed by IBM, Netscape, GTE, Cybercash and MasterCard.

Sequence number: A number used to coordinate an upcoming TCP session. Has been guessed as part of a spoofing attack.

Sesame (Secure European System for Applications in a Multi-vendor Environment): European research and development project that extended Kerberos by adding authorization and access services.

Session hijacking: A sophisticated attack in which the attacker spoofs both ends of a TCP session in progress, thereby gaining unauthorized access to the session and system.

Session Key: The secret (symmetric) key used to encrypt each set of data on a transaction basis. A different session key is used for each communication session.

SET (Secure Electronic Transaction): provides for secure exchange of credit card numbers over the Internet.

SHA (Secure Hash Algorithm): the 1 994 revision to SHA, developed by NIST, (FIPS 1 80-i ) used with DSS produces a 1 60-bit hash, similar to MD4, very popular and is widely implemented.

Shell: A software layer that provides the interlace between a user and the operating system of a computer.

Shoulder surf: To look over someone’s shoulder to view a passphrase or pin to gain access at a later time.

Single Sign-On: one log-on provides access to all resources of the network, LAN, WAN, etc.

SKIP (Simple Key for IP): simple key-management for Internet protocols, developed by Sun Microsystems, Inc.

Skipjack: The 80-bit key encryption algorithm contained in NSA’s Clipper chip. The algorithm is classified; NSA will not release information on how it works. It has a backdoor feature for government access.

SKMP (Secure-Key Management Protocol): an IBM proposed key-recovery architecture that uses a key encapsulation technique to provide the key and message recovery to a trusted third-party escrow agent.

Slamming: The act of changing a telephone customer’s long distance service provider without their knowledge or permission.

Smart Cards: tamper-resistant hardware devices that store private keys and other sensitive information.

Smurfing: A denial of service attack in which an attacker spoofs the source address of an echo-request ICMP (ping) packet to the broadcast address for a network, causing the machines in the network to respond en masse to the victim thereby clogging its network.

SNAPI (Secure Network API): a Netscape driven API for security services that provide ways for resources to be protected against unauthorized users, for communication to be encrypted and authenticated, and for the integrity of information to be verified.

Snarf: To grab a large document or file for the purpose of using it with or without the author’s permission.

Sniffer/sniffing: A program running on a computer or device that’s attached to a network that filters, captures, and records network traffic, i.e. packets. Comes from a Network General (now Network Associates) protocol analyzer product known as Sniffer.

Spam: Unsolicited commercial email (UCE). The electronic mail equivalent of junk mail.

SPI (Security Parameter Index): the combination of destination address, a security protocol and an SPI uniquely identifies a security association (SA). SPKI (Simple Public

Spoofing: Pretending to be someone else. The deliberate inducement of a user or a resource to take an incorrect action. Attempt to gain access to a system by pretending to be an authorized user. Impersonating, masquerading, and mimicking are forms of spoofing.

SSH (Secure Shell): an IETF proposed protocol for securing the transport layer by providing encryption, cryptographic host authentication, and integrity protection.

SSH (Site Security Handbook): the Working Group (WG) of the Internet Engineering Task Force has been working since 1 994 to produce a pair of documents designed to educate the Internet community in the area of security: The first document is a complete reworking of RFC 1 244, and is targeted at system and network administrators, as well as decision makers (middle management).

SSL (Secure Socket Layer): developed by Netscape to provide security and privacy over the Internet. Supports server and client authentication and maintains the security and integrity of the transmission channel. Operates at the transport layer and mimics the “sockets library,” allowing it to be application independent. Encrypts the entire communication channel and does not support digital signatures at the message level.

SST (Secure Transaction Technology): a secure payment protocol developed by Microsoft and Visa as a companion to the PCT protocol.

Steganography: The practice of hiding secrets in otherwise normal looking data files, like JPEG pictures, etc.

Stream cipher: a class of symmetric-key encryption operating on the plaintext one byte (or one bit) at a time.

STU-III (Secure Telephone Unit): NSA designed telephone for secure voice and low-speed data communications for use by the US Dept. of Defense and their contractors.

Substitution cipher: the characters of the plaintext are substituted with other characters to form the cipher text.

Subversion: Occurs when an intruder modifies the operation of the intrusion detector to force false negatives to occur.

Symmetric algorithm: on encryption algorithm in which the same secret key is used for both encryption and decryption. Also known as conventional, secret-key and single-key algorithms. Block and stream ciphers are classes of symmetric algorithms.

SYN flood attack: When the SYN queue is flooded, no new connection can be opened.

TACACS+ (Terminal Access Controller Access Control System): a protocol that provides remote access authentication, authorization, and related accounting and logging services, used by Cisco Systems.

Threat: The means through which the ability or intent of a threat agent to adversely affect an automated system, facility, or operation con be manifest. A potential violation of security.

Timestamping: recording the time of creation or existence of information.

TIS (Transport Layer Security): on IETF draft, version 1 is based on the Secure Sockets Layer (SSL) version 3.0 protocol, and provides communications privacy over the Internet.

TLSP (Transport Layer Security Protocol): ISO 1 0736, draft international standard.

Traffic analysis: Monitoring data or encrypted data to or from a specific target to learn patterns.

Transport-Mode IPsec: an end-to-end secure connection, from source to destination (ES-to-ES).

Transposition cipher: the plain text remains the same but the order of the characters is transposed.

Triple DES: an encryption configuration in which the DES algorithm is used three times with three different keys.

Tripwire: A software tool that generates one way hash signatures of sensitive files which are used to detect tampering or alteration.

Trojan Horse: An apparently useful and innocent program containing additional hidden code which allows the unauthorized collection, exploitation, faIsification, or destruction of data.

Trust: a firm belief or confidence in the honesty, integrity, justice, reliability, etc., of a person, company, and so forth.

TTP (Trusted Third-Party): a responsible party in which all participants involved agree upon in advance to provide a service or function, such as certification, by binding a public-key to an entity, time-stamping, or key-escrow.

TTY watcher: A hacker tool that allows hackers with even a small amount of skill to hijack terminals. It has a GUI interface.

Tunnel-Mode IPsec: a secure connection between an end station (ES) and an Intermediate Station (IS), or between two IS devices, also known as a VPN.

UEPS (Universal Electronic Payment System): a smart-card (secure debit-card) based banking application developed for South Africa where poor telephones make on-line verification impossible.

Validation: a means to provide timeliness of authorization to use or manipulate information or resources.

Verification: to authenticate, confirm or to establish accuracy.

Virus: A program that can “infect” other programs by modifying them to include a, possibly evolved, copy of itself.

VPN (Virtual Private Network): allows private networks to span from the end-user across a public network (Internet) directly to the corporate Gateway, Firewall, or router.

W3C (World Wide Web Consortium): an international industry consortium founded in 1 994 to develop common protocols for the evolution of the World Wide Web.

WAKE (Word Auto Key Encryption): produces a stream of 32-bit words, which can be XORed with plaintext stream to produce cipher text, invented by David Wheeler.

Wannabe hacker: A novice hacker, see Script-Kiddie.

War dialer: A program that will automatically dial a range of telephone number looking for a modem/computer to answer. A program that dials a given list or range of numbers and records those, which answer with handshake tones, which might be entry, points to computer or telecommunications systems.

Web of Trust: a distributed trust model used by PGP to validate the ownership of a public key where the level of trust is cumulative, based on the individuals knowledge of the ‘introducers’.

White Hat Hacker: One who usually does not break into unauthorized systems, but they do sometimes write the tools that get used by the novices and block hat hackers.

Whitemail: The dissemination of false information for financial gain via email.

Worm: Independent program that replicates from machine to machine across network connections often clogging networks and information systems as it spreads.

X.509v3: an ITU-T digital certificate that is an internationally recognized electronic document used to prove identity and public key ownership over a communication network. It contains the issuer’s name, the user’s identifying information, and the issuer’s digital signature, as well as other possible extensions in version 3.

XOR (eXclusive Or opeRation): exclusive-or operation, a mathematical way to represent differences.

Zeroed: the degaussing, erasing or overwriting of electronically stored data.