Final ~ Terms
The current federal standard for the encryption of data, as specified by NIST. AES is based on the Rijndael algorithm, which was developed by Vincent Rijmen and Joan Daemen.
Advanced Encryption Standard (AES)
The mathematical formula or method used to convert an unencrypted message into an encrypted message.
Algorithm:
An encryption method that involves converting plaintext to cipher-text one bit at a time.
Bit stream cipher
An encryption method that involves dividing the plaintext into blocks or sets of bits and then converting the plaintext to ciphertext one block at a time.
Block cipher
__________ is a de facto industry standard for short-range wireless communications between devices.
Bluetooth
When used as a verb, the transformation of the individual components (characters, bytes, or bits) of an unencrypted message into encrypted components or vice versa (see decipher and encipher); when used as a noun, the process of encryption or the algorithm used in encryption,
Cipher
The unintelligible encrypted or encoded message resulting from an encryption.
Ciphertext or cryptogram
The process of converting components (words or phrases) of an unencrypted message into encrypted components.
Code
The process of converting an encoded or enciphered message (ciphertext) back to its original readable form (plaintext).
Decryption
A hybrid cryptosystem that facilitates exchanging private keys using public-key encryption.
Diffie-Hellman key exchange
The NIST standard for digital signature algorithm usage by federal information systems. DSS is based on a variant of the EIGamal signature scheme.
Digital Signature Standard (DSS)
The process of converting an original message (plaintext) into a form that cannot be used by unauthorized individuals (ciphertext).
Encryption
The primary and now dominant cryptographic authentication and encryption product of the IETF's IP Protocol Security Working Group. A framework for security development within the TCP/IP family of protocol standards, IPSec provides application support for all uses within TCP/IP, including virtual private networks.
IP Security (IPSec)
The information used in conjunction with the algorithm to create the ciphertext from the plaintext; it can be a series of bits used in a mathematical algorithm or the knowledge of how to manipulate the plaintext.
Key or cryptovariable
__________ extends the key with the salt value, but then deletes the salt value.
Key strengthening
involves repeating the hashing algorithm up to several thousand times to continuously inject the password, salt value, and interim hash results back into the process.
Key stretching
The entire range of values that can be used to construct an individual key.
Keyspace
A series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then reencrypts the message using different keys and sends it to the next neighbor.
Link encryption
The original unencrypted message that is encrypted and is the result of successful decryption.
Plaintext or cleartext
A standard proposed by the Internet Engineering Task Force (IETF) that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures.
Privacy-Enhanced Mail (PEM)
A protocol developed by credit card companies to protect against electronic payment fraud.
Secure Electronic Transactions (SET)
An extended version of Hypertext Transfer Protocol that provides for the encryption of protected Web pages transmitted via the Internet between a client and server.
Secure HTTP (S-HTTP)
A standard issued by the National Institute of Standards and Technology (NIST) that specifies secure algorithms, such as SHA-1, for computing a condensed representation of a message or data file.
Secure Hash Standard (SHS)
A security protocol that builds on the encoding format of the Multipurpose Internet Mail Extensions (MIME) protocol and uses digital signatures based on public-key cryptosystems to secure e-mail.
Secure Multipurpose Internet Mail Extensions (S/MIME)
A security protocol developed by Netscape to use public-key encryption to secure a channel over the Internet.
Secure Sockets Layer (SSL)
The process of hiding messages; for example, hiding a message within the digital encoding of a picture or graphic so that it is almost impossible to detect that the hidden message even exists.
Steganography
A cryptographic technique developed at AT&T and known as the "one-time pad," this cipher uses a set of characters for encryption operations only one time and then discards it.
Vernam cipher
An advanced type of substitution cipher that uses a simple polyalphabetic code.
Vigenère cipher
__________ was created to resolve the issues with WEP.
WPA
The amount of effort (usually expressed in units of time) required to perform cryptanalysis on an encoded message.
Work factor
A fire detection sensor used in high-sensitivity areas that works by taking in air, filtering it, and passing it through a chamber that contains a laser beam. The alarm triggers if the beam is broken.
air-aspirating detector
In IPSec, a protocol that provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication.
application header (AH) protocol
A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. Either key can be used to encrypt a message, but then the other key is required to decrypt it.
asymmetric encryption or public-key encryption
An identification card typically worn in a visible location to quickly verify an authorized member. The badge may or may not show the wearer's name.
badge
A lock that reads a unique biological attribute such as a fingerprint, iris, retina, or palm and then uses that input as a key.
biometric lock
In the _________ method, each bit in the plaintext is transformed into a cipher bit one bit at a time.
bit stream
In the __________ method, the message is divided into blocks—for example, sets of 8-, 16-, 32-, or 64-bit blocks—and then each block of plaintext bits is transformed into an encrypted block of cipher bits using an algorithm and a key.
block cipher
In a __________, the ciphertext consists of a list of codes representing the page number, line number, and word number of the plaintext word.
book cipher
In PKI, a third party that manages users' digital certificates.
certificate authority (CA)
In PKI, a published list of revoked or terminated digital certificates.
certificate revocation list (CRL)
A fire suppression agent that does not leave any residue after use or interfere with the operation of electrical or electronic equipment.
clean agent
A video capture and recording system used to monitor a facility.
closed-circuit television (CCT)
An alarm sensor designed to detect increased pressure or contact at a specific location, such as a floor pad or a window.
contact and weight sensor
The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption.
cryptanalysis
The process of making and using codes to secure information.
cryptography
The field of science that encompasses cryptography and cryptanalysis.
cryptology
A fire suppression sprinkler system that keeps all individual sprinkler heads open and applies water to all areas when activated.
deluge system
Public-key container files that allow PKI system components and end users to validate a public key and identify its owner.
digital certificates
Encrypted message components that can be mathematically proven as authentic.
digital signatures
A fire suppression sprinkler system that has pressurized air in all pipes. The air is released in the event of a fire, allowing water to flow from a central area.
dry-pipe system
A lock that can accept a variety of inputs as keys, including magnetic strips on ID cards, radio signals from badges, personal identification numbers (PINs) typed into a keypad, or some combination of these to activate an electrically powered locking mechanism.
electromechanical lock
The release of ambient static electricity into a ground.
electrostatic discharge (ESD)
In IPSec, a protocol that provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification.
encapsulating security payload (ESP) protocol
A function within Boolean algebra used as an encryption function in which two bits are compared. If the two bits are identical, the result is a binary 0; otherwise, the result is a binary 1.
exclusive OR operation (XOR)
The aspect of organizational management focused on the development and maintenance of its buildings and physical infrastructure.
facilities management
An electromechanical device that automatically releases the lock protecting a control point if a power outage occurs. This type of lock is used for fire safety locations.
fail-safe lock
An electromechanical device that stays locked and maintains the security of the control point if a power outage occurs.
fail-secure lock
Devices that are installed and maintained to detect and respond to a fire, potential fire, or combustion danger.
fire suppression systems
A fire detection sensor that works by detecting the point at which the ambient temperature in an area reaches a predetermined level.
fixed-temperature sensor
A fire detection system that works by detecting the infrared or ultraviolet light produced by an open flame.
flame detector
Fire suppression systems that operate through the delivery of gases rather than water.
gaseous (or chemical gas) emission systems
Public functions that create a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value.
hash algorithms
Mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity.
hash functions
The amount of moisture in the air.
humidity
A document used to verify the identity of a member of an organization, group, or domain.
identification (ID) card
A fire detection sensor that works by exposing the ambient air to a small amount of a harmless radioactive material within a detection chamber; an alarm is triggered when the level of electrical conductivity changes within the chamber.
ionization sensor
__________ uses a book for passing the key to a cipher that is similar to the Vigenère cipher.
key cipher
A small room or enclosure with separate entry and exit points, designed to restrain a person who fails an access authorization attempt.
mantrap
A physical lock that may rely on either a key or numerical combination to rotate tumblers and release the hasp. Also known as a manual lock.
mechanical lock
A key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
message authentication code (MAC)
A value representing the application of a hash algorithm on a message that is transmitted with the message so it can be compared with the recipient's locally calculated hash of the same message.
message digest
A substitution cipher that only incorporates a single alphabet in the encryption process.
monoalphabetic substitution
An alarm sensor designed to detect movement within a defined space.
motion detector
The process of reversing public-key encryption to verify that a message was sent by the sender and thus cannot be refuted.
nonrepudiation
The primary challenge of symmetric key encryption is getting the key to the receiver, a process that must be conducted The primary challenge of symmetric key encryption is getting the key to the receiver, a process that must be conducted __________ to avoid interception. to avoid interception.
out of band
__________ is the process of providing a random piece of data to the hashing function when the hash is first calculated.
password hash salting
A fire detection sensor that works by projecting an infrared beam across an area. If the beam is interrupted, presumably by smoke, the alarm or suppression system is activated.
photoelectric sensor
The protection of physical items, objects, or areas from unauthorized access and misuse.
physical security
A space between the ceiling in one level of a commercial building and the floor of the level above. The plenum is used for air return.
plenum
A substitution cipher that incorporates two or more alphabets in the encryption process.
polyalphabetic substitution
A fire suppression sprinkler system that employs a two-phase response to a fire. When a fire is detected anywhere in the facility, the system will first flood all pipes, then activate only the sprinkler heads in the area of the fire.
pre-action system
A cryptographic method in which the same algorithm and secret key are used both to encipher and decipher the message.
private-key encryption or symmetric encryption
An electronic signal receiver used with an electromechanical lock that allows users to place their cards within the reader's range and release the locking mechanism.
proximity reader
An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates.
public key infrastructure (PKI)
A fire detection sensor that works by detecting an unusually rapid increase in the area temperature within a relatively short period of time.
rate-of-rise sensor
In PKI, a third party that operates under the trusted collaboration of the certificate authority and handles day-to-day certification functions.
registration authority (RA)
A key that can be used in symmetric encryption both to encipher and decipher the message.
secret key
A physical location that has controls in place to minimize the risk of attacks from physical threats.
secure facility
Limited-use symmetric keys for temporary communications during an online session.
session keys
A category of fire detection systems that focuses on detecting the smoke from a fire.
smoke detection system
A fire suppression system designed to apply a liquid, usually water, to all areas in which a fire has been detected.
sprinkler system
An imbalance of electrical charges in the atmosphere or on the surface of a material, caused by triboelectrification.
static electricity
An encryption method in which one value is substituted for another.
substitution cipher
The process of gaining unauthorized entry into a facility by closely following another person through an entrance and using the credentials of the authorized person to bypass a control point.
tailgating
The __________ is not strictly an encryption cipher, but more of an example of steganography.
template cipher or perforated page cipher
A category of fire detection systems that focuses on detecting the heat from a fire.
thermal detection system
An alarm sensor designed to detect a defined rate of change in the ambient temperature within a defined space.
thermal detector
In IPSec, an encryption method in which only a packet's IP data is encrypted, not the IP headers themselves; this method allows intermediate nodes to read the source and destination addresses.
transport mode
A cryptographic operation that involves simply rearranging the values within a block based on an established pattern.
transposition cipher or permutation cipher
The exchange of electrons between two materials when they make contact, resulting in one object becoming more positively charged and the other more negatively charged.
triboelectrification
In IPSec, an encryption method in which the entire IP packet is encrypted and inserted as the payload in another IP packet. This requires other systems at the beginning and end of the tunnel to act as proxies to send and receive the encrypted packets and then transmit the packets to their ultimate destination.
tunnel mode
An alarm sensor designed to detect movement of the sensor rather than movement in the environment.
vibration sensor
A fire suppression sprinkler system that relies on ultra-fine mists to reduce the ambient temperature below that needed to sustain a flame.
water mist sprinkler
A fire suppression sprinkler system that contains pressurized water in all pipes and has some form of valve in each protected area.
wet-pipe system