SEC - 160 Security Administration I Chapter 8 Cryptography
A standard proposed by the Internet Engineering Task Force (IETF) that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures.
Privacy-Enhanced Mail (PEM)
A standard issued by the National Institute of Standards and Technology (NIST) that specifies secure algorithms, such as SHA-1, for computing a condensed representation of a message or data file.
Secure Hash Standard (SHS)
A security protocol that builds on the encoding format of the Multipurpose Internet Mail Extensions (MIME) protocol and uses digital signatures based on public-key crypto systems to secure e-mail.
Secure Multipurpose Internet Mail Extensions (S/MIME)
A security protocol developed by Netscape to use public-key encryption to secure a channel over the Internet.
Secure Sockets Layer (SSL)
See message digest.
hash value
The current federal standard for the encryption of data, as specified by NIST. AES is based on the Rijndael algorithm, which was developed by Vincent Rihmen and Joan Daemen.
Advanced Encryption Standard (AES)
A cryptographic technique developed at AT&T and known as the "one-time pad," this cipher uses a set of characters for encryption operations only one time and then discards it.
Vernam cipher
An advanced type of substitution cipher that uses a simple polyalphabetic code.
Vigenere cipher
A key that can be used in symmetric encryption both to encipher and decipher the message.
secret key
A hybrid cryptosystem that facilitates exchanging private keys using public-key encryption.
Diffie-Hellman key exchange
The NIST standard for digital signature algorithm usage by federal information systems. DSS is based on a variant of the ElGamal signature scheme.
Digital Signature Standard (DSS)
The primary and now dominant cryptographic authentication and encryption product of the IETF's IP Protocol Security Working Group. A framework for security development within the TCP/IP family of protocol standards, IPSec provides application support for all uses within TCP/IP, including virtual private networks.
IP Security (IPSec)
A protocol developed by credit card companies to protect against electronic payment fraud.
Secure Electronic Transactions (SET)
An extended version of Hypertext Transfer Protocol that provides for the encryption of protected Web pages transmitted via the Internet between a client and server.
Secure HTTP (S-HTTP)
In IPSec, a protocol that provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication.
application header (AH) protocol
A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. Either key can be used to encrypt a message, but then the other key is required to decrypt it.
asymmetric encryption
In PKI, a third party that manages users' digital certificates.
certificate authority (CA)
In PKI, a published list of revoked or terminated digital certificates.
certificate revocation list (CRL)
The process of obtaining the plaintext message from a cipher text message without knowing the keys used to perform the encryption.
cryptanalysis
The process of making and using codes to secure information
cryptography
The field of science that encompasses cryptography and cryptanalysis.
cryptology
Public-key container files that allow PKI system components and end users to validate a public key and identify its owner.
digital certificates
Encrypted message components that can be mathematically proven as authentic.
digital signatures
In IPSec, a protocol that provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification.
encapsulating security payload (ESP) protocol
A function within Boolean algebra used as an encryption function in which two bits are compared. If the two bits are identical, the result is a binary 0; otherwise, the result if a binary 1.
exclusive OR operation (XOR)
Public functions that create a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value.
hash algorithms
Mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity.
hash functions
A key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
message authentication code (MAC)
A value representing the application of a hash algorithm on a message that is transmitted with the message so it can be compared with the recipient's locally calculated hash of the same message. If both hashes are identical after transmission, the message has arrived without modification. Also known as a hash value.
message digest
A substitution cipher that only incorporates a single alphabet in the encryption process.
monoalphabetic substitution
The process of reversing public-key encryption to verify that a message was sent by the sender and thus cannot be refuted.
nonrepudiation
See transposition cipher
permutation cipher
A substitution cipher that incorporates two or more alphabets in the encryption process.
polyalphabetic substitution
See symmetric encryption
private-key encryption
An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates.
public key infrastructure (PKI)
See asymmetric encryption
public-key encryption
In PKI, a third-party that operates under the trusted collaboration of the certificate authority and handles day-to-day certification functions.
registration authority (RA)
Limited-use symmetric keys for temporary communications during an online session.
session keys
The process of hiding messages; for example, hiding a message within the digital encoding of a picture or graphic so that it is almost impossible to detect that the hidden message even exists.
steganography
An encryption method in which one value is substituted for another.
substitution cipher
A cryptographic method in which the same algorithm and secret key are used both to encipher and decipher the message.
symmetric encryption
In IPSec, an encryption method in which only a packet's IP data is encrypted, not the IP headers themselves; this method allows intermediate nodes to read the source and destination addresses.
transport mode
A cryptographic operation that involves simply rearranging the values within a block based on an established pattern. Also known as a permutation cipher.
transposition cipher
In IPSec, an encryption method in which the entire IP packet is encrypted and inserted as the payload in another IP packet. This requires other systems at the beginning and end of the tunnel to act as proxies to send and receive the encrypted packets and then transmit the packets to their ultimate destination.
tunnel mode