Information Security CH 8

encapsulating security payload (ESP) protocol

In IPSec, a protocol that provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification

application header (AH) protocol

In IPSec, a protocol that provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication

registration authority (RA)

In PKI, a third party that operates under the trusted collaboration of the certificate authority and handles day-to-day certification functions.

exclusive OR operation (XOR)

a function within Boolean algebra used as an encryption function in which two bits are compared. If the two bits are identical, the result is a binary 0; otherwise, the result is a binary 1.

DIffie-Hellman key exchange

a hybrid cryptosystem that facilitates exchanging private keys using public-key encryption

secret key

a key that can be used in symmetric encryption both to encipher and decipher the message

message authentication code (MAC)

a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest

Secure Electronic Transactions (SET)

a protocol developed by credit card companies to protect against electronic payment fraud

Secure Multipurpose Internet Mail Extensions (S/MIME)

a security protocol that builds on the encoding formation of the MIME protocol and uses digital signatures based on public-key cryptosystems to secure e-mail

link encryption

a series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then reencrypts the message using different keys and send it to the next neighbor

Secure Hash Standard (SHS)

a standard issued by the National Institute of Standards and Technology (NIST) that specifics secure algorithms, such as SHA-1, for computing a condensed representation of a message or data file.

Privacy-Enhanced Mail (PEM)

a standard proposed by the Internet Engineering Task Force (IETF) that uses 3DES symmetric key encryption and RSA for key exchange and digital signatures

polyalphabetic substitution

a substitution cipher that incorporates two or more alphabets in the encryption process

monoalphabetic substitution

a substitution cipher that only incorporates a single alphabet in the encryption process

message digest

a value representing the application of a hash algorithm on a message that is transmitted with the message so it can be compared with the recipient's locally calculated hash of the same message. If both hashes are identical after transmission, the message has arrived without modification.

transposition cipher

also known as a permutation cipher, an encryption method that involves simply rearranging the values within a block based on an established pattern to create the ciphertext

key

also known as cryptovariable, the information used in conjunction with an algorithm to create the ciphertext from plaintext or derive the plaintext from ciphertext

transport mode

an IPSec mode in which only the IP data is encrypted, not the IP headers

Vigenere cipher

an advanced type of substitution cipher that uses a simple polyalphabetic code

substitution cipher

an encryption method in which one value is substituted for another

cipher

an encryption method or process encompassing the algorithm, key and procedures used to perform encryption and decryption

asymmetric encryption

an encryption method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. Either key can be used to encrypt a message, but then the other key is required to decrypt it.

symmetric encryption

an encryption method that incorporates mathematical operations involving the same secret key both to encipher and decipher the message

block cipher

an encryption method that involves converting plaintext into blocks or sets of bits and then converting the plaintext to ciphertext one block at a time

bit stream cipher

an encryption method that involves converting plaintext to ciphertext one bit at a time

Vernam cipher

an encryption process that generates a random substitution matrix between letters and numbers that is used only one time. Also called a one-time pad.

Secure HTTP (S-HTTP)

an extended version of Hypertext Transfer Protocol that provides for encryption of protected Web pages transmitted via the Internet between a client and server

public key infrastructure (PKI)

an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates

Internet Protocol Security (IPSec)

an open-source protocol framework for security development within the TCP/IP family of protocol standards

digital signatures

encrypted message components that can be mathematically proven as authentic

certificate revocation list (CRL)

in PKI, a published of revoked or terminated digital certificates

certificate authority (CA)

in PKI, a third party that manages users' digital certificates

Secure Sockets Layer (SSL)

A security protocol developed by Netscape to use public-key encryption to secure a channel over the internet

tunnel mode

An IPSec mode in which the entire IP packet is encrypted and then placed into the content portion of another IP packet

session keys

limited-use smmetric keys for temporary communications during an online session

hash functions

mathematical algorithms that generate a message summary or digest to confirm message identity and integrity

hash algorithms

public functions that create a hash value, also known as a message digest, by converting variable length messages into a single fixed-length value

digital certificates

public-key container files that allow PKI system components and end users to validate a public key and identify its owner

digital signature standard (DSS)

the NIST standard for digial signature algorithm usage by federal information systems

work factor

the amount of effort required to perform cryptanalysis to decode an encrypted message when the key, the algorithm, or both are unknown

advanced encryption standard (AES)

the current federal standard for the encryption of data, as specified by NIST. AES is based on the Rijndael algorithm, which was developed by Vincent Rijmen and Joan Daemen.

ciphertext or cyptogram

the encoded message resulting from encryption

keyspace

the entire range of values that can be used to construct an individual key

steganography

the hiding of messages, within the digital encoding of a picture or graphic

plaintext

the original unencrypted message, or a message that has been successfully decrypted

code

the process of converting components of an unencrypted message into encrypted

cryptography

the process of making and using codes to secure the transmission of information

cryptanalysis

the process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption

nonrepudiation

the process of reversing public-key encryption to verify that a message was sent by the sender and thus cannot be refuted

cryptology

the science of encryption, which encompasses cryptanalysis and cryptography

algorithm

the steps used to convert an unencrypted message into an encrypted sequence of bits that represent the messsage

decipher

to decrypt, decode, or convert ciphertext into the equivalent plaintext

encipher

to encrypt, encode, or convert plaintext into the equivalent ciphertext