Intro to Security, Chp 8
Digital Signatures
Encrypted message components that can be mathematically proven as authentic
Application Header Protocol
In IPSEC, a protocol that provides system to system authentication and data integrity verification, but does not provide secrecy for the content of a network communications
Certificate Revocation List
In PKI, a published list of revoked or terminated digital certificates
Certificate Authority
In PKI, a third party that manages users' digital certificates
Registration Authority
In PKI, a third party that operates under the trusted collaboration of the certificates authority and handles day to day certification functions
Session Keys
Limited-use symmetric keys for temporary communications during an online session
Hash Functions
Mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity
Hash Algorithms
Public functions that create a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value
Digital Certificates
Public-key container files that allow PKI system components and end users to validate a public key and identify its owner
Digital Signature Standard
The NIST standard for digital signature algorithm usage by federal information systems. DSS is based on a variant of the El Gamal signature scheme
Advanced Encryption Standard
The current federal standard for the encryption of data, at specified by NIST. AES is based on the Rijndael algorithm, which developed by Vincent Rijmen and Joan Daemen
Cryptography
The process of making and using codes to secure the transmission of information
Cryptanalysis
The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption
Nonrepudiation
The process of reversing public-key encryption to verify that a message was sent by the sender and this cannot be refuted
Cryptology
The science of encryption, which encompasses cryptography and cryptanlysis
Encapsulating Security Payload Protocol
in IPsec, a protocol that provides secrecy for the contents of network communications as well as system to system authentication and data integrity verification
Steganography
A data hiding method that involves embedding information within other files, such as digital pictures or other images
Exclusive OR Operation
A function within Boolean algebra used as an encryption function in which two bits are compared. If the two bits are identical, the result is a binary 0; otherwise, the result is a binary 1
Diffie-Hellman Key Exchange
A hybrid that facilitates exchanging private keys using public-key encryption
Message Authentication Code
A key dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest
Secret Key
A key that can be used in symmetric encryption both to encipher and decipher the message
Secure Electronic Transactions
A protocol developed by credit card companies to protect against electronic payment fraud
Secure Sockets Layer
A security protocol developed by Netscape to use public-key encryption to secure a channel over the Internet
Secure Multipurpose Internet Mail Extensions
A security protocol that builds on the encoding format of the MIME protocol and uses digital signatures based on public-key cryptosystems to secure e-mail
Secure Hash Standard
A standard issued by the National Institute of Standards and Technology that specifies secure algorithms, such as SHA-1, for computing a condensed representative of a message or data file
Privacy-Enhanced Mail
A standard proposed by the Internet Engineering Task Force that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures
polyalphabetic Substitution
A substitution cipher that incorporates two or more alphabets in the encryption process
Monoalphabetic Substitution
A substitution cipher that only incorporates a single alphabet in the encryption process
Message Digest
A value representing the application of a hash algorithm on a message that is transmitted with the message so it can be compared with the recipient's locally calculated hash of the same message. If both hashes are identical after transmission, the message has arrived without modification. Also known as a hash value
Transposition cipher
Also known as a permutation cipher, an encryption method that involves simply rearranging the values within a block based on an established pattern to create the ciphertext
Transport Mode
An IPsec mode in which only the IP data is encrypted, not he IP headers
Tunnel Mode
An IPsec mode in which the entire IP packet is encrypted and then placed into the content portion of another IP packet
Vigenere Cipher
An advanced type of substitution cipher that uses a simple polyalphabetic code
Substitution Cipher
An encryption method in which one value is substituted for another
Asymmetric Encryption
An encryption method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message. Either key can be used to encrypt a message, but then the other key is required to decrypt it.
Private Key Encryption or Symmetric Encryption
An encryption method that incorporates mathematical operations involving the same secret key both to encipher and decipher the message
Vernam Cipher
An encryption process that generates a random substitution matrix between letters and numbers that is used only one time. Also called a one-time pad.
Secure HTTP
An extended version of HTTP that provides for the encryption of protected Web pages transmitted via the Internet between a client and server
Public Key Infrastructure
An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates
Internet Protocol Security
An open-source protocol framework for security development within the TCP/IP family of protocol standards
