SRA Chapter 10 Terms
Secure Sockets Layer (SSL)
A security protocol developed by Netscape to use public-key encryption to secure a channel over the Internet
tunnel mode
In IPSec, an encryption method in which only a packet's IP data is encrypted, not the IP headers themselves
transport mode
In IPSec, an encryption method in which only a packet's IP data is encryption, not the IP headers themselves
certificate revocation list (CRL)
In PKI, a published list of revoked or terminated digital certificates
certificate authority (CA)
In PKI, a third party that manages users' digital certificates
registration authority (RA)
In PKI, a third party that operates under the trusted collaboration of the certificate authority and handles day-to-day certification functions
session keys
Limited-use symmetric keys for temporary communication during an online session
digital certificates
Public-key container files that allow PKI system components and end users to validate a public key and identify its owner
steganography
The process of hiding messages
symmetric/private-key encryption
a cryptographic method in which the same algorithm and secret key are used both to encipher and decipher the message
asymmetric encryption/public-key encryption
a cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message
transposition cipher/permutation
a cryptographic operation that involves simple rearranging the values within a block based on an established pattern
Vernam cipher
a cryptographic technique developed at AT&T and known as the "one-time pad," this cipher uses a set of characters for encryption operations only once and then discards it
exclusive OR operation (XOR)
a function within Boolean algebra used as an encryption function in which two bits are compared; identical bits result in a binary 0 while different bits result in a binary 1
Diffie-Hellman key exchange
a hybrid cryptosystem that facilitates exchanging private keys using public-key encryption
secret key
a key that can be used in symmetric encryption both to encipher and decipher the message
message authentication code (MAC)
a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest
Secure Electronic Transactions (SET)
a protocol developed by credit card companies to protect against electronic payment fraud
Secure/Multipurpose Internet Mail Extensions (S/MIME)
a security protocol that builds on the encoding format of the Multipurpose Internet Mail Extensions (MIME) protocol and uses digital signatures based on public-key cryptosystems to secure e-mail
Secure Hash Standard (SHS)
a standard issued by the National Institute of Standards and Technology (NIST) that specifies secure algorithms, such as SHA-1, for computing a condensed representation of a message or data file
Privacy-Enhanced Mail (PEM)
a standard proposed by the IETF that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures
monoalphabetic substitution
a substitution cipher that incorporates a single alphabet in the encryption process
polyalphabetic substitution
a substitution cipher that incorporates two or more alphabets in the encryption process
hash value/message digest
a value representing the application of a hash algorithm on a message that is transmitted with the message so it can be compared with the recipient's locally calculated hash of the same message
Vigenere cipher
an advanced type of substitution cipher that uses a simple polyalphabetic code
substitution cipher
an encryption method in which one value is substituted for another
Secure HTTP (HTTPS)
an extended version of Hypertext Transfer Protocol that provides for the encryption of protected Web pages transmitted via the Internet between a client and server
public key infrastructure (PKI)
an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates
digital signatures
encrypted message components that can be mathematically proven as authentic
encapsulating security payload (ESP) protocol
in IPSec, a protocol that provides secrecy for the contents of network communications as well as system to system authentication and data integrity verification
authentication header (AH) protocol
in IPSec, a protocol that provides system-to-system authentication and data integrity verification but does not provide secrecy for the content of a network communication
hash functions
mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm the message's identity and integrity
hash algorithms
public functions that create a hash value also known as a message digest, by converting variable length messages into a single fixed-length value
Digital Signature Standard (DSS)
the NIST standard for digital signature algorithm usage by federal information systems; based on a variant of the EIGamal signature scheme
Advanced Encryption Standard (AES)
the current federal standard for the encryption of data, as specified by NIST
cryptology
the field science that encompasses cryptography and cryptanalysis
IP Security (IPSec)
the primary and dominant cryptographic authentication and encryption product of the IETF's IP Protocol Security Working Group
cryptography
the process of making and using codes to secure information
cryptanalysis
the process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption
nonrepudiation
the process of reversing public-key encryption to verify that a message was sent by the user and thus cannot be refuted