Recently updated

An input parameter that sets the starting state of a cryptographic algorithm or mode. (Compare: activation data.)

See: Defense Information Systems Network (DISN).

A worm program that flooded the ARPANET in November 1988, causing problems for thousands of hosts. [R1135] (See: community risk, worm)

See: Online Certificate Status Protocol.

A pattern of curves formed by the ridges on a fingertip. (See: biometric authentication. Compare: thumbprint.)

An access control feature (actually, an access control vulnerability) in many Internet hosts that enables users to gain access to general purpose or public services and resources of a host (such as allowing any user to transfer data using FTP) without having a pre established, identity specific account (i.e., user name and password). (See: anonymity.)

See: Cryptographic Message Syntax.

A process that delivers a cryptographic key from the location where it is generated to the locations where it is used in a cryptographic algorithm. (See: key establishment, key management.)

An authentication process that verifies an identity by requiring correct authentication information to be provided in response to a challenge. In a computer system, the authentication information is usually a value that is required to be computed in response to an unpredictable challenge value, but it might be just a password.

A U.S. DoD organization that has primary U.S. Government responsibility for INFOSEC standards for classified information and for sensitive unclassified information handled by national security systems. (See: FORTEZZA, KEA, MISSI, national security system, NIAP, NIST, SKIPJACK.)

See: secondary definition under "interception".

An Internet Standard, Internet Layer protocol that moves datagrams (discrete sets of bits) from one computer to another across an internetwork but does not provide reliable delivery, flow control, sequencing, or other end to end services that TCP provides. IP version 4 (IPv4) is specified in RFC 791, and IP version 6 (IPv6) is specified in RFC 2460. (See: IP address, TCP/IP.)

See: Internet Assigned Numbers Authority.

A type of threat action whereby an entity assumes unauthorized logical or physical control of a system resource. (See: usurpation.)

A pass phrase, personal identification number (PIN), biometric data, or other mechanisms of equivalent authentication robustness used to protect access to any use of a private key, except for private keys associated with System or Device certificates.

Registration of data under the authority or in the care of a trusted third party, thus making it possible to provide subsequent assurance of the accuracy of characteristics claimed for the data, such as content, origin, time of existence, and delivery. [I7498 2] (See: digital notary.)

See: Information Technology System Evaluation Criteria.

An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security. (See: CSIRT, security incident.)

An occurrence or sign that an incident may have occurred or may be in progress.

See: application programming interface.

See: commercially licensed evaluation facility.

A single digital signature that protects two separate messages by including the hash results for both sets in a single encrypted value. [SET2]

See: Triple Data Encryption Algorithm.

An attribute of an encryption algorithm that is a formalization of the notion that the encryption of some string is indistinguishable from the encryption of an equal length string of nonsense. (Compare: semantic security.)

A block cipher mode in which a plaintext block is used directly as input to the encryption algorithm and the resultant output block is used directly as cipher text [FP081]. (See: block cipher, [SP38A].)

See: Data Encryption Standard.

See: secondary definition under "cryptographic module".

Synonym for "initialization value".

An urgent response to a fire, flood, civil commotion, natural disaster, bomb threat, or other serious situation, with the intent of protecting lives, limiting damage to property, and minimizing disruption of system operations. [FP087] (See: availability, CERT, emergency plan.)

A vulnerability of a system for which there is no corresponding threat and, therefore, no implied risk.

See: secondary definition under "non repudiation".

See: IPsec Key Exchange.

A mechanism that implements access control for a system entity by enumerating the system resources that the entity is permitted to access and, either implicitly or explicitly, the access modes granted for each resource. (Compare:

See: secondary definition under "electronic data interchange".

An information system comprised of a collection of interconnected nodes. (See: computer network.)

A digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public key certificate. (See: capability token.)

See: data encryption key.

"Measures ensuring that transmitted information can be received despite deliberate jamming attempts." [C4009] (See: electronic security, frequency hopping, jam, spread spectrum.)

Acronym for French translation of International Telephone and Telegraph Consultative Committee. Now renamed ITU T.

A security service that provides the recipient of data with evidence that proves the origin of the data, and thus protects the recipient against an attempt by the originator to falsely deny sending the data. (See: non repudiation service.)

See: communication security.

An act by which a system entity establishes a session in which the entity can use system resources. (See: principal, session.)

To protect a system by configuring it to operate in a way that eliminates or mitigates known vulnerabilities. Example: [RSCG]. (See: default account.)

The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.

metropolitan area network.

"The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit." [FP039] (See: honey pot.)

The source code formats and procedures through which an application program accesses cryptographic services, which are defined abstractly compared to their actual implementation. Example, see: PKCS 11, [R2628].

In a few published descriptions of hybrid encryption for SSH, Windows 2000, and other applications, this term refers to a symmetric key that (a) is used to encrypt a relatively large amount of data and (b) is itself encrypted with a public key. (Compare: bulk keying material, session key.)

A patented, symmetric block cipher designed by Ralph C. Merkle as a plug in replacement for DES. [Schn]

"A measure of strength of a cryptographic algorithm, regardless of actual key length." [IATF] (See: work factor.)