Terms

A system developed at the Massachusetts Institute of Technology that depends on passwords and symmetric cryptography (DES) to implement ticket based, peer entity authentication service and access control service distributed in a client server network environment. [R4120, Stei] (See: realm.)

A small, trusted part of a system that provides services on which the other parts of the system depend. (See: security kernel.)

An MLS computer operating system, designed to be a provably secure replacement for UNIX Version 6, and consisting of a security kernel, non kernel security related utility programs, and optional UNIX application development and support environments. [Perr]

An input parameter used to vary a transformation function performed by a cryptographic algorithm. (See: private key, public key, storage key, symmetric key, traffic key. Compare: initialization value.)

A key establishment method (especially one involving asymmetric cryptography) by which two or more entities, without prior arrangement except a public exchange of data (such as public keys), each can generate the same key value. That is, the method does not send a secret from one entity to the other; instead, both entities, without prior arrangement except a public exchange of data, can compute the same secret value, but that value cannot be computed by other, unauthorized entities. (See: Diffie Hellman Merkle, key establishment, KEA, MQV. Compare: key transport.)

"The assurance of the legitimate participants in a key agreement [i.e., in a key agreement protocol] that no non legitimate party possesses the shared symmetric key." [A9042]

"Cryptographic logic [i.e., a mode of operation] using previous key to produce key." [C4009, A1523] (See: CTAK, /cryptographic operation/ under "mode".)

A centralized, key distribution process (used in symmetric cryptography), usually a separate computer system, that uses master keys (i.e., KEKs) to encrypt and distribute session keys needed by a community of users.

Adversaries may acquire credentials from Keychain. Keychain (or Keychain Services) is the macOS credential management system that stores account names, passwords, private keys, certificates, sensitive application data, payment data, and secure notes. There are three types of Keychains: Login Keychain, System Keychain, and Local Items (iCloud) Keychain. The default Keychain is the Login Keychain, which stores user passwords and information. The System Keychain stores items accessed by the operating system, such as items shared among users on a host. The Local Items (iCloud) Keychain is used for items synced with Apple’s iCloud service.

"The assurance [provided to] the legitimate participants in a key establishment protocol that the [parties that are intended to share] the symmetric key actually possess the shared symmetric key." [A9042]

A process that delivers a cryptographic key from the location where it is generated to the locations where it is used in a cryptographic algorithm. (See: key establishment, key management.)

A type of key center (used in symmetric cryptography) that implements a key distribution protocol to provide keys (usually, session keys) to two (or more) entities that wish to communicate securely. (Compare: key translation center.)

A cryptographic hash (e.g., [R1828]) in which the mapping to a hash result is varied by a second input parameter that is a cryptographic key. (See: checksum.)

A key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that only certain third parties called "recovery agents" can perform the decryption operation to retrieve the stored key. Key encapsulation typically permits direct retrieval of a secret key used to provide data confidentiality. (Compare: key escrow.)

A cryptographic key that (a) is used to encrypt other keys (either DEKs or other TEKs) for transmission or storage but (b) (usually) is not used to encrypt application data. Usage: Sometimes called "key encryption key".

A key recovery technique for storing knowledge of a cryptographic key or parts thereof in the custody of one or more third parties called "escrow agents", so that the key can be recovered and used in specified circumstances. (Compare: key encapsulation.)

A procedure that combines the key generation and key distribution steps needed to set up or install a secure communication association.

A key agreement method [SKIP, R2773] that is based on the Diffie Hellman Merkle algorithm and uses 1024 bit asymmetric keys. (See: CAPSTONE, CLIPPER, FORTEZZA, SKIPJACK.)

A process that creates the sequence of symbols that comprise a cryptographic key. (See: key management.)

An algorithm that uses mathematical rules to deterministically produce a pseudorandom sequence of cryptographic key values.

Data that is needed to establish and maintain a cryptographic security association, such as keys, key pairs, and IVs.

An identifier assigned to an item of keying material.

The number of symbols (usually stated as a number of bits) needed to be able to represent any of the possible values of a cryptographic key. (See: key space.)

Synonym for "cryptoperiod".

Synonym for "fill device".

A place where ECU hardware is activated after being fabricated. (Compare: CLEF.)

a tool that record what a person types on a device

Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when OS Credential Dumping efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.(Citation: Talos Kimsuky Nov 2021)

The process of handling keying material during its life cycle in a cryptographic system; and the supervision and control of that process. (See: key distribution, key escrow, keying material, public key infrastructure.)

A protocol to establish a shared symmetric key between a pair (or a group) of users. (One version of KMP was developed by SDNS, and another by SILS.) Superseded by ISAKMP and IKE.

Synonym for "keying material".

A set of mathematically related keys a public key and a private key that are used for asymmetric cryptography and are generated in a way that makes it computationally infeasible to derive the private key from knowledge of the public key. (See: Diffie Hellman Merkle, RSA.)

A process for learning the value of a cryptographic key that was previously used to perform some cryptographic operation. (See: cryptanalysis, recovery.)

The range of possible values of a cryptographic key; or the number of distinct transformations supported by a particular cryptographic algorithm. (See: key length.)

Repositories that contain cryptographic artifacts like certificates and private keys that are used for cryptographic protocols such as TLS

A type of key center that implements a key distribution protocol (based on symmetric cryptography) to convey keys between two (or more) parties who wish to communicate securely. (Compare: key distribution center.)

A key establishment method by which a secret key is generated by a system entity in a communication association and securely sent to another entity in the association. (Compare: key agreement.)

Derive a new key from an existing key. (Compare: rekey.)

"The procedure for the receiver of a public key to check that the key conforms to the arithmetic requirements for such a key in order to thwart certain types of attacks." [A9042] (See: weak key)

A patented, symmetric block cipher designed by Ralph C. Merkle as a plug in replacement for DES. [Schn]

A patented, symmetric block cipher designed by Ralph C. Merkle as a plug in replacement for DES. [Schn]

In the NICE Framework, cybersecurity work where a person: Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and information content.

A cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext ciphertext pairs (although the analyst may also have other clues, such as knowing the cryptographic algorithm).

Old spelling for "cracker".

See: Kernelized Secure Operating System.