Computer Security Glossary of Important Terms

ACL

Access Control Lists are typically comprised of a list of principals, a list of resources, and a list of permissions.

ACL-based Authorization

A scheme where the authorization agent consults an ACL to grant or deny access to a principal. Also see Centralized Authorization.

Address spoofing

A type of attack in which the attacker steals a legitimate network (e.g. IP) address of a system and uses it to impersonate the system that owns the address.

Application gateway firewall

A type of firewall system that runs an application, called a proxy, that acts like the server to the Internet client. The proxy takes all requests from the Internet client and, if allowed, forwards them to the Intranet server. Application gateways are used to make certain that the Internet client and the Intranet server are using the proper application protocol for communicating. Popular proxies include Telnet, ftp, and http. Building proxies requires knowledge of the application protocol.

Asymmetric algorithm

An encryption algorithm that requires two different keys for encryption and decryption. These keys are commonly referred to as the public and private keys. Asymmetric algorithms are slower than symmetric algorithms. Furthermore, speed of encryption may be different than the speed of decryption. Generally asymmetric algorithms are either used to exchange symmetric session keys or to digitally sign a message. RSA, RPK, and ECC are examples of asymmetric algorithms.

Audit

A service that keeps a detailed record of events.

Authorization

The process of determining what a given principal can do.

Centralized authorization

A scheme in which a central, third-party authorization agent is consulted for access control. All access control rules are defined in the database of the central authorization agent.

Certification Authority (CA)

A trusted agent that issues digital certificates to principals. Certification authorities may themselves have a certificate that is issued to them by other certification authorities. The highest certification authority is called the root CA.

Credential

A credential is what one principal presents to another to authenticate itself. For mutual authentication, both parties exchange credentials. Credentials are issued by an authentication agent or a certification authority. Depending on the model for authentication, credentials may only be valid for a session, or they may have longer validity periods. Digital certificates are credentials that typically last for a year or two. Tickets are credentials that are only good for a session, which typically does not last more than several hours.

CryptoAPI

The Cryptographic Application Programming Interface for Microsoft.

Cryptographic functions

A set of procedures that provide basic cryptographic functionality. The functionality includes using various algorithms for key generation, random number generation, encryption, decryption, and message digesting.

Data confidentiality

See data privacy.

Data diddling

An attack in which the attacker changes the data while en route from source to destination.

Data integrity

The reasonable assurance that data is not changed while en route from a sender to its intended recipient.

Data privacy

The reasonable assurance that data cannot be viewed by anyone other than its intended recipient.

DCE

The Distributed Computing Environment (DCE); Open Group's integration of a set of technologies for application development and deployment in a distributed environment. Security features include a Kerberos-based authentication system, GSS API interface, ACL-based authorization environment, delegation, and audit.

Delegation

The ability to empower a principal to act on behalf of another principal.

Denial of service

An attack where an attacker floods the server with bogus requests, or tampers with legitimate requests. Though the attacker does not benefit, service is denied to legitimate users. This is one of the most difficult attacks to thwart.

DES

Data Encryption Standard; the most common encryption algorithm with symmetric keys.

Dictionary attack

A form of attack in which an attacker uses a large set of likely combinations to guess a secret. For example, an attacker may choose one million commonly used passwords and try them all until the password is determined.

Diffie-Hellman

A public key algorithm in which two parties, who need not have any prior knowledge of each other, can deduce a secret key that is only known to them and secret from everyone else. Diffie-Hellman is often used to protect the privacy of a communication between two anonymous parties.

Digital certificate

A structure for binding a principal's identity to its public key. A certification authority (CA) issues and digitally signs a digital certificate.

Digital signature

A method for verifying that a message originated from a principal and that it has not changed en route. Digital signatures is typically performed by encrypting a digest of the message with the private key of the signing party.

DSA

Digital Signature Algorithm; this algorithm uses a private key to sign a message and a public key to verify the signature. It is a standard proposed by the US government.

Eavesdropping

An attack in which an attacker listens to a private communication. The best way to thwart this attack is by making it very difficult for the attacker to make any sense of the communication by encrypting all messages.

ECC

See Elliptic Curve Cryptosystem.

Elliptic Curve Cryptosystem

A public key cryptosystem where the public and the private key are points on an elliptic curve. ECC is purported to provide faster and stronger encryption than traditional public key cryptosystems (e.g. RSA).

GSS API

The Generic Security Services API; a programming interface that allows two applications to establish a security context independent of the underlying security mechanisms. GSS API is used to hide the details of the security mechanism. Typically both applications use the same mechanism at any given time. The security context is used to mutually authenticate the parties as well as protect the privacy and integrity of the communication. Some mechanisms also allow non-repudiation and delegation. The GSS API is fully defined in Internet RFC's 1508 and 1509. Various RFCs and proposed RFCs define the implementation of the GSS API using a specific mechanism.

IDEA

International Data Encryption Algorithm; this is a symmetric encryption algorithm that is popular outside of the United States and Canada. However, DES is still the most popular symmetric algorithm anywhere.

Identification

The process of identifying a principal.

Impersonation

See delegation.

IPSEC

A security standard for protecting the privacy and integrity of IP packets.

Key Distribution Center (KDC)

See Kerberos.

Kerberos

A third-party trusted host authentication system devised at MIT within Project Athena. The Kerberos authentication server is a central system that knows about every principal and its passwords. It issues tickets to principals who successfully authenticate themselves. These tickets can be used to authenticate one principal (e.g. a user) to another (e.g. a server application). Moreover, Kerberos sets up a session key for the principals that can be used to protect the privacy and the integrity of the communication. For this reason, the Kerberos system is also called a Key Distribution Center (KDC).

Man-in-the-middle-attack

An attack in which an attacker inserts itself between two parties and pretends to be one of the parties. The best way to thwart this attack is for both parties to prove to each other that they know a secret that is only known to them. This is usually done by a digitally signing a message and sending it to the other party as well as asking the other party to send a digitally signed message.

Masquerading

An attack in which an attacker pretends to be some one else. The best way to thwart this attack is to authenticate a principal by challenging it to prove its identity.

MD5

A message digest algorithm that digests a message of arbitrary size to 128 bits. MD5 is a cryptographic checksum algorithm.

Message digest

The result of applying a one-way function to a message. Depending on the cryptographic strength of the message digest algorithm, each message will have a reasonably unique digest. Furthermore, the slightest change to original message will result in a different digest. Message digest functions are called "one-way" because knowing the message digest, one cannot reproduce the original message. Encrypted message digests give rise to integrity-protected messages.

Non-repudiation

The reasonable assurance that a principal cannot deny being the originator of a message after sending it. Non-repudiation is achieved by encrypting the message digest using a principal's private key. The public key of the principal must be certified by a trusted certification authority.

Packet Filter

A type of firewall in which each IP packet is examined and either allowed to pass through or rejected. Normally packet filtering is a first line of defense and is typically combined with application proxies for more security.

PKCS

Public Key Cryptographic Standards; a set of standards proposed by RSA Data Security Inc. for a public-key based system.

PCT

Private Communication Technology; a standard by Microsoft Corporation for establishing a secure communication link using a public key system.

PGP

Pretty Good Privacy; a software package that uses public/private and secret keys for sending private mail messages as well as storing files securely.

Principal

Any entity that uses a security system. Users, systems, client and server applications are all principals.

Private key

A key that belongs to a principal and is never revealed to anyone. It is used by a principal to decrypt messages that are sent to it and are encrypted with the principal's public key. It is also used to encrypt a message digest sent by the principal to anyone else. This provides non-repudiation, as anyone can use the principal's public key to decrypt the digest and be sure that the message originated from that principal.

Public key

A key that belongs to a principal and is revealed to everyone. In order for everyone to trust that the public key really belongs to the principal, the public key is embedded in a digital certificate. The public key is used to encrypt messages that are sent to the principal as well as to verify the signature of a principal.

Public Key Infrastructure

Public and private keys, digital certificates, certification authorities, certificate revocation lists, and the standards that govern the use and validity of these elements make up an infrastructure where principals can engage in private and non-repudiable transactions. This combination is called the Public Key Infrastructure (PKI).

QOP

See Quality of Protection.

Quality of protection

Quality of protection refers to the set of security functions that are applied to what needs to be protected. The QOP can consist of any combination of authentication, privacy, integrity, and non-repudiation.

RC2

Rivest Cipher 2; a symmetric encryption algorithm by Ron Rivest (the R of RSA).

RC4

Rivest Cipher 4; a symmetric encryption algorithm by Ron Rivest (the R of RSA).

Replay attack

An attack in which an attacker captures a messages and at a later time communicates that message to a principal. Though the attacker cannot decrypt the message, it may benefit by receiving a service from the principal to whom it is replaying the message. The best way to thwart a replay attack is by challenging the freshness of the message. This is done by embedding a time stamp, a sequence number, or a random number in the message.

Root CA

The Certification Authority that is trusted by everyone. The root CA issues digital certificates to other CAs.

RPK

Raike Public Key; a public key cryptosystem invented by Bill Raike.

RSA

Rivest, Shamir, Adleman; a public key cryptosystem invented by Ron Rivest, Adi Shamir, and Leonard Adleman.

S/MIME

Secure Multipurpose Internet Mail Extensions; a protocol for sending secure e-mail.

Sandboxed environment

The enforcement of access control by a native programming language such that an applet can only access limited resources. Java applets run in a sandboxed environment where an applet cannot read or write local files, cannot start or interact with local processes, and cannot load or link with dynamic libraries. While a sandboxed environment provides excellent protection against accidental or malicious destruction or abuse of local resources, it does not address the security issues related to authentication, authorization, privacy, integrity, and non-repudiation.

Secret key

A key used by a symmetric algorithm to encrypt and decrypt data.

Secure Single Sign On (SSSO)

Secure single sign-on, or SSSO satisfies three synergetic sets of requirements. From an end-user perspective, SSSO refers to the ability of using a single user ID and a single password to logon once and gain access to all resources that one is allowed to access. From an administrative perspective, SSSO allows management of all security-related aspects of one's enterprise from a central location. This includes adding, modifying, and removing users as wells as granting and revoking access to resources. From an enterprise perspective, SSSO provides the ability to protect the privacy and the integrity of transactions as well as to engage in auditable and non-repudiable transactions.

Security mechanism

A piece of software that provides any combination of security functionalities including authentication, privacy, integrity, non-repudiation, delegation, audit, and authorization. A mechanism uses cryptographic functions and exports its services using an API.

S-HTTP

Secure Hyper Text Transfer Protocol; an extension to the HTTP protocol to protect the privacy and integrity of HTTP communications.

Session key

A temporary symmetric key that is only valid for a short period. Session keys are typically random numbers that can be chosen by either party to a conversation, by both parties in cooperation with one another, or by a trusted third party. See Kerberos.

SHA

Secure Hash Algorithm; a message digest algorithm that digests a message of arbitrary size to 160 bits. SHA is a cryptographic checksum algorithm.

Signed applet

An applet that is digitally signed by the source that provides it. Signed applets are integrity-protected and cannot be tampered with while en route from the server to the browser.

SKIP

Simple Key management for IP; a protocol for protecting the privacy and integrity of IP packets.

Smart card

A tamper-resistant hardware device where sensitive information can be stored. Typically a smartcard stores the private key(s) of a principal. Smarcards can also be used to encrypt of decrypt data on the card directly. This has the desirable effect of not exposing the private keys, even to the owner of the key. Smartcards are password protected; in order for an application to use the keys and functions of a smartcard the user must enter the correct password to open the card.

SSL

Secure Socket Layer; a standard by for establishing a secure communication link using a public key system.

SSPI

Security Support Programming Interface; a standard programming interface by Microsoft Corporation where two applications can establish a security context independent of the underlying security mechanisms. SSPI is very similar to GSS API and may be eventually replaced by the GSS API.

Strength of encryption

The strength of encryption is measured by the amount of effort needed to break a cryptosystem. Typically this is measured by the length of the key used for encryption. The strength of encryption is algorithm-dependent. For example, the minimum acceptable key length for DES is 56 bits, while the minimum acceptable length for RSA is 512 bits.

Symmetric algorithm

An algorithm where the same key can be used for encryption and decryption.

Third party trusted host model

An authentication model in which a trusted third party authenticates principals to each other. The trusted third party shares a secret (password) with each principal. It uses a key derived from the password to issue tickets to these principals. Also see Kerberos.

Ticket

A credential used in a third-party trusted host model. A ticket is encrypted with the password of the principal to whom the ticket is presented. A ticket contains a session key as well as the identity of the principal to whom the ticket is issued. Tickets have an expiration time.

Token

A hardware device that is used to augment password-based authentication by challenging a principal to prove that possesses the token.

Trusted applet

See signed applet.

Trusted gateway

Trusted gateways are firewalls that use very secure operating systems. These operating systems are typically rated B1 or better according to the Trusted Computing Base. Evaluation Criteria (the orange book). The firewall system itself is divided into three software compartments: that which interacts with the Internet, that which interacts with the enterprise, and a trusted gateway that mediates communications between the other two compartments. The operating system prevents applications that run in one compartment from accessing resources outside of that compartment. Any application that runs on the Internet compartment (e.g. a Web server), can only have access to resources in the Internet compartment (e.g. public HTML pages), or else it must use thetrusted gateway to ask for information from the enterprise compartment.

VPN

Virtual Private Network; a way of using a public network (typically the Internet) to link two sites of an organization. A VPN is typically set up by protecting the privacy and integrity of the communication line using a secret session key. The secret session key is usually negotiated using the public keys of the two principals.