RFC 2828
Internet Security Glossary
(O) "An integer value, unique within the issuing CA, which is
unambiguously associated with a certificate issued by that CA."
[X509]
$ certificate status responder
(N) FPKI usage: A trusted on-line server that acts for a CA to
provide authenticated certificate status information to
certificate users. [FPKI] Offers an alternative to issuing a CRL,
but is not supported in X.509. (See: certificate revocation tree.)
$ certificate update
(I) The act or process by which non-key data items bound in an
existing public-key certificate, especially authorizations granted
to the subject, are changed by issuing a new certificate. (See:
certificate rekey, certificate renewal.)
(C) For an X.509 public-key certificate, the essence of this
process is that fundamental changes are made in the data that is
bound to the public key, such that it is necessary to revoke the
old certificate. (Otherwise, the process is only a "certificate
rekey" or "certificate renewal".)
$ certificate user
(I) A system entity that depends on the validity of information
(such as another entity's public key value) provided by a digital
certificate. (See: relying party.)
(O) "An entity that needs to know, with certainty, the public key
of another entity." [X509]
(C) The system entity may be a human being or an organization, or
a device or process under the control of a human or an
organization.
(D) ISDs SHOULD NOT use this term as a synonym for the "subject"
of a certificate.
$ certificate validation
(I) An act or process by which a certificate user establishes that
the assertions made by a digital certificate can be trusted. (See:
valid certificate, validate vs. verify.)
(O) "The process of ensuring that a certificate is valid including
possibly the construction and processing of a certification path,
and ensuring that all certificates in that path have not expired
or been revoked." [FPDAM]
(C) To validate a certificate, a certificate user checks that the
certificate is properly formed and signed and currently in force:
- Checks the signature: Employs the issuer's public key to verify
the digital signature of the CA who issued the certificate in
question. If the verifier obtains the issuer's public key from
the issuer's own public-key certificate, that certificate
should be validated, too. That validation may lead to yet
another certificate to be validated, and so on. Thus, in
general, certificate validation involves discovering and
validating a certification path.
- Checks the syntax and semantics: Parses the certificate's
syntax and interprets its semantics, applying rules specified
for and by its data fields, such as for critical extensions in
an X.509 certificate.
- Checks currency and revocation: Verifies that the certificate
is currently in force by checking that the current date and
time are within the validity period (if that is specified in
the certificate) and that the certificate is not listed on a
CRL or otherwise announced as invalid. (CRLs themselves require
a similar validation process.)
$ certification
(I) Information system usage: Technical evaluation (usually made
in support of an accreditation action) of an information system's
security features and other safeguards to establish the extent to
which the system's design and implementation meet specified
security requirements. [FP102] (See: accreditation.)
(I) Digital certificate usage: The act or process of vouching for
the truth and accuracy of the binding between data items in a
certificate. (See: certify.)
(I) Public key usage: The act or process of vouching for the
ownership of a public key by issuing a public-key certificate that
binds the key to the name of the entity that possesses the
matching private key. In addition to binding a key to a name, a
public-key certificate may bind those items to other restrictive
or explanatory data items. (See: X.509 public-key certificate.)
(O) SET usage: "The process of ascertaining that a set of
requirements or criteria has been fulfilled and attesting to that
fact to others, usually with some written instrument. A system
that has been inspected and evaluated as fully compliant with the
SET protocol by duly authorized parties and process would be said
to have been certified compliant." [SET2]
$ certification authority (CA)
(I) An entity that issues digital certificates (especially X.509
certificates) and vouches for the binding between the data items
in a certificate.
(O) "An authority trusted by one or more users to create and
assign certificates. Optionally, the certification authority may
create the user's keys." [X509]
(C) Certificate users depend on the validity of information
provided by a certificate. Thus, a CA should be someone that
certificate users trust, and usually holds an official position
created and granted power by a government, a corporation, or some
other organization. A CA is responsible for managing the life
cycle of certificates (see: certificate management) and, depending
on the type of certificate and the CPS that applies, may be
responsible for the life cycle of key pairs associated with the
certificates (see: key management).
$ certification authority workstation (CAW)
(I) A computer system that enables a CA to issue digital
certificates and supports other certificate management functions
as required.
$ certification hierarchy
(I) A tree-structured (loop-free) topology of relationships among
CAs and the entities to whom the CAs issue public-key
certificates. (See: hierarchical PKI.)
(C) In this structure, one CA is the top CA, the highest level of
the hierarchy. (See: root, top CA.) The top CA may issue public-
key certificates to one or more additional CAs that form the
second highest level. Each of these CAs may issue certificates to
more CAs at the third highest level, and so on. The CAs at the
second-lowest of the hierarchy issue certificates only to non-CA
entities, called "end entities" that form the lowest level. (See:
end entity.) Thus, all certification paths begin at the top CA and
descend through zero or more levels of other CAs. All certificate
users base path validations on the top CA's public key.
(O) MISSI usage: A MISSI certification hierarchy has three or four
levels of CAs:
- A CA at the highest level, the top CA, is a "policy approving
authority".
- A CA at the second-highest level is a "policy creation
authority".
- A CA at the third-highest level is a local authority called a
"certification authority".
- A CA at the fourth-highest (optional) level is a "subordinate
certification authority".
(O) PEM usage: A PEM certification hierarchy has three levels of
CAs [R1422]:
- The highest level is the "Internet Policy Registration
Authority".
- A CA at the second-highest level is a "policy certification
authority".
- A CA at the third-highest level is a "certification authority".
(O) SET usage: A SET certification hierarchy has three or four
levels of CAs:
- The highest level is a "SET root CA".
- A CA at the second-highest level is a "brand certification
authority".
- A CA at the third-highest (optional) level is a "geopolitical
certification authority".
- A CA at the fourth-highest level is a "cardholder CA", a
"merchant CA", or a "payment gateway CA".
$ certification path
(I) An ordered sequence of public-key certificates (or a sequence
of public-key certificates followed by one attribute certificate)
that enables a certificate user to verify the signature on the
last certificate in the path, and thus enables the user to obtain
a certified public key (or certified attributes) of the entity
that is the subject of that last certificate. (See: certificate
validation, valid certificate.)
(O) "An ordered sequence of certificates of objects in the [X.500
Directory Information Tree] which, together with the public key of
the initial object in the path, can be processed to obtain that of
the final object in the path." [X509, R2527]
(C) The path is the "list of certificates needed to allow a
particular user to obtain the public key of another." [X509] The
list is "linked" in the sense that the digital signature of each
certificate (except the first) is verified by the public key
contained in the preceding certificate; i.e., the private key used
to sign a certificate and the public key contained in the
preceding certificate form a key pair owned by the entity that
signed.
(C) In the X.509 quotation in the previous "C" paragraph, the word
"particular" points out that a certification path that can be
validated by one certificate user might not be able to be
validated by another. That is because either the first certificate
should be a trusted certificate (it might be a root certificate)
or the signature on the first certificate should be verified by a
trusted key (it might be a root key), but such trust is defined
relative to each user, not absolutely for all users.
$ certification policy
(D) ISDs SHOULD NOT use this term. Instead, use either
"certificate policy" or "certification practice statement",
depending on what is meant.
$ certification practice statement (CPS)
(I) "A statement of the practices which a certification authority
employs in issuing certificates." [ABA96, R2527] (See: certificate
policy.)
(C) A CPS is a published security policy that can help a
certificate user to decide whether a certificate issued by a
particular CA can be trusted enough to use in a particular
application. A CPS may be (a) a declaration by a CA of the details
of the system and practices it employs in its certificate
management operations, (b) part of a contract between the CA and
an entity to whom a certificate is issued, (c) a statute or
regulation applicable to the CA, or (d) a combination of these
types involving multiple documents. [ABA]
(C) A CPS is usually more detailed and procedurally oriented than
a certificate policy. A CPS applies to a particular CA or CA
community, while a certificate policy applies across CAs or
communities. A CA with a single CPS may support multiple
certificate policies, which may be used for different application
purposes or by different user communities. Multiple CAs, each with
a different CPS, may support the same certificate policy. [R2527]
$ certification request
(I) A algorithm-independent transaction format, defined by PCKS
#10 and used in PKIX, that contains a DN, a public key, and
optionally a set of attributes, collectively signed by the entity
requesting certification, and sent to a CA, which transforms the
request to an X.509 public-key certificate or another type of
certificate.
$ certify
1. (I) Issue a digital certificate and thus vouch for the truth,
accuracy, and binding between data items in the certificate (e.g.,
see: X.509 public key certificate), such as the identity of the
certificate's subject and the ownership of a public key. (See:
certification.)
(C) To "certify a public key" means to issue a public-key
certificate that vouches for the binding between the certificate's
subject and the key.
2. (I) The act by which a CA employs measures to verify the truth,
accuracy, and binding between data items in a digital certificate.
(C) A description of the measures used for verification should be
included in the CA's CPS.
$ CFB
See: cipher feedback.
$ Challenge Handshake Authentication Protocol (CHAP)
(I) A peer entity authentication method for PPP, using a randomly-
generated challenge and requiring a matching response that depends
on a cryptographic hash of the challenge and a secret key. [R1994]
(See: challenge-response, PAP.)
$ challenge-response
(I) An authentication process that verifies an identity by
requiring correct authentication information to be provided in
response to a challenge. In a computer system, the authentication
information is usually a value that is required to be computed in
response to an unpredictable challenge value.
$ Challenge-Response Authentication Mechanism (CRAM)
(I) IMAP4 usage: A mechanism [R2195], intended for use with IMAP4
AUTHENTICATE, by which an IMAP4 client uses a keyed hash [R2104]
to authenticate itself to an IMAP4 server. (See: POP3 APOP.)
(C) The server includes a unique timestamp in its ready response
to the client. The client replies with the client's name and the
hash result of applying MD5 to a string formed from concatenating
the timestamp with a shared secret that is known only to the
client and the server.
$ channel
(I) An information transfer path within a system. (See: covert
channel.)
$ CHAP
See: Challenge Handshake Authentication Protocol.
$ checksum
(I) A value that (a) is computed by a function that is dependent
on the contents of a data object and (b) is stored or transmitted
together with the object, for the purpose of detecting changes in
the data. (See: cyclic redundancy check, data integrity service,
error detection code, hash, keyed hash, protected checksum.)
(C) To gain confidence that a data object has not been changed, an
entity that later uses the data can compute a checksum and compare
it with the checksum that was stored or transmitted with the
object.
(C) Computer systems and networks employ checksums (and other
mechanisms) to detect accidental changes in data. However, active
wiretapping that changes data could also change an accompanying
checksum to match the changed data. Thus, some checksum functions
by themselves are not good countermeasures for active attacks. To
protect against active attacks, the checksum function needs to be
well-chosen (see: cryptographic hash), and the checksum result
needs to be cryptographically protected (see: digital signature,
keyed hash).
$ chosen-ciphertext attack
(I) A cryptanalysis technique in which the analyst tries to
determine the key from knowledge of plaintext that corresponds to
ciphertext selected (i.e., dictated) by the analyst.
$ chosen-plaintext attack
(I) A cryptanalysis technique in which the analyst tries to
determine the key from knowledge of ciphertext that corresponds to
plaintext selected (i.e., dictated) by the analyst.
$ CIAC
See: Computer Incident Advisory Capability.
$ CIK
See: cryptographic ignition key.
$ cipher
(I) A cryptographic algorithm for encryption and decryption.
$ cipher block chaining (CBC)
(I) An block cipher mode that enhances electronic codebook mode by
chaining together blocks of ciphertext it produces. [FP081] (See:
[R1829], [R2451].)
(C) This mode operates by combining (exclusive OR-ing) the
algorithm's ciphertext output block with the next plaintext block
to form the next input block for the algorithm.
$ cipher feedback (CFB)
(I) An block cipher mode that enhances electronic code book mode
by chaining together the blocks of ciphertext it produces and
operating on plaintext segments of variable length less than or
equal to the block length. [FP081]
(C) This mode operates by using the previously generated
ciphertext segment as the algorithm's input (i.e., by "feeding
back" the ciphertext) to generate an output block, and then
combining (exclusive OR-ing) that output block with the next
plaintext segment (block length or less) to form the next
ciphertext segment.
$ ciphertext
(I) Data that has been transformed by encryption so that its
semantic information content (i.e., its meaning) is no longer
intelligible or directly available. (See: cleartext, plaintext.)
(O) "Data produced through the use of encipherment. The semantic
content of the resulting data is not available." [I7498 Part 2]
$ ciphertext-only attack
(I) A cryptanalysis technique in which the analyst tries to
determine the key solely from knowledge of intercepted ciphertext
(although the analyst may also know other clues, such as the
cryptographic algorithm, the language in which the plaintext was
written, the subject matter of the plaintext, and some probable
plaintext words.)
$ CIPSO
See: Common IP Security Option.
$ CKL
See: compromised key list.
$ class 2, 3, 4, or 5
(O) U.S. Department of Defense usage: Levels of PKI assurance
based on risk and value of information to be protected [DOD3]:
- Class 2: For handling low-value information (unclassified, not
mission-critical, or low monetary value) or protection of
system-high information in low- to medium-risk environment.
- Class 3: For handling medium-value information in low- to
medium-risk environment. Typically requires identification of a
system entity as a legal person, rather than merely a member of
an organization.
- Class 4: For handling medium- to high-value information in any
environment. Typically requires identification of an entity as
a legal person, rather than merely a member of an organization,
and a cryptographic hardware token for protection of keying
material.
- Class 5: For handling high-value information in a high-risk
environment.
$ classification
$ classification level
(I) (1.) A grouping of classified information to which a
hierarchical, restrictive security label is applied to increase
protection of the data. (2.) The level of protection that is
required to be applied to that information. (See: security level.)
$ classified
(I) Refers to information (stored or conveyed, in any form) that
is formally required by a security policy to be given data
confidentiality service and to be marked with a security label
(which in some cases might be implicit) to indicate its protected
status. (See: unclassified.)
(C) The term is mainly used in government, especially in the
military, although the concept underlying the term also applies
outside government. In the U.S. Department of Defense, for
example, it means information that has been determined pursuant to
Executive Order 12958 ("Classified National Security Information",
20 April 1995) or any predecessor order to require protection
against unauthorized disclosure and is marked to indicate its
classified status when in documentary form.
$ clean system
(I) A computer system in which the operating system and
application system software and files have just been freshly
installed from trusted software distribution media.
(C) A clean system is not necessarily in a secure state.
$ clearance
See: security clearance.
$ clearance level
(I) The security level of information to which a security
clearance authorizes a person to have access.
$ cleartext
(I) Data in which the semantic information content (i.e., the
meaning) is intelligible or is directly available. (See:
plaintext.)
(O) "Intelligible data, the semantic content of which is
available." [I7498 Part 2]
(D) ISDs SHOULD NOT use this term as a synonym for "plaintext",
the input to an encryption operation, because the plaintext input
to encryption may itself be ciphertext that was output from
another operation. (See: superencryption.)
$ client
(I) A system entity that requests and uses a service provided by
another system entity, called a "server". (See: server.)
(C) Usually, the requesting entity is a computer process, and it
makes the request on behalf of a human user. In some cases, the
server may itself be a client of some other server.
$ CLIPPER chip
(N) The Mykotronx, Inc. MYK-82, an integrated microcircuit with a
cryptographic processor that implements the SKIPJACK encryption
algorithm and supports key escrow. (See: CAPSTONE, Escrowed
Encryption Standard.)
(C) The key escrow scheme for a chip involves a SKIPJACK key
common to all chips that protects the unique serial number of the
chip, and a second SKIPJACK key unique to the chip that protects
all data encrypted by the chip. The second key is escrowed as
split key components held by NIST and the U.S. Treasury
Department.
$ closed security environment
(O) U.S. Department of Defense usage: A system environment that
meets both of the following conditions: (a) Application developers
(including maintainers) have sufficient clearances and
authorizations to provide an acceptable presumption that they have
not introduced malicious logic. (b) Configuration control provides
sufficient assurance that system applications and the equipment
they run on are protected against the introduction of malicious
logic prior to and during the operation of applications. [NCS04]
(See: open security environment.)
$ code
(I) noun: A system of symbols used to represent information, which
might originally have some other representation. (See: encode.)
(D) ISDs SHOULD NOT use this term as synonym for the following:
(a) "cipher", "hash", or other words that mean "a cryptographic
algorithm"; (b) "ciphertext"; or (c) "encrypt", "hash", or other
words that refer to applying a cryptographic algorithm.
(D) ISDs SHOULD NOT this word as an abbreviation for the following
terms: country code, cyclic redundancy code, Data Authentication
Code, error detection code, Message Authentication Code, object
code, or source code. To avoid misunderstanding, use the fully
qualified term, at least at the point of first usage.
$ color change
(I) In a system that is being operated in periods processing mode,
the act of purging all information from one processing period and
then changing over to the next processing period.
$ Common Criteria
$ Common Criteria for Information Technology Security
(N) "The Common Criteria" is a standard for evaluating information
technology products and systems, such as operating systems,
computer networks, distributed systems, and applications. It
states requirements for security functions and for assurance
measures. [CCIB]
(C) Canada, France, Germany, the Netherlands, the United Kingdom,
and the United States (NIST and NSA) began developing this
standard in 1993, based on the European ITSEC, the Canadian
Trusted Computer Product Evaluation Criteria (CTCPEC), and the
U.S. "Federal Criteria for Information Technology Security" (FC)
and its precursor, the TCSEC. Work was done in cooperation with
ISO/IEC Joint Technical Committee 1 (Information Technology),
Subcommittee 27 (Security Techniques), Working Group 3 (Security
Criteria). Version 2.1 of the Criteria is equivalent to ISO's
International Standard 15408 [I15408]. The U.S. Government intends
that this standard eventually will supersede both the TCSEC and
FIPS PUB 140-1. (See: NIAP.)
(C) The standard addresses data confidentiality, data integrity,
and availability and may apply to other aspects of security. It
focuses on threats to information arising from human activities,
malicious or otherwise, but may apply to non-human threats. It
applies to security measures implemented in hardware, firmware, or
software. It does not apply to (a) administrative security not
related directly to technical security, (b) technical physical
aspects of security such as electromagnetic emanation control, (c)
evaluation methodology or administrative and legal framework under
which the criteria may be applied, (d) procedures for use of
evaluation results, or (e) assessment of inherent qualities of
cryptographic algorithms.
$ Common IP Security Option (CIPSO)
See: (secondary definition under) Internet Protocol Security
Option.
$ common name
(I) A character string that (a) may be a part of the X.500 DN of a
Directory object ("commonName" attribute), (b) is a (possibly
ambiguous) name by which the object is commonly known in some
limited scope (such as an organization), and (c) conforms to the
naming conventions of the country or culture with which it is
associated. [X520] (See: ("subject" and "issuer" under) X.509
public-key certificate.)
(C) For example, "Dr. E. F. Moore", "The United Nations", or
"12-th Floor Laser Printer".
$ communication security (COMSEC)
(I) Measures that implement and assure security services in a
communication system, particularly those that provide data
confidentiality and data integrity and that authenticate
communicating entities.
(C) Usually understood to include cryptographic algorithms and key
management methods and processes, devices that implement them, and
the life cycle management of keying material and devices.
$ community string
(I) A community name in the form of an octet string that serves as
a cleartext password in SNMP version 1. [R1157]
$ compartment
(I) A grouping of sensitive information items that require special
access controls beyond those normally provided for the basic
classification level of the information. (See: category.)
(C) The term is usually understood to include the special handling
procedures to be used for the information.
$ compromise
See: data compromise, security compromise.
$ compromised key list (CKL)
(O) MISSI usage: A list that identifies keys for which
unauthorized disclosure or alteration may have occurred. (See:
compromise.)
(C) A CKL is issued by an CA, like a CRL is issued. But a CKL
lists only KMIDs, not subjects that hold the keys, and not
certificates in which the keys are bound.
$ COMPUSEC
See: computer security.
$ computer emergency response team (CERT)
(I) An organization that studies computer and network INFOSEC in
order to provide incident response services to victims of attacks,
publish alerts concerning vulnerabilities and threats, and offer
other information to help improve computer and network security.
(See: CSIRT, security incident.)
(C) For example, the CERT Coordination Center at Carnegie-Mellon
University (sometimes called "the" CERT) and the Computer Incident
Advisory Capability.
$ Computer Incident Advisory Capability (CIAC)
(N) A computer emergency response team in the U.S. Department of
Energy.
$ computer network
(I) A collection of host computers together with the subnetwork or
internetwork through which they can exchange data.
(C) This definition is intended to cover systems of all sizes and
types, ranging from the complex Internet to a simple system
composed of a personal computer dialing in as a remote terminal of
another computer.
$ computer security (COMPUSEC)
(I) Measures that implement and assure security services in a
computer system, particularly those that assure access control
service.
(C) Usually understood to include functions, features, and
technical characteristics of computer hardware and software,
especially operating systems.
$ computer security incident response team (CSIRT)
(I) An organization "that coordinates and supports the response to
security incidents that involve sites within a defined
constituency." [R2350] (See: CERT, FIRST, security incident.)
(C) To be considered a CSIRT, an organization must do as follows:
- Provide a (secure) channel for receiving reports about
suspected security incidents.
- Provide assistance to members of its constituency in handling
the incidents.
- Disseminate incident-related information to its constituency
and other involved parties.
$ computer security object
(I) The definition or representation of a resource, tool, or
mechanism used to maintain a condition of security in computerized
environments. Includes many elements referred to in standards that
are either selected or defined by separate user communities.
[CSOR] (See: object identifier, Computer Security Objects
Register.)
$ Computer Security Objects Register (CSOR)
(N) A service operated by NIST is establishing a catalog for
computer security objects to provide stable object definitions
identified by unique names. The use of this register will enable
the unambiguous specification of security parameters and
algorithms to be used in secure data exchanges.
(C) The CSOR follows registration guidelines established by the
international standards community and ANSI. Those guidelines
establish minimum responsibilities for registration authorities
and assign the top branches of an international registration
hierarchy. Under that international registration hierarchy the
CSOR is responsible for the allocation of unique identifiers under
the branch {joint-iso-ccitt(2) country(16) us(840) gov(101)
csor(3)}.
$ COMSEC
See: communication security.
$ confidentiality
See: data confidentiality.
$ configuration control
(I) The process of regulating changes to hardware, firmware,
software, and documentation throughout the development and
operational life of a system. (See: administrative security.)
(C) Configuration control helps protect against unauthorized or
malicious alteration of a system and thus provides assurance of
system integrity. (See: malicious logic.)
$ confinement property
See: (secondary definition under) Bell-LaPadula Model.
$ connectionless data integrity service
(I) A security service that provides data integrity service for an
individual IP datagram, by detecting modification of the datagram,
without regard to the ordering of the datagram in a stream of
datagrams.
(C) A connection-oriented data integrity service would be able to
detect lost or reordered datagrams within a stream of datagrams.
$ contingency plan
(I) A plan for emergency response, backup operations, and post-
disaster recovery in a system as part of a security program to
ensure availability of critical system resources and facilitate
continuity of operations in a crisis. [NCS04] (See: availability.)
$ controlled security mode
(D) ISDs SHOULD NOT use this term. It was defined in an earlier
version of the U.S. Department of Defense policy that regulates
system accreditation, but was subsumed by "partitioned security
mode" in the current version. [DOD2]
(C) The term refers to a mode of operation of an information
system, wherein at least some users with access to the system have
neither a security clearance nor a need-to-know for all classified
material contained in the system. However, separation and control
of users and classified material on the basis, respectively, of
clearance and classification level are not essentially under
operating system control like they are in "multilevel security
mode".
(C) Controlled mode was intended to encourage ingenuity in meeting
the security requirements of Defense policy in ways less
restrictive than "dedicated security mode" and "system high
security mode", but at a level of risk lower than that generally
associated with the true "multilevel security mode". This was to
be accomplished by implementation of explicit augmenting measures
to reduce or remove a substantial measure of system software
vulnerability together with specific limitation of the security
clearance levels of users permitted concurrent access to the
system.
$ cookie
(I) access control usage: A synonym for "capability" or "ticket"
in an access control system.
(I) IPsec usage: Data exchanged by ISAKMP to prevent certain
denial-of-service attacks during the establishment of a security
association.
(I) HTTP usage: Data exchanged between an HTTP server and a
browser (a client of the server) to store state information on the
client side and retrieve it later for server use.
(C) An HTTP server, when sending data to a client, may send along
a cookie, which the client retains after the HTTP connection
closes. A server can use this mechanism to maintain persistent
client-side state information for HTTP-based applications,
retrieving the state information in later connections. A cookie
may include a description of the range of URLs for which the state
is valid. Future requests made by the client in that range will
also send the current value of the cookie to the server. Cookies
can be used to generate profiles of web usage habits, and thus may
infringe on personal privacy.
$ Coordinated Universal Time (UTC)
(N) UTC is derived from International Atomic Time (TAI) by adding
a number of leap seconds. The International Bureau of Weights and
Measures computes TAI once each month by averaging data from many
laboratories. (See: GeneralizedTime, UTCTime.)
$ copy
See: card copy.
$ correctness integrity
(I) Accuracy and consistency of the information that data values
represent, rather than of the data itself. Closely related to
issues of accountability and error handling. (See: data integrity,
source integrity.)
$ correctness proof
(I) A mathematical proof of consistency between a specification
for system security and the implementation of that specification.
(See: formal specification.)
$ countermeasure
(I) An action, device, procedure, or technique that reduces a
threat, a vulnerability, or an attack by eliminating or preventing
it, by minimizing the harm it can cause, or by discovering and
reporting it so that corrective action can be taken.
(C) In an Internet protocol, a countermeasure may take the form of
a protocol feature, an element function, or a usage constraint.
$ country code
(I) An identifier that is defined for a nation by ISO. [I3166]
(C) For each nation, ISO Standard 3166 defines a unique two-
character alphabetic code, a unique three-character alphabetic
code, and a three-digit code. Among many uses of these codes, the
two-character codes are used as top-level domain names.
$ covert channel
(I) A intra-system channel that permits two cooperating entities,
without exceeding their access authorizations, to transfer
information in a way that violates the system's security policy.
(See: channel, out of band.)
(O) "A communications channel that allows two cooperating
processes to transfer information in a manner that violates the
system's security policy." [NCS04]
(C) The cooperating entities can be either two insiders or an
insider and an outsider. Of course, an outsider has no access
authorization at all. A covert channel is a system feature that
the system architects neither designed nor intended for
information transfer:
- "Timing channel": A system feature that enable one system
entity to signal information to another by modulating its own
use of a system resource in such a way as to affect system
response time observed by the second entity.
- "Storage channel": A system feature that enables one system
entity to signal information to another entity by directly or
indirectly writing a storage location that is later directly or
indirectly read by the second entity.
$ CPS
See: certification practice statement.
$ cracker
(I) Someone who tries to break the security of, and gain access
to, someone else's system without being invited to do so. (See:
hacker and intruder.)
$ CRAM
See: Challenge-Response Authentication Mechanism.
$ CRC
See: cyclic redundancy check.
$ credential(s)
(I) Data that is transferred or presented to establish either a
claimed identity or the authorizations of a system entity. (See:
authentication information, capability, ticket.)
(O) "Data that is transferred to establish the claimed identity of
an entity." [I7498 Part 2]
$ critical
1. (I) "Critical" system resource: A condition of a service or
other system resource such that denial of access to (i.e., lack of
availability of) that resource would jeopardize a system user's
ability to perform a primary function or would result in other
serious consequences. (See: availability, sensitive.)
2. (N) "Critical" extension: Each extension of an X.509
certificate (or CRL) is marked as being either critical or non-
critical. If an extension is critical and a certificate user (or
CRL user) does not recognize the extension type or does not
implement its semantics, then the user is required to treat the
certificate (or CRL) as invalid. If an extension is non-critical,
a user that does not recognize or implement that extension type is
permitted to ignore the extension and process the rest of the
certificate (or CRL).
$ CRL
See: certificate revocation list.
$ CRL distribution point
See: distribution point.
$ CRL extension
See: extension.
$ cross-certificate
See: cross-certification.
$ cross-certification
(I) The act or process by which two CAs each certify a public key
of the other, issuing a public-key certificate to that other CA.
(C) Cross-certification enables users to validate each other's
certificate when the users are certified under different
certification hierarchies.
$ cryptanalysis
(I) The mathematical science that deals with analysis of a
cryptographic system in order to gain knowledge needed to break or
circumvent the protection that the system is designed to provide.
(See: cryptology.)
(O) "The analysis of a cryptographic system and/or its inputs and
outputs to derive confidential variables and/or sensitive data
including cleartext." [I7498 Part 2]
(C) The "O" definition states the traditional goal of
cryptanalysis--convert the ciphertext to plaintext (which usually
is cleartext) without knowing the key--but that definition applies
only to encryption systems. Today, the term is used with reference
to all kinds of cryptographic algorithms and key management, and
the "I" definition reflects that. In all cases, however, a
cryptanalyst tries to uncover or reproduce someone else's
sensitive data, such as cleartext, a key, or an algorithm. The
basic cryptanalytic attacks on encryption systems are ciphertext-
only, known-plaintext, chosen-plaintext, and chosen-ciphertext;
and these generalize to the other kinds of cryptography.
$ crypto
(D) Except as part of certain long-established terms listed in
this Glossary, ISDs SHOULD NOT use this abbreviated term because
it may be misunderstood. Instead, use "cryptography" or
"cryptographic".
$ cryptographic algorithm
(I) An algorithm that employs the science of cryptography,
including encryption algorithms, cryptographic hash algorithms,
digital signature algorithms, and key agreement algorithms.
$ cryptographic application programming interface (CAPI)
(I) The source code formats and procedures through which an
application program accesses cryptographic services, which are
defined abstractly compared to their actual implementation. For
example, see: PKCS #11, [R2628].
$ cryptographic card
(I) A cryptographic token in the form of a smart card or a PC
card.
$ cryptographic component
(I) A generic term for any system component that involves
cryptography. (See: cryptographic module.)
$ cryptographic hash
See: (secondary definition under) hash function.
$ cryptographic ignition key (CIK)
(I) A physical (usually electronic) token used to store,
transport, and protect cryptographic keys. (Sometimes abbreviated
as "crypto ignition key".)
(C) A typical use is to divide a split key between a CIK and a
cryptographic module, so that it is necessary to combine the two
to regenerate a key-encrypting key and thus activate the module
and other keys it contains.
$ cryptographic key
(I) Usually shortened to just "key". An input parameter that
varies the transformation performed by a cryptographic algorithm.
(O) "A sequence of symbols that controls the operations of
encipherment and decipherment." [I7498 Part 2]
(C) If a key value needs to be kept secret, the sequence of
symbols (usually bits) that comprise it should be random, or at
least pseudo-random, because that makes the key hard for an
adversary to guess. (See: cryptanalysis, brute force attack.)
$ Cryptographic Message Syntax (CMS)
(I) A encapsulation syntax for digital signatures, hashes, and
encryption of arbitrary messages. [R2630]
(C) CMS was derived from PKCS #7. CMS values are specified with
ASN.1 and use BER encoding. The syntax permits multiple
encapsulation with nesting, permits arbitrary attributes to be
signed along with message content, and supports a variety of
architectures for digital certificate-based key management.
$ cryptographic module
(I) A set of hardware, software, firmware, or some combination
thereof that implements cryptographic logic or processes,
including cryptographic algorithms, and is contained within the
module's cryptographic boundary, which is an explicitly defined
contiguous perimeter that establishes the physical bounds of the
module. [FP140]
$ cryptographic system
(I) A set of cryptographic algorithms together with the key
management processes that support use of the algorithms in some
application context.
(C) This "I" definition covers a wider range of algorithms than
the following "O" definition:
(O) "A collection of transformations from plaintext into
ciphertext and vice versa [which would exclude digital signature,
cryptographic hash, and key agreement algorithms], the particular
transformation(s) to be used being selected by keys. The
transformations are normally defined by a mathematical algorithm."
[X509]
$ cryptographic token
(I) A portable, user-controlled, physical device used to store
cryptographic information and possibly perform cryptographic
functions. (See: cryptographic card, token.)
(C) A smart token may implement some set of cryptographic
algorithms and may implement related algorithms and key management
functions, such as a random number generator. A smart
cryptographic token may contain a cryptographic module or may not
be explicitly designed that way.
$ cryptography
(I) The mathematical science that deals with transforming data to
render its meaning unintelligible (i.e., to hide its semantic
content), prevent its undetected alteration, or prevent its
unauthorized use. If the transformation is reversible,
cryptography also deals with restoring encrypted data to
intelligible form. (See: cryptology, steganography.)
(O) "The discipline which embodies principles, means, and methods
for the transformation of data in order to hide its information
content, prevent its undetected modification and/or prevent its
unauthorized use. . . . Cryptography determines the methods used
in encipherment and decipherment." [I7498 Part 2]
$ Cryptoki
See: (secondary definition under) PKCS #11.
$ cryptology
(I) The science that includes both cryptography and cryptanalysis,
and sometimes is said to include steganography.
$ cryptonet
(I) A group of system entities that share a secret cryptographic
key for a symmetric algorithm.
$ cryptoperiod
(I) The time span during which a particular key is authorized to
be used in a cryptographic system. (See: key management.)
(C) A cryptoperiod is usually stated in terms of calendar or clock
time, but sometimes is stated in terms of the maximum amount of
data permitted to be processed by a cryptographic algorithm using
the key. Specifying a cryptoperiod involves a tradeoff between the
cost of rekeying and the risk of successful cryptanalysis.
(C) Although we deprecate its prefix, this term is long-
established in COMPUSEC usage. (See: crypto) In the context of
certificates and public keys, "key lifetime" and "validity period"
are often used instead.
$ cryptosystem
(D) ISDs SHOULD NOT use this term as an abbreviation for
cryptographic system. (For rationale, see: crypto.)
$ CSIRT
See: computer security incident response team.
$ CSOR
See: Computer Security Objects Register.
$ cut-and-paste attack
(I) An active attack on the data integrity of ciphertext, effected
by replacing sections of ciphertext with other ciphertext, such
that the result appears to decrypt correctly but actually decrypts
to plaintext that is forged to the satisfaction of the attacker.
$ cyclic redundancy check (CRC)
(I) Sometimes called "cyclic redundancy code". A type of checksum
algorithm that is not a cryptographic hash but is used to
implement data integrity service where accidental changes to data
are expected.
$ DAC
See: Data Authentication Code, discretionary access control.
$ DASS
See: Distributed Authentication Security Service.
$ data
(I) Information in a specific physical representation, usually a
sequence of symbols that have meaning; especially a representation
of information that can be processed or produced by a computer.
$ Data Authentication Algorithm
(N) A keyed hash function equivalent to DES cipher block chaining
with IV = 0. [A9009]
(D) ISDs SHOULD NOT use the uncapitalized form of this term as a
synonym for other kinds of checksums.
$ data authentication code vs. Data Authentication Code (DAC)
1. (N) Capitalized: "The Data Authentication Code" refers to a
U.S. Government standard [FP113] for a checksum that is computed
by the Data Authentication Algorithm. (Also known as the ANSI
standard Message Authentication Code [A9009].)
2. (D) Not capitalized: ISDs SHOULD NOT use "data authentication
code" as a synonym for another kind of checksum, because this term
mixes concepts in a potentially misleading way. (See:
authentication code.) Instead, use "checksum", "error detection
code", "hash", "keyed hash", "Message Authentication Code", or
"protected checksum", depending on what is meant.
$ data compromise
(I) A security incident in which information is exposed to
potential unauthorized access, such that unauthorized disclosure,
alteration, or use of the information may have occurred. (See:
compromise.)
$ data confidentiality
(I) "The property that information is not made available or
disclosed to unauthorized individuals, entities, or processes
[i.e., to any unauthorized system entity]." [I7498 Part 2]. (See:
data confidentiality service.)
(D) ISDs SHOULD NOT use this term as a synonym for "privacy",
which is a different concept.
$ data confidentiality service
(I) A security service that protects data against unauthorized
disclosure. (See: data confidentiality.)
(D) ISDs SHOULD NOT use this term as a synonym for "privacy",
which is a different concept.
$ Data Encryption Algorithm (DEA)
(N) A symmetric block cipher, defined as part of the U.S.
Government's Data Encryption Standard. DEA uses a 64-bit key, of
which 56 bits are independently chosen and 8 are parity bits, and
maps a 64-bit block into another 64-bit block. [FP046] (See: DES,
symmetric cryptography.)
(C) This algorithm is usually referred to as "DES". The algorithm
has also been adopted in standards outside the Government (e.g.,
[A3092]).
$ data encryption key (DEK)
(I) A cryptographic key that is used to encipher application data.
(See: key-encrypting key.)
$ Data Encryption Standard (DES)
(N) A U.S. Government standard [FP046] that specifies the Data
Encryption Algorithm and states policy for using the algorithm to
protect unclassified, sensitive data. (See: AES, DEA.)
$ data integrity
(I) The property that data has not been changed, destroyed, or
lost in an unauthorized or accidental manner. (See: data integrity
service.)
(O) "The property that information has not been modified or
destroyed in an unauthorized manner." [I7498 Part 2]
(C) Deals with constancy of and confidence in data values, not
with the information that the values represent (see: correctness
integrity) or the trustworthiness of the source of the values
(see: source integrity).
$ data integrity service
(I) A security service that protects against unauthorized changes
to data, including both intentional change or destruction and
accidental change or loss, by ensuring that changes to data are
detectable. (See: data integrity.)
(C) A data integrity service can only detect a change and report
it to an appropriate system entity; changes cannot be prevented
unless the system is perfect (error-free) and no malicious user
has access. However, a system that offers data integrity service
might also attempt to correct and recover from changes.
(C) Relationship between data integrity service and authentication
services: Although data integrity service is defined separately
from data origin authentication service and peer entity
authentication service, it is closely related to them.
Authentication services depend, by definition, on companion data
integrity services. Data origin authentication service provides
verification that the identity of the original source of a
received data unit is as claimed; there can be no such
verification if the data unit has been altered. Peer entity
authentication service provides verification that the identity of
a peer entity in a current association is as claimed; there can be
no such verification if the claimed identity has been altered.
$ data origin authentication
(I) "The corroboration that the source of data received is as
claimed." [I7498 Part 2] (See: authentication.)
$ data origin authentication service
(I) A security service that verifies the identity of a system
entity that is claimed to be the original source of received data.
(See: authentication, authentication service.)
(C) This service is provided to any system entity that receives or
holds the data. Unlike peer entity authentication service, this
service is independent of any association between the originator
and the recipient, and the data in question may have originated at
any time in the past.
(C) A digital signature mechanism can be used to provide this
service, because someone who does not know the private key cannot
forge the correct signature. However, by using the signer's public
key, anyone can verify the origin of correctly signed data.
(C) This service is usually bundled with connectionless data
integrity service. (See: (relationship between data integrity
service and authentication services under) data integrity service.
$ data privacy
(D) ISDs SHOULD NOT use this term because it mix concepts in a
potentially misleading way. Instead, use either "data
confidentiality" or "privacy", depending on what is meant.
$ data security
(I) The protection of data from disclosure, alteration,
destruction, or loss that either is accidental or is intentional
but unauthorized.
(C) Both data confidentiality service and data integrity service
are needed to achieve data security.
$ datagram
(I) "A self-contained, independent entity of data carrying
sufficient information to be routed from the source to the
destination." [R1983]
$ DEA
See: Data Encryption Algorithm.
$ deception
See: (secondary definition under) threat consequence.
$ decipher
(D) ISDs SHOULD NOT use this term as a synonym for "decrypt",
except in special circumstances. (See: (usage discussion under)
encryption.)
$ decipherment
(D) ISDs SHOULD NOT use this term as a synonym for "decryption",
except in special circumstances. (See: (usage discussion under)
encryption.)
$ decode
(I) Convert encoded data back to its original form of
representation. (See: decrypt.)
(D) ISDs SHOULD NOT use this term as a synonym for "decrypt",
because that would mix concepts in a potentially misleading way.
$ decrypt
(I) Cryptographically restore ciphertext to the plaintext form it
had before encryption.
$ decryption
See: (secondary definition under) encryption.
$ dedicated security mode
(I) A mode of operation of an information system, wherein all
users have the clearance or authorization, and the need-to-know,
for all data handled by the system. In this mode, the system may
handle either a single classification level or category of
information or a range of levels and categories. [DOD2]
(C) This mode is defined formally in U.S. Department of Defense
policy regarding system accreditation, but the term is also used
outside the Defense Department and outside the Government.
$ default account
(I) A system login account (usually accessed with a user name and
password) that has been predefined in a manufactured system to
permit initial access when the system is first put into service.
(C) Sometimes, the default user name and password are the same in
each copy of the system. In any case, when the system is put into
service, the default password should immediately be changed or the
default account should be disabled.
$ degauss
(N) Apply a magnetic field to permanently remove, erase, or clear
data from a magnetic storage medium, such as a tape or disk
[NCS25]. Reduce magnetic flux density to zero by applying a
reversing magnetic field.
$ degausser
(N) An electrical device that can degauss magnetic storage media.
$ DEK
See: data encryption key.
$ delta CRL
(I) A partial CRL that only contains entries for X.509
certificates that have been revoked since the issuance of a prior,
base CRL. This method can be used to partition CRLs that become
too large and unwieldy.
$ denial of service
(I) The prevention of authorized access to a system resource or
the delaying of system operations and functions. (See:
availability, critical (resource of a system), flooding.)
$ DES
See: Data Encryption Standard.
$ dictionary attack
(I) An attack that uses a brute-force technique of successively
trying all the words in some large, exhaustive list.
(C) For example, an attack on an authentication service by trying
all possible passwords; or an attack on encryption by encrypting
some known plaintext phrase with all possible keys so that the key
for any given encrypted message containing that phrase may be
obtained by lookup.
$ Diffie-Hellman
(N) A key agreement algorithm published in 1976 by Whitfield
Diffie and Martin Hellman [DH76, R2631].
(C) Diffie-Hellman does key establishment, not encryption.
However, the key that it produces may be used for encryption, for
further key management operations, or for any other cryptography.
(C) The difficulty of breaking Diffie-Hellman is considered to be
equal to the difficulty of computing discrete logarithms modulo a
large prime. The algorithm is described in [R2631] and [Schn]. In
brief, Alice and Bob together pick large integers that satisfy
certain mathematical conditions, and then use the integers to each
separately compute a public-private key pair. They send each other
their public key. Each person uses their own private key and the
other person's public key to compute a key, k, that, because of
the mathematics of the algorithm, is the same for each of them.
Passive wiretapping cannot learn the shared k, because k is not
transmitted, and neither are the private keys needed to compute k.
However, without additional mechanisms to authenticate each party
to the other, a protocol based on the algorithm may be vulnerable
to a man-in-the-middle attack.
$ digest
See: message digest.
$ digital certificate
(I) A certificate document in the form of a digital data object (a
data object used by a computer) to which is appended a computed
digital signature value that depends on the data object. (See:
attribute certificate, capability, public-key certificate.)
(D) ISDs SHOULD NOT use this term to refer to a signed CRL or CKL.
Although the recommended definition can be interpreted to include
those items, the security community does not use the term with
those meanings.
$ digital certification
(D) ISDs SHOULD NOT use this term as a synonym for
"certification", unless the context is not sufficient to
distinguish between digital certification and another kind of
certification, in which case it would be better to use "public-key
certification" or another phrase that indicates what is being
certified.
$ digital document
(I) An electronic data object that represents information
originally written in a non-electronic, non-magnetic medium
(usually ink on paper) or is an analogue of a document of that
type.
$ digital envelope
(I) A digital envelope for a recipient is a combination of (a)
encrypted content data (of any kind) and (b) the content
encryption key in an encrypted form that has been prepared for the
use of the recipient.
(C) In ISDs, this term should be defined at the point of first use
because, although the term is defined in PKCS #7 and used in
S/MIME, it is not yet widely established.
(C) Digital enveloping is not simply a synonym for implementing
data confidentiality with encryption; digital enveloping is a
hybrid encryption scheme to "seal" a message or other data, by
encrypting the data and sending both it and a protected form of
the key to the intended recipient, so that no one other than the
intended recipient can "open" the message. In PCKS #7, it means
first encrypting the data using a symmetric encryption algorithm
and a secret key, and then encrypting the secret key using an
asymmetric encryption algorithm and the public key of the intended
recipient. In S/MIME, additional methods are defined for
conveying the content encryption key.
$ Digital ID(service mark)
(D) ISDs SHOULD NOT use this term as a synonym for "digital
certificate" because (a) it is the service mark of a commercial
firm, (b) it unnecessarily duplicates the meaning of other, well-
established terms, and (c) a certificate is not always used as
authentication information. In some contexts, however, it may be
useful to explain that the key conveyed in a public-key
certificate can be used to verify an identity and, therefore, that
the certificate can be thought of as digital identification
information. (See: identification information.)
$ digital key
(C) The adjective "digital" need not be used with "key" or
"cryptographic key", unless the context is insufficient to
distinguish the digital key from another kind of key, such as a
metal key for a door lock.
$ digital notary
(I) Analogous to a notary public. Provides a trusted date-and-time
stamp for a document, so that someone can later prove that the
document existed at a point in time. May also verify the
signature(s) on a signed document before applying the stamp. (See:
notarization.)
$ digital signature
(I) A value computed with a cryptographic algorithm and appended
to a data object in such a way that any recipient of the data can
use the signature to verify the data's origin and integrity. (See:
data origin authentication service, data integrity service,
digitized signature, electronic signature, signer.)
(I) "Data appended to, or a cryptographic transformation of, a
data unit that allows a recipient of the data unit to prove the
source and integrity of the data unit and protect against forgery,
e.g. by the recipient." [I7498 Part 2]
(C) Typically, the data object is first input to a hash function,
and then the hash result is cryptographically transformed using a
private key of the signer. The final resulting value is called the
digital signature of the data object. The signature value is a
protected checksum, because the properties of a cryptographic hash
ensure that if the data object is changed, the digital signature
will no longer match it. The digital signature is unforgeable
because one cannot be certain of correctly creating or changing
the signature without knowing the private key of the supposed
signer.
(C) Some digital signature schemes use a asymmetric encryption
algorithm (e.g., see: RSA) to transform the hash result. Thus,
when Alice needs to sign a message to send to Bob, she can use her
private key to encrypt the hash result. Bob receives both the
message and the digital signature. Bob can use Alice's public key
to decrypt the signature, and then compare the plaintext result to
the hash result that he computes by hashing the message himself.
If the values are equal, Bob accepts the message because he is
certain that it is from Alice and has arrived unchanged. If the
values are not equal, Bob rejects the message because either the
message or the signature was altered in transit.
(C) Other digital signature schemes (e.g., see: DSS) transform the
hash result with an algorithm (e.g., see: DSA, El Gamal) that
cannot be directly used to encrypt data. Such a scheme creates a
signature value from the hash and provides a way to verify the
signature value, but does not provide a way to recover the hash
result from the signature value. In some countries, such a scheme
may improve exportability and avoid other legal constraints on
usage.
$ Digital Signature Algorithm (DSA)
(N) An asymmetric cryptographic algorithm that produces a digital
signature in the form of a pair of large numbers. The signature is
computed using rules and parameters such that the identity of the
signer and the integrity of the signed data can be verified. (See:
Digital Signature Standard.)
$ Digital Signature Standard (DSS)
(N) The U.S. Government standard [FP186] that specifies the
Digital Signature Algorithm (DSA), which involves asymmetric
cryptography.
$ digital watermarking
(I) Computing techniques for inseparably embedding unobtrusive
marks or labels as bits in digital data--text, graphics, images,
video, or audio--and for detecting or extracting the marks later.
(next page on part 3)
