38 terms

session hijacks

Attacks involving a communication session that has already been established between a server and a client.

man-in-the-middle attack

An attack that monitors packets from the network, modifies them using IP spoofing techniques, and inserts them back into the network, allowing the attacker to eavesdrop as well as to change, delete, reroute, add, forge, or divert data.

digital signature

An encrypted code attached to files that are exchanged during a transaction so that each party can verify the other's identity.

public key

Used in some encrypted communications to encode a message to a particular recipient.

private key

Used in some encrypting communications by a recipient to decode a message encoded.

nonrepudiation

A method used to ensure that parties to the transaction are authentic, so that they cannot later deny having participated in a transaction.

encryption

The process of converting an original message into a form that cannot be understood by unauthorized individuals

cryptology

The science of encryption.

cryptography

This describes the processes involved in encoding and decoding messages so that others cannot understand them

cryptanalysis

The process of deciphering the original message (plaintext) from an encrypted message (ciphertext) without knowing the algorithms and keys used to perform the encryption

algorithm

The mathematical formula or method used to convert an unencrypted message into an encrypted message

cipher

The transformation of the individual components (characters, bytes, or bits) of an unencrypted message into encrypted components

ciphertext

The unintelligible encoded message resulting from an encryption

cryptosystem

The set of transformations necessary to convert an unencrypted message into an encrypted message

key

The information used in conjunction with the algorithm to create the ciphertext from the plaintext; it can be a series of bits used in a mathematical algorithm or the knowledge of how to manipulate the plaintext

keyspace

The entire range of values that can possibly be used to construct an individual key

plaintext

The original unencrypted message that is encrypted and results from successful decryption

Steganography

The process of hiding messages, usually within graphic images.

work factor

The amount of effort (usually expressed in hours) required to perform cryptanalysis on an encoded message

substitution cipher

A cipher that you substitute one value for another.

monoalphabetic substitution

A substitution cipher that uses only one alphabet.

polyalphabetic substitution

A substitution cipher that uses two or more alphabets.

transposition cipher (or permutation cipher)

This cipher simply rearranges the values within a block to create the ciphertext. This can be done at the bit level or at the byte (character) level.

XOR cipher

A cipher that the bit stream is subjected to a Boolean ____ function against some other data stream, typically a key stream

Vernam cipher

Also known as the one-time pad, this cipher was developed at AT&T and uses a set of characters that are used for encryption operations only one time and then discarded.

book cipher

Another cipher method, used in the occasional spy movie, is the use of text in a book as the algorithm to decrypt a message.

symmetric encryption

In this approach to encryption, the same key—a secret key—is used to encrypt and decrypt the message.

DES

This was developed in 1977 by IBM and is based on the Data Encryption Algorithm (DEA), which uses a 64-bit block size and a 56-bit key.

AES

This encryption is based on the Rinjndael Block Cipher, which features a variable block length and a key length of either 128, 192, or 256 bits.

asymmetric encryption

Also known as public key encryption, uses two different keys. Either key can be used to encrypt or decrypt

Certificate Authority (CA)

Agency that manages issuance of certificates and serves as electronic notary public to verify their origin and integrity

Public Key Infrastructure

The entire set of hardware, software, and cryptosystems necessary to implement public key encryption

Privacy Enhanced Mail (PEM)

This has been proposed by the Internet Engineering Task Force (IETF) as a standard that will function with public key cryptosystems. It uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures.

Pretty Good Privacy (PGP)

This was developed by Phil Zimmerman and uses the IDEA Cipher, a 128-bit symmetric key block encryption algorithm with 64-bit blocks for message encoding. Like PEM, it uses RSA for symmetric key exchange and to support digital signatures.

Secure Sockets Layer (SSL)

This was developed by Netscape in 1994 to provide security for online electronic commerce transactions. It uses a number of algorithms, but mainly relies on RSA for key transfer and on IDEA, DES, or 3DES for encrypted symmetric key-based data transfer.

Secure Shell (SSH)

This provides security for remote access connections over public networks by using tunneling, authentication services between a client and a server and is used to secure replacement tools for terminal emulation, remote management, and file transfer applications.

IPSec

This is the primary and now dominant cryptographic authentication and encryption product of the IETF's IP Protocol Security Working Group.

The IP Security protocol itself and The Internet Key Exchange

Two components of IPSec