### session hijacks

Attacks involving a communication session that has already been established between a server and a client.

### man-in-the-middle attack

An attack that monitors packets from the network, modifies them using IP spoofing techniques, and inserts them back into the network, allowing the attacker to eavesdrop as well as to change, delete, reroute, add, forge, or divert data.

### digital signature

An encrypted code attached to files that are exchanged during a transaction so that each party can verify the other's identity.

### nonrepudiation

A method used to ensure that parties to the transaction are authentic, so that they cannot later deny having participated in a transaction.

### encryption

The process of converting an original message into a form that cannot be understood by unauthorized individuals

### cryptography

This describes the processes involved in encoding and decoding messages so that others cannot understand them

### cryptanalysis

The process of deciphering the original message (plaintext) from an encrypted message (ciphertext) without knowing the algorithms and keys used to perform the encryption

### algorithm

The mathematical formula or method used to convert an unencrypted message into an encrypted message

### cipher

The transformation of the individual components (characters, bytes, or bits) of an unencrypted message into encrypted components

### cryptosystem

The set of transformations necessary to convert an unencrypted message into an encrypted message

### key

The information used in conjunction with the algorithm to create the ciphertext from the plaintext; it can be a series of bits used in a mathematical algorithm or the knowledge of how to manipulate the plaintext

### work factor

The amount of effort (usually expressed in hours) required to perform cryptanalysis on an encoded message

### transposition cipher (or permutation cipher)

This cipher simply rearranges the values within a block to create the ciphertext. This can be done at the bit level or at the byte (character) level.

### XOR cipher

A cipher that the bit stream is subjected to a Boolean ____ function against some other data stream, typically a key stream

### Vernam cipher

Also known as the one-time pad, this cipher was developed at AT&T and uses a set of characters that are used for encryption operations only one time and then discarded.

### book cipher

Another cipher method, used in the occasional spy movie, is the use of text in a book as the algorithm to decrypt a message.

### symmetric encryption

In this approach to encryption, the same key—a secret key—is used to encrypt and decrypt the message.

### DES

This was developed in 1977 by IBM and is based on the Data Encryption Algorithm (DEA), which uses a 64-bit block size and a 56-bit key.

### AES

This encryption is based on the Rinjndael Block Cipher, which features a variable block length and a key length of either 128, 192, or 256 bits.

### asymmetric encryption

Also known as public key encryption, uses two different keys. Either key can be used to encrypt or decrypt

### Certificate Authority (CA)

Agency that manages issuance of certificates and serves as electronic notary public to verify their origin and integrity

### Public Key Infrastructure

The entire set of hardware, software, and cryptosystems necessary to implement public key encryption

### Privacy Enhanced Mail (PEM)

This has been proposed by the Internet Engineering Task Force (IETF) as a standard that will function with public key cryptosystems. It uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures.

### Pretty Good Privacy (PGP)

This was developed by Phil Zimmerman and uses the IDEA Cipher, a 128-bit symmetric key block encryption algorithm with 64-bit blocks for message encoding. Like PEM, it uses RSA for symmetric key exchange and to support digital signatures.

### Secure Sockets Layer (SSL)

This was developed by Netscape in 1994 to provide security for online electronic commerce transactions. It uses a number of algorithms, but mainly relies on RSA for key transfer and on IDEA, DES, or 3DES for encrypted symmetric key-based data transfer.

### Secure Shell (SSH)

This provides security for remote access connections over public networks by using tunneling, authentication services between a client and a server and is used to secure replacement tools for terminal emulation, remote management, and file transfer applications.

### IPSec

This is the primary and now dominant cryptographic authentication and encryption product of the IETF's IP Protocol Security Working Group.