|
AGHBBs Glossary -
Security Information Security Glossary This section
commonly used information security and IT security
terminology.
AES algorithm
AES (Advanced Encryption
Standard) is a cryptographic algorithm. It is a symmetric
algorithm (in other words it uses the same key for encryption
and decryption). AES, originally called Rijndael, was selected
through a public competition to be approved for protecting
(encrypting) information for all industry and commerce by the
US National Institute for Science and Technology (NIST). It
has been subjected to considerable scrutiny by government
scientists and academics to check that it has no obvious
weaknesses, and is considered to be the strongest protection
of its type currently available. Safe Soft Corporation
software uses the AES in Cipher Block Chaining Mode with 128-
and 256-bit key length.
Algorithm
A mathematical
expression used to encrypt or decrypt information. When
information is to be encrypted or decrypted by computer, a
mathematical process is followed by which it is transformed
into a form that is, for all practical intents and purposes,
impossible for anyone to understand unless they have the key
used in the transformation.
Asymmetric
encryption
An algorithm that uses one key to encrypt
information but requires a different (related) key to decrypt
that information. This is also referred to as public key
cryptography. Because the key used to encrypt information
cannot decrypt it, something very useful can be done. You can
make one of the two keys available to anyone - the public key.
The other key you must keep to yourself. Provided people know
your public key, anyone receiving information that decrypts
with your public key knows that the information must have come
from you. More than that, if you encrypt something with
someone else's public key you can be certain that only they
can access is, regardless of who else sees the encrypted
information. These features have created the concepts of PKI
and non-repudiation.
Authenticity
A piece of
information has authenticity when it can be shown to come from
the expected person or place, and when the content of the
information appears, as far as is obvious, to be correct for
the circumstances involved.
Blowfish
Blowfish is a
fast encryption algorithm designed by Bruce Schneier. Bruce
Schneier is well-know as a president of Counterpane Systems, a
security consulting firm, and author of Applied Cryptography:
Protocols, Algorithms, and Source Code in C, Second Edition
(John Wiley & Sons, 1996).
The Blowfish encryption
algorithm was specially designed to encrypt data on 32-bit
microprocessor. It is significantly faster than DES and GOST
when implemented on 32-bit microprocessors, such as the
Pentium or Power PC. The original Blowfish paper was presented
at the First Fast Software Encryption workshop in Cambridge,
UK (proceedings published by Springer-Verlag, Lecture Notes in
Computer Science #809, 1994) and the April 1994 issue of Dr.
Dobbs Journal. Blowfish--One Year Later appeared in the
September 1995 issue of Dr. Dobb's Journal. Safe Soft
Corporation software uses the Blowfish in Cipher Block
Chaining Mode with 128-, 256- and 448-bit key length.
Certificate
A certificate, in the PKI sense, is an
electronic record that contains information about the person,
organization or device that owns it and about the authority
that issued it. Its main use is to certify the
owner/controller of a public key. All public keys have
certificate information attached to them. The sort of
information a certificate can contain is an e-mail address, an
identifier of the controller (maybe their name, home or work
address), information about the cryptography being used, how
long the certificate is valid for and the source of any
information if the certificate is cancelled. Certificates may
be issued by their owners (self-signed), the organization they
belong to, or they may be issued by other organizations. See
also trusted authorities.
Certificate chain
The
links between a certificate and the original source of its
authenticity. This corresponds to the 'trust hierarchy' by
which each link in the chain gains its authority to make
statements about the identity to which a certificate refers.
(The government says what are tax offices, the tax offices say
who tax inspectors are, and so on.) As a result, it is
possible to see the links between all the organizations
involved in vouching for the authority of the final
certificate holder. Usually a certificate chain links the
certificate you have been presented with to a root
certificate. See also root certificate, trusted authorities.
Confidentiality/privacy
These are two different,
but interlinked topics. Confidentiality is the ability to
protect information such that only people authorized are able
to use it. Privacy is the right to control (usually to limit
or forbid) the use of information. Privacy may use
confidentiality measures in order to achieve that control.
Sometimes this is related to digital rights management when
information is computerized. Digital rights management allows
the provider of information do decide what the recipient can
and cannot do with that information (usually for a price).
Cryptography
Literally, the word means the art of
secret writing. It means the conversion of writing into a form
that cannot be understood without specific knowledge.
(Cryptography started long before computers, with the ancient
Egyptians. Computers have simply helped to automate the
processes.) Cryptography is not the only method you can use to
communicate information secretly. Steganography is a technique
for hiding information inside other information (a picture
with a person wearing a hat has one meaning, and the same
picture with the person not wearing a hat has a different
meaning).
Digital signature
Unlike the handwritten
signature, which does not change very much over time, the
digital signature is unique to every document that is signed.
The digital signature makes use of the fact that, using an
algorithm, it is possible to calculate a unique numeric value
for any given document. This value can be encrypted using an
asymmetric algorithm presenting a private key, and adding a
public key certificate. This collection of items is the
'digital signature'. Quite a bit more complicated that a
handwritten one. However, unlike the handwritten signature,
anyone can, using the public key and its associated
certificate, decrypt the unique value. Also, they can
calculate that value for themselves by using the same
algorithm. If the two values are equal they can be certain of
two things. That the owner/controller of the private key
'signed' the document and that the document has not been
altered or forged. In its way, then, the digital signature is
much more powerful than the handwritten signature because it
can prevent any change to a document after it has been
digitally signed.
DES, Triple DES (3DES)
USA Data
Encryption standard (FIPS 46). Operates on 64-bit blocks by
successively modifying half of the bits with a function of the
other half. DES encrypts one block in 16 rounds. DES uses
56-bit keys. Triple DES or 3DES is three - pass DES
modification. Safe Soft Corporation software uses the 3DES in
Cipher Block Chaining Mode with 168-bit key length.
Decryption
This is the reversing of encryption,
where a piece of information that has been encrypted
(ciphertext) is converted back into plaintext. See also
encryption, cryptography.
Encryption
The process of
protecting information by making it impossible for anyone who
is not authorized to read that information in a useable form.
Encryption is done on a computer by transforming the
information to be encrypted (plaintext) using a key and
producing ciphertext. If a suitable algorithm and key have
been used, the ciphertext is, for all practical purposes,
impossible to use in any way at all unless it is first
decrypted. See also decryption, algorithm, cryptography.
El Gamal Algorithm
A popular asymmetric encryption
algorithm invented by Taher El Gamal in 1985. Named after its
author and based on discrete logarithms, El Gamal is used for
encryption and digital signatures. Safe Soft Corporation
software uses the El Gamal Algorithm with 2048- and 4096-bit
key length.
FIPS (Federal Information Processing
Standard)
The National Institute for Science and Technology
of the USA publish standards for Federal organizations. These
are also generally used by US businesses. They are not
standards in the same way as British Standards Institute (BSI)
or American National Standards Institute (ANSI), but
nevertheless have a considerable influence on industry and
commerce as well as government. Many of the standard published
deal with aspects of computer security, including the use of
algorithms and cryptography.
Hashing / hash algorithm
This is a mathematical process, similar in many respects to
encryption and sometimes referred to as one-way encryption.
Information (some text, a web page, a file) can be processed
by the algorithm. Some algorithms also require a key, just
like encryption. The algorithm processes the information and
calculates a number that is unique to the original
information. According to the standards it should be
'collision free' - that is that no two pieces of information
should ever produce the same value. Hashing is useful, because
once a value has been calculated it is impossible to alter the
information without detection since hashing the altered file
cannot produce the original calculated value.
Integrity
A piece of information has integrity when
you can show that it has not been altered (either by accident
or as a result of hacking) without you being aware of the
fact.
Interoperability
Generally, the ability to
understand the form and format of information received and to
be able to respond to that information in the manner expected
by the sender. For instance, devices that can plug into and
use correctly the cigarette lighter socket in a car can be
said to be interoperable with the cigarette lighter.
Key length / strength
The key length for an
algorithm is the number of bits (binary digits) that the key
value occupies. With computerised algorithms it is often
considered to be a measure of the strength of the algorithm
(the more bits the better). Generally speaking, for
implementations of internationally recognized algorithms this
is the case.
Password
In computer systems this is a
series of characters that are entered secretly (they are not
displayed) in order to prove the identity of a specific user.
Passwords are important because they are often used in
cryptographic systems as a key that gives access to private
keys. As a result, a password should never be shown or given
to anyone else, even if they seem to have a reason to need the
password. Passwords are normally chosen by the user, and there
may be rules about how passwords are chosen. These may include
specification about the use of letters, numbers, 'special'
characters such as ()+= and so on. They may also forbid re-use
within a particular timeframe. Generally passwords are
recommended to be longer than six characters, should not be
common words or readily identifiable to their user, should
contain special characters and should not contain repeating or
consecutive characters.
Passphrase
An alternative
to the password, the passphrase is usually longer. The
advantages of a passphrase over a password are that, because
it is longer, it cannot be readily guessed by watching the
user over their shoulder whilst they type, and dictionary
attacks are of little use since the length and content of the
passphrase is very hard to predict. As a result, passphrases
do not have to be changed as often as passwords. The
disadvantages are that they are long and take time to enter,
few systems really cater for them, and the user must be a good
typist or they will spend all day trying to get the passphrase
right.
Private key
This is one of the two keys used
in 'public key cryptography', also referred to as asymmetric
cryptography. They are called public and private because for
the system to work, one of the related keys must be kept
private - it must not be disclosed to anyone other than its
controller, whilst the other key must be made public - that is
must be available to anyone that needs to contact the
owner/controller of the matching private key or needs to check
a digital signature that appears to come from them.
Protected
Throughout ArticSoft products, the term
protected is used to mean that information cannot be accessed
(used) if it has been protected, unless the user has the
necessary authority. Protection is applied using cryptography.
When information is protected it is encrypted. The
cryptographic key needed to remove that protection is made
available to authorized users. Once it is in their keystore,
they will be able to access (view) that protected information.
See also cryptography.
Public key
See private key.
Public Key Infrastructure (PKI)
This is a concept
where it is theoretically possible to obtain the public key of
any person that you wish to communicate securely with over a
public communications network such as the Internet, and where
it is possible to verify the accuracy of the information being
presented by anyone offering a 'public key certificate' as a
means of proving their identity. A number of problems wait to
be resolved before such an infrastructure becomes generally
available and generally respected. At the time of writing it
is possible to verify the identity of a number of
organizations, and it is expected that over time it will be
possible to extend this to include people as well as
organizations.
Signing
Unlike a handwritten
signature, which is written onto, and thus becomes part of the
document to which it relates, signing electronic information
is rather different. To sign a piece of information, a hash of
the information is created using a hashing algorithm. The hash
is then encrypted using the private key for an asymmetric
algorithm. The public key certificate for the private key is
appended to the encrypted hash value. These correspond to the
signature on the information.
Symmetric
algorithm
This is an encryption algorithm where the same
key is used for both encryption and decryption (unlike
asymmetric where different keys are used). The key used in a
symmetric algorithm is often called a secret key because it
has to be kept secret by all users of the system, unlike a
public key that has to be made available to everyone.
Virtual drive
Virtual drive is a virtual device
created and managed by the Able Disk driver. Virtual drives
are used to access the encrypted data and files stored in
containers.
.......................................................................................................
AGH AGHBBs
Group It - All Rights Reserved. Privacy Policy - Contact
Us |
