Term
|
Definition
| Involves replacing units in the plaintext with different ciphertext. Typically rotates or scrambles letters of the alphabet. |
|
|
Term
|
Definition
| Units in this cipher stay the same in plaintext and ciphertexr but their order is changed, according to some mechanism. |
|
|
Term
|
Definition
| Any cipher implemented using a machine |
|
|
Term
|
Definition
| Depends on the fact that some letters and groups of letters appear more frequently in natural language than others. Substitution and transposition are vulnerable to cracking by this analysis. Still used in modern cryptanalysis |
|
|
Term
|
Definition
| based on mathematical algorithms ro perform extremely complex transpositions and substitutions. |
|
|
Term
|
Definition
| increases security of the encryption process, a message cannot be decrypted without knowledge of the specific key even if the cipher method is known |
|
|
Term
|
Definition
| range key values available to use with an algorithm, equivalent to 2 to the power of the size of the key. |
|
|
Term
|
Definition
| is an encryption key itself. consists of exactly the same amount of characters as the plaintext and must be generated by a truly random algorithm. hardest key to break |
|
|
Term
|
Definition
| developing field of cryptography and cryptanalysis based on quantum physics. |
|
|
Term
| Secure Hash Algorithm (SHA) |
|
Definition
Developed by the NSA to address weaknesses in MDA.
SHA-1 160-bit digest
SHA-2 using longer digests (up to 512 bits) |
|
|
Term
| Message Digest Algorithm (MDA) |
|
Definition
MD5 128-bit hash
not as secure as SHA-1 but performs better in popular OS |
|
|
Term
|
Definition
| RIPEMD-160 offers similar performance and encryption strength to SHA-1 |
|
|
Term
|
Definition
| Plaintext is divided into equal-size blocks(usually 64- or 128-bit). If there is not enough data in the plaintext, it is padded to the correct size using some string defined by the algorithm |
|
|
Term
|
Definition
| the key should not be derived from the ciphertext. uses substitution units called S-boxes, each S-box operates differently and is determined by the key |
|
|
Term
|
Definition
| if any one bit of plaintext is changed, half of them should change as a result |
|
|
Term
|
Definition
| each bit or byte of data in the plaintext is encrypted one at a time. this is not predetermined but calculated from the key |
|
|
Term
| Data Encryption Standard (DES/3DES) |
|
Definition
uses 64-bit block cipher and a 56-bit key.
3DES is encrypted 3 times using different keys(typically key1 then key2 and then key1 again) |
|
|
Term
| Advanced Encryption Standard (AES) |
|
Definition
| uses 128-bit block cipher and 128-, 192-, or 256-bit key |
|
|
Term
|
Definition
RC4 is a stream cipher uses a variable length key(40 to 2048-bit).
RC5 is a block cipher(32-, 64-, or 128-bit) |
|
|
Term
| International Data Encryption Algorithm (IDEA) |
|
Definition
| 64-bit block and 128-bit key. |
|
|
Term
|
Definition
| 64-bit block and 32-448 bit key |
|
|
Term
|
Definition
| 128-bit block and up to a 256 bit key |
|
|
Term
|
Definition
| 64-bit block 40-128 bit key |
|
|
Term
|
Definition
| uses a single secret key to encrypt and decrypt data. |
|
|
Term
|
Definition
| public key is used to decrypt data while a secret private key is used to encrypt data |
|
|
Term
|
Definition
group 1 (768-bit)
group 2 (1024-bit)
group 5 (1536-bit)
group 2048 (2048-bit) |
|
|
Term
|
Definition
| block sizes and key lengths are variable according to the application, with larger keys offering more security. |
|
|
Term
| Elliptic Curve Cryptopgraphy (ECC) |
|
Definition
| algorithm for low power devices such as cell phones and PDAs |
|
|
Term
|
Definition
| used to prove the identity of the sender of a message |
|
|
Term
|
Definition
| does not protect the contents of a message, provides a layer of confidentiality |
|
|
Term
|
Definition
| The process of using both a secret-key and public key |
|
|
Term
|
Definition
made for 2 reasons:
*to decipher encrypted data without authorization
*to impersonate a person or organization by appropriating their digital signature or certificate |
|
|
Term
|
Definition
| attempts every possible combination in the key space in order to derive a plaintext from a ciphertext. keyspace is determined by the number of bits used |
|
|
Term
|
Definition
| guesses the likely value of the plaintext by enumerating values in the dictionary rather than attempting to compute every possible value |
|
|
Term
|
Definition
| uses a precomputed lookup table of all possible passwords and their matching hashes |
|
|
Term
|
Definition
| a key may be generated from a password, if the password is weak, an attacker may be able to guess or crack the password to derive the key |
|
|
Term
|
Definition
| by studying physical properties of the cryptographic system, information may be deduced about how it works |
|
|
Term
|
Definition
the container document or file is called the covertext.
obscures the presence of a file within a file, information is usually embedded where you would not expect to find it. |
|
|
Term
|
Definition
users trust certificates issued by that CA and no other
disadvantage: restricted to users in a single organization(cannot model different relationships between user groups) |
|
|
Term
|
Definition
Single CA(root) issues certificates to a number of intermediate CAs which issue certificates to leaf CAs which issue certificates to users.
advantage: Root can have multiple policies; disadvantage: single point of failure |
|
|
Term
|
Definition
each root CA can issue certificates to other CAs and trust certificates issued by these CAs
advantage: cross-certification; disadvantage: not scalable to a large number of CAs |
|
|
Term
|
Definition
| root CAs can establish a trust relationship through an intermediate bridge CA |
|
|
Term
|
Definition
| users sign one anothers certificates, there is no need for central administration so the system has to be self-policing to weed out malicious users. |
|
|
Term
|
Definition
| the server authenticates to the client and the client authenticates to the server |
|
|
Term
|
Definition
| spoofing a website to imitate a target bank or ecommerce providers secure website, then emailing users of the genuine website informing them that their account must be updated, supplying a disguised link that actually leads to their spoofed site. |
|
|
Term
|
Definition
| a phishing attack that is done over a voice channel(telephone or VoIP) |
|
|
Term
|
Definition
| a phishing scam where the attacker has some information that makes the target more likely to be fooled by the attack |
|
|
Term
|
Definition
| redirecting users from a legitimate website to a malicious one. |
|
|
Term
|
Definition
| program desgined to replicate and spread amongst computers, usually by "infecting" executable applications or program code |
|
|
Term
|
Definition
| memory-resident viruses that replicate over network resources |
|
|
Term
|
Definition
| waits for a preconfigured time or date or system or user event to trigger |
|
|
Term
|
Definition
| program or script designed to spawn a large number of processes |
|
|
Term
|
Definition
| program that pretends to be something else. many function as a backdoor application |
|
|
Term
|
Definition
| monitors user activity and sends the information to someone else |
|
|
Term
|
Definition
| any type of software or browser plug-in that displays advertisments |
|
|
Term
|
Definition
| hard to detect trojan, changes core system files, often at the kernel level, so that GUI browsers and scanning tools no longer reveal their presence, they also contain tools for cleaning system logs |
|
|
Term
|
Definition
| an access method that is installed without the user knowledge, or a hole in software applications from testing or misconfiguration |
|
|
Term
|
Definition
| unsolicited email meassages |
|
|
Term
|
Definition
| spam over instant messaging or VoIP |
|
|
Term
|
Definition
| software that uses a database of known virus patterns plus heuristic malware identification techniques to try to identif infected files and prevent viruses from spreading |
|
|
Term
|
Definition
| intercepts commands from anti-virus software and passes the software a clean version of the file; or jump from file-to-file ahead of the virus scanner |
|
|
Term
|
Definition
| polymorphic or metamorphic virus attempts to change itself to avoid detection |
|
|
Term
|
Definition
| the virus code is protected, making it difficult for anti-virus software to analyze it |
|
|
Term
|
Definition
| seeks to disable the anti-virus software |
|
|
Term
| slow and sparse infectors |
|
Definition
| replicate slowly to stay under the radar |
|
|
Term
|
Definition
application = application
presentation = application
session = application
transport = transport
network = internet
data link = link/network interface
physical = link/network interface |
|
|
Term
| link/ network interface layer |
|
Definition
| defines the hosts connection to the network. comprised of the hardware and software involved in the interchange of frames between computers |
|
|
Term
|
Definition
| provides addressing and routing functions, uses a number of protocols to ensure the delivery of packets |
|
|
Term
|
Definition
| provides communication between the source and destination computers and breaks application layer information into segments. |
|
|
Term
|
Definition
| the layer at which most tcp/ip services protocols are implemented |
|
|
Term
| footprinting and fingerprinting |
|
Definition
| an attack that tries to learn the configuration of a network while fingerprinting targets a specific host |
|
|
Term
|
Definition
| an attack where the attacker imitates some sort of resource that the victim thinks is genuine |
|
|
Term
|
Definition
| the attacker captures data packets that contain authentication data and resends the packet to try to re-establish the session |
|
|
Term
|
Definition
| an attack where the attacker sits between two communicating hosts, and transparently monitors, captures, and relays all communication between the hosts |
|
|
Term
|
Definition
| an attack that cause a service at a given host to fail or become unavailable to legitimate users |
|
|
Term
|
Definition
| a DoS attack that is launched from multiple computers, usually done because the attackers resources could be far less than those of the victim |
|
|
Term
|
Definition
|
|
Term
|
Definition
| a computer that is used to distribute a DoS attack |
|
|
Term
|
Definition
| used to facilitate eavesdropping. 2 main functions: traffic analysis, and packet capture/analysis/transmission |
|
|
Term
|
Definition
| another redirection attack, but it aims to corrupt the records held by the DNS server |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Firewall port for remote desktop |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| currently considered the strongest type of authentication. protected against sniffing, password-guessing(dictionary), and man-in-the-middle attacks |
|
|
Term
|
Definition
| used in most wireless network authentication products. protected against sniffing, password-guessing(dictionary), and man-in-the-middle attacks. cheaper than EAP-TLS |
|
|
Term
|
Definition
| cisco's proprietary version of EAP. vulnerable to password-guessing(dictionary attacks). |
|
|
Term
|
Definition
| a secure hash of a user password. cannot provide mutual authentication. not suitable for use over insecure networks; vulnerable to man-in-the-middle attacks |
|
|
Term
|
Definition
| means that certain information should only be known to certain people |
|
|
Term
|
Definition
| means that the data is stored and transferred as intended and that any modification is authorized |
|
|
Term
|
Definition
| means that information is accessible to those authorized to view or modify it |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| gives oversight of the information system |
|
|
Term
|
Definition
| probes a router by setting flags in a TCP packet all at once |
|
|
Term
|
Definition
| subverts the TCP handshake process by withholding the client's ACK packet. |
|
|
Term
|
Definition
| an attacker generates a large number of HTTP requests or SMTP mail messages designed to overwhelm the server |
|
|
Term
|
Definition
| the client spoofs the victim's IP address and pings the broadcst address of a third-party network, each host directs its echo responses to the victim server |
|
|
Term
|
Definition
| works by broadcasting unsolicited ARP reply packets, the recieving devices trust this communication and update their MAC:IP address cache table with the spoofed address |
|
|
Term
|
Definition
| compromises the victim's DNS server; replaces valid IP addresses for a trusted website with the attacker's IP address |
|
|
Term
|
Definition
| redirection attack that aims to corrupt the records held by the DNS server itself to redirect traffic for a |
|
|
