Term
|
Definition
| Set of rules for executing a transfer; Has the objectives of liveness (e.g., A has what B had and vice versa) and safety (e.g., neither gives without getting) |
|
|
Term
|
Definition
| Protection of information systems against unauthorized access of modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users including those measures necessary to detect, document, and counter such threats |
|
|
Term
|
Definition
| Includes viruses (replicates itself as part of executable programs), worms (replicates across computers), and trojan horses (appears to do something useful but conceals malicious code) |
|
|
Term
| Four ways to protect against malicious code |
|
Definition
1. Network level - firewalls, detect anomalies
2. Operating system level - use antivirus tools, multiple levels of authorization so virus cannot execute with unbounded priveleges
3. Program execution environment level - run downloaded code in a "sandbox", run only certified or proof-carrying code
4. User level - use conservative security configurations, install only trustworthy programs |
|
|
Term
|
Definition
| Establishing that the agent has a particular identity, then authorize performance based on identity - Examples include a login to gate entry to service provider; B uses A's public key to validate signature |
|
|
Term
|
Definition
| User types in password, possession of secure device (key), or physical measurement (biometrics) |
|
|
Term
|
Definition
| Scheme designed to control knowledge effects of messages |
|
|
Term
|
Definition
| Theory and practice of designing cryptosystems |
|
|
Term
|
Definition
| Theory and practice of undermining cryptosystems |
|
|
Term
|
Definition
| The combination of cryptography and cryptanalysis - theory and practice of designing and undermining cryptosystems |
|
|
Term
| Parts of secure communication |
|
Definition
1. message (M)
2. message space (*M*)
3. plaintext - direct encoding of the original message (M)
4. Ciphertext (C) - a transformation of the plaintext
5. Ciphertext space (*C*) - language of all possible message transformations |
|
|
Term
|
Definition
| Function from message space to ciphertext space C = E(M) |
|
|
Term
|
Definition
| Function from cyphertext to message space, D(E(M)) = M |
|
|
Term
|
Definition
| Symmetric, sender and receiver share a secret (the key), and the issue is arranging the secret and maintaining its security |
|
|
Term
|
Definition
Uses a key (K) that is the same size as message (M), this method is perfectly resistent to cryptanalysis
1. E(K,M) = XOR(K,M)
2. D(K,C) = XOR(K,C)
3. D(K,E(K,M) = XOR(K,XOR(K,M) = M |
|
|
Term
|
Definition
| No shared secrets, each agent has two keys: a public key known to everyone and a private key known only to agent; Keys are related but nobody can figure out private from knowledge of public; Can encrypt for an agent knowing only its public key and can only be decrypted with knowledge of private key |
|
|
Term
|
Definition
| Easy to compute and infeasible to invert |
|
|
Term
|
Definition
| Encrypting a message with senders' private key, can be decrypted with sender's public key; typically sign with only a fingerprint, produced by one-way hash function |
|
|
Term
|
Definition
| Ciphertext only (passive), known plaintext, chosen plaintext (public-key), chosen ciphertext, rubber hose |
|
|
Term
|
Definition
| First public-key cryptosystem; most prevalent in use today; works by selecting two large random prime numbers p and q; let n = p q; public key is (e,n) and private key is (d,n); to encrypt message M: E(M) = M^e(mod n); to decrypt ciphertext C: D(C)=C^d(mod n); hinges on difficulty of deriving d from knowledge of (e,n) |
|
|
Term
|
Definition
| In one-way functions, it is an additional piece of information that would make it easy to invert |
|
|
Term
|
Definition
| a protocol participant trusted by all others; generally disinterested; sometimes called an arbitrator; can simplify protocol design but may cause delay, expense, vulnerability; e.g. key distribution center |
|
|
Term
|
Definition
| An established shared secret between A and B used only for limited time |
|
|
Term
|
Definition
1. A sends first half of encrypted message
2. B sends first half of encrypted message
3. A sends second half of encrpd message
4. B sends second half of encrpd message
This way M cannot carry off agent-in-middle attack without being detected |
|
|
Term
|
Definition
| Digitally sign message certifying when signed |
|
|
Term
|
Definition
| A and B want to share an algorithm, so A commits to a secret, then B shares, then they open A's secret |
|
|
Term
|
Definition
| A and B want to share an algorithm, so A commits to a secret, then B shares, then they open A's secret |
|
|
Term
|
Definition
| Information about which knowledge is limited to specific agents |
|
|
Term
| Symmetric and Asymmetric secrets |
|
Definition
| Shared secrets, and secrets where only one agent knows but another can verify |
|
|
Term
|
Definition
| Evidence beyond identity - includes recommendation by third parties, guarantees of good behavior, and past behavior; includes credentials and policies to specify the credentials sufficient to grant operation requests |
|
|
Term
|
Definition
| Occupying resources so that other authorized users cannot be served |
|
|
Term
|
Definition
| Resides in macros/scripts that are embedded in document files; documents have executable facilities as well |
|
|
Term
|
Definition
| Automatically replicates across computers; special case of virus that does not require human action to replicate, exploits some property of the context to get itself to run |
|
|
Term
|
Definition
| A says I want to authenticate as A, B responds with random message R, A sends back a signed version (Sign(A,R)); eavsdropper reads message but cannot authenticae as A |
|
|
