(C) The set of embedded bits (the digital watermark) is sometimes
hidden, usually imperceptible, and always intended to be
unobtrusive. Depending on the particular technique that is used,
digital watermarking can assist in proving ownership, controlling
duplication, tracing distribution, ensuring data integrity, and
performing other functions to protect intellectual property
$ digitized signature
(D) ISDs SHOULD NOT use this term because there is no current
consensus on its definition. Although it appears to be used mainly
to refer to various forms of digitized images of handwritten
signatures, the term should be avoided because it might be
confused with "digital signature".
See: directory vs. Directory.
$ Directory Access Protocol (DAP)
(N) An OSI protocol [X519] for communication between a Directory
User Agent (a client) and a Directory System Agent (a server).
(See: Lightweight Directory Access Protocol.)
$ directory vs. Directory
1. (I) Not capitalized: The term "directory" refers generically to
a database server or other system that provides information--such
as a digital certificate or CRL--about an entity whose name is
2. (I) Capitalized: "Directory" refers specifically to the X.500
Directory. (See: repository.)
$ disaster plan
(D) A synonym for "contingency plan". In the interest of
consistency, ISDs SHOULD use "contingency plan" instead of
$ disclosure (i.e., unauthorized disclosure)
See: (secondary definition under) threat consequence.
$ discretionary access control (DAC)
(I) An access control service that enforces a security policy
based on the identity of system entities and their authorizations
to access system resources. (See: access control list, identity-
based security policy, mandatory access control.)
(C) This service is termed "discretionary" because an entity might
have access rights that permit the entity, by its own volition, to
enable another entity to access some resource.
(O) "A means of restricting access to objects based on the
identity of subjects and/or groups to which they belong. The
controls are discretionary in the sense that a subject with a
certain access permission is capable of passing that permission
(perhaps indirectly) on to any other subject." [DOD1]
See: (secondary definition under) threat consequence.
$ Distinguished Encoding Rules (DER)
(N) A subset of the Basic Encoding Rules, which gives exactly one
way to represent any ASN.1 value as an octet string [X690].
(C) Since there is more than one way to encode ASN.1 in BER, DER
is used in applications in which a unique encoding is needed, such
as when a digital signature is computed on an ASN.1 value.
$ distinguished name (DN)
(I) An identifier that uniquely represents an object in the X.500
Directory Information Tree (DIT) [X501]. (See: domain name.)
(C) A DN is a set of attribute values that identify the path
leading from the base of the DIT to the object that is named. An
X.509 public-key certificate or CRL contains a DN that identifies
its issuer, and an X.509 attribute certificate contains a DN or
other form of name that identifies its subject.
$ Distributed Authentication Security Service (DASS)
(I) An experimental Internet protocol [R1507] that uses
cryptographic mechanisms to provide strong, mutual authentication
services in a distributed environment.
$ distribution point
(I) An X.500 Directory entry or other information source that is
named in a v3 X.509 public-key certificate extension as a location
from which to obtain a CRL that might list the certificate.
(C) A v3 X.509 public-key certificate may have a
"cRLDistributionPoints" extension that names places to get CRLs on
which the certificate might be listed. A CRL obtained from a
distribution point may (a) cover either all reasons for which a
certificate might be revoked or only some of the reasons, (b) be
issued by either the authority that signed the certificate or some
other authority, and (c) contain revocation entries for only a
subset of the full set of certificates issued by one CA or (c')
contain revocation entries for multiple CAs.
See: distinguished name.
See: Domain Name System.
See: Domain of Interpretation.
(I) Security usage: An environment or context that is defined by a
security policy, security model, or security architecture to
include a set of system resources and the set of system entities
that have the right to access the resources. (See: domain of
interpretation, security perimeter.)
(I) Internet usage: That part of the Internet domain name space
tree [R1034] that is at or below the name the specifies the
domain. A domain is a subdomain of another domain if it is
contained within that domain. For example, D.C.B.A is a subdomain
of C.B.A. (See: Domain Name System.)
(O) MISSI usage: The domain of a MISSI CA is the set of MISSI
users whose certificates are signed by the CA.
(O) OSI usage: An administrative partition of a complex
distributed OSI system.
$ domain name
(I) The style of identifier--a sequence of case-insensitive ASCII
labels separated by dots ("bbn.com.")--defined for subtrees in the
Internet Domain Name System [R1034] and used in other Internet
identifiers, such as host names (e.g., "rosslyn.bbn.com."),
mailbox names (e.g., "email@example.com."), and URLs (e.g.,
"http://www.rosslyn.bbn.com/foo"). (See: distinguished name,
(C) The domain name space of the DNS is a tree structure in which
each node and leaf holds records describing a resource. Each node
has a label. The domain name of a node is the list of labels on
the path from the node to the root of the tree. The labels in a
domain name are printed or read left to right, from the most
specific (lowest, farthest from the root) to the least specific
(highest, closest to the root). The root's label is the null
string, so a complete domain name properly ends in a dot. The top-
level domains, those immediately below the root, include COM, EDU,
GOV, INT, MIL, NET, ORG, and two-letter country codes (such as US)
from ISO-3166. [R1591] (See: country code.)
$ Domain Name System (DNS)
(I) The main Internet operations database, which is distributed
over a collection of servers and used by client software for
purposes such as translating a domain name-style host name into an
IP address (e.g., "rosslyn.bbn.com" is "184.108.40.206") and locating
a host that accepts mail for some mailbox address. [R1034]
(C) The DNS has three major components:
- Domain name space and resource records: Specifications for the
tree-structured domain name space, and data associated with the
- Name servers: Programs that hold information about a subset of
the tree's structure and data holdings, and also hold pointers
to other name servers that can provide information from any
part of the tree.
- Resolvers: Programs that extract information from name servers
in response to client requests; typically, system routines
directly accessible to user programs.
(C) Extensions to the DNS [R2065, R2137, R2536] support (a) key
distribution for public keys needed for the DNS and for other
protocols, (b) data origin authentication service and data
integrity service for resource records, (c) data origin
authentication service for transactions between resolvers and
servers, and (d) access control of records.
$ domain of interpretation (DOI)
(I) IPsec usage: An ISAKMP/IKE DOI defines payload formats,
exchange types, and conventions for naming security-relevant
information such as security policies or cryptographic algorithms
(C) For example, see [R2407]. The DOI concept is based on work by
the TSIG's CIPSO Working Group.
(I) Security level A is said to "dominate" security level B if the
hierarchical classification level of A is greater (higher) than or
equal to that of B and the nonhierarchical categories of A include
all of those of B.
(I) A portable, physical, electronic device that is required to be
attached to a computer to enable a particular software program to
run. (See: token.)
(C) A dongle is essentially a physical key used for copy
protection of software, because the program will not run unless
the matching dongle is attached. When the software runs, it
periodically queries the dongle and quits if the dongle does not
reply with the proper authentication information. Dongles were
originally constructed as an EPROM (erasable programmable read-
only memory) to be connected to a serial input-output port of a
(I) Reduce the classification level of information in an
$ draft RFC
(D) ISDs SHOULD NOT use this term, because the Request for Comment
series is archival in nature and does not have a "draft" category.
(Instead, see: Internet Draft, Draft Standard (in Internet
See: Digital Signature Algorithm.
See: Digital Signature Standard.
$ dual control
(I) A procedure that uses two or more entities (usually persons)
operating in concert to protect a system resource, such that no
single entity acting alone can access that resource. (See: no-lone
zone, separation of duties, split knowledge.)
$ dual signature
(D) ISDs SHOULD NOT use this term except when stated as
"SET(trademark) dual signature" with the following meaning:
(O) SET usage: A single digital signature that protects two
separate messages by including the hash results for both sets in a
single encrypted value. [SET2]
(C) Generated by hashing each message separately, concatenating
the two hash results, and then hashing that value and encrypting
the result with the signer's private key. Done to reduce the
number of encryption operations and to enable verification of data
integrity without complete disclosure of the data.
See: Extensible Authentication Protocol
(I) Passive wiretapping done secretly, i.e., without the knowledge
of the originator or the intended recipients of the communication.
See: electronic codebook.
See: Elliptic Curve Digital Signature Algorithm.
$ economy of mechanism
(I) The principle that each security mechanism should be designed
to be as simple as possible, so that the mechanism can be
correctly implemented and so that it can be verified that the
operation of the mechanism enforces the containing system's
security policy. (See: least privilege.)
See: electronic data interchange.
See: (secondary definition under) electronic data interchange.
(D) ISDs SHOULD NOT use this abbreviation because of possible
confusion among "end entity", "end-to-end encryption", "escrowed
encryption standard", and other terms.
See: Escrowed Encryption Standard.
$ El Gamal algorithm
(N) An algorithm for asymmetric cryptography, invented in 1985 by
Taher El Gamal, that is based on the difficulty of calculating
discrete logarithms and can be used for both encryption and
digital signatures. [ElGa, Schn]
$ electronic codebook (ECB)
(I) An block cipher mode in which a plaintext block is used
directly as input to the encryption algorithm and the resultant
output block is used directly as ciphertext [FP081].
$ electronic commerce
(I) General usage: Business conducted through paperless exchanges
of information, using electronic data interchange, electronic
funds transfer (EFT), electronic mail, computer bulletin boards,
facsimile, and other paperless technologies.
(O) SET usage: "The exchange of goods and services for payment
between the cardholder and merchant when some or all of the
transaction is performed via electronic communication." [SET2]
$ electronic data interchange (EDI)
(I) Computer-to-computer exchange, between trading partners, of
business data in standardized document formats.
(C) EDI formats have been standardized primarily by ANSI X12 and
by EDIFACT (EDI for Administration, Commerce, and Transportation),
which is an international, UN-sponsored standard primarily used in
Europe and Asia. X12 and EDIFACT are aligning to create a single,
global EDI standard.
$ electronic signature
(D) ISDs SHOULD NOT use this term because there is no current
consensus on its definition. (Instead, see: digital signature.)
$ elliptic curve cryptography (ECC)
(I) A type of asymmetric cryptography based on mathematics of
groups that are defined by the points on a curve.
(C) The most efficient implementation of ECC is claimed to be
stronger per bit of key (against cryptanalysis that uses a brute
force attack) than any other known form of asymmetric
cryptography. ECC is based on mathematics different than the kinds
originally used to define the Diffie-Hellman algorithm and the
Digital Signature Algorithm. ECC is based on the mathematics of
groups defined by the points on a curve, where the curve is
defined by a quadratic equation in a finite field. ECC can be used
to define both an algorithm for key agreement that is an analog of
Diffie-Hellman and an algorithm for digital signature that is an
analog of DSA. (See: ECDSA.)
$ Elliptic Curve Digital Signature Algorithm (ECDSA)
(N) A standard [A9062] that is the elliptic curve cryptography
analog of the Digital Signature Algorithm.
(I) An signal (electromagnetic, acoustic, or other medium) that is
emitted by a system (through radiation or conductance) as a
consequence (i.e., byproduct) of its operation, and that may
contain information. (See: TEMPEST.)
$ emanations security (EMSEC)
(I) Physical constraints to prevent information compromise through
signals emanated by a system, particular the application of
TEMPEST technology to block electromagnetic radiation.
$ emergency plan
(D) A synonym for "contingency plan". In the interest of
consistency, ISDs SHOULD use "contingency plan" instead of
See: emanations security.
(I) An abbreviation of "Europay, MasterCard, Visa". Refers to a
specification for smart cards that are used as payment cards, and
for related terminals and applications. [EMV1, EMV2, EMV3]
$ Encapsulating Security Payload (ESP)
(I) An Internet IPsec protocol [R2406] designed to provide a mix
of security services--especially data confidentiality service--in
the Internet Protocol. (See: Authentication Header.)
(C) ESP may be used alone, or in combination with the IPsec AH
protocol, or in a nested fashion with tunneling. Security services
can be provided between a pair of communicating hosts, between a
pair of communicating security gateways, or between a host and a
gateway. The ESP header is encapsulated by the IP header, and the
ESP header encapsulates either the upper layer protocol header
(transport mode) or an IP header (tunnel mode). ESP can provide
data confidentiality service, data origin authentication service,
connectionless data integrity service, an anti-replay service, and
limited traffic flow confidentiality. The set of services depends
on the placement of the implementation and on options selected
when the security association is established.
(D) ISDs SHOULD NOT use this term as a synonym for "encrypt".
However, see the usage note under "encryption".
(D) ISDs SHOULD NOT use this term as a synonym for "encryption",
except in special circumstances that are explained in the usage
discussion under "encryption".
(I) Use a system of symbols to represent information, which might
originally have some other representation. (See: decode.)
(C) Examples include Morse code, ASCII, and BER.
(D) ISDs SHOULD NOT use this term as a synonym for "encrypt",
because encoding is not usually intended to conceal meaning.
(I) Cryptographically transform data to produce ciphertext. (See:
(I) Cryptographic transformation of data (called "plaintext") into
a form (called "ciphertext") that conceals the data's original
meaning to prevent it from being known or used. If the
transformation is reversible, the corresponding reversal process
is called "decryption", which is a transformation that restores
encrypted data to its original state. (See: cryptography.)
(C) Usage note: For this concept, ISDs should use the verb "to
encrypt" (and related variations: encryption, decrypt, and
decryption). However, because of cultural biases, some
international usage, particularly ISO and CCITT standards, avoids
"to encrypt" and instead uses the verb "to encipher" (and related
variations: encipherment, decipher, decipherment).
(O) "The cryptographic transformation of data (see: cryptography)
to produce ciphertext." [I7498 Part 2]
(C) Usually, the plaintext input to an encryption operation is
cleartext. But in some cases, the plaintext may be ciphertext that
was output from another encryption operation. (See:
(C) Encryption and decryption involve a mathematical algorithm for
transforming data. In addition to the data to be transformed, the
algorithm has one or more inputs that are control parameters: (a)
a key value that varies the transformation and, in some cases, (b)
an initialization value that establishes the starting state of the
$ encryption certificate
(I) A public-key certificate that contains a public key that is
intended to be used for encrypting data, rather than for verifying
digital signatures or performing other cryptographic functions.
C) A v3 X.509 public-key certificate may have a "keyUsage"
extension that indicates the purpose for which the certified
public key is intended.
$ end entity
(I) A system entity that is the subject of a public-key
certificate and that is using, or is permitted and able to use,
the matching private key only for a purpose or purposes other than
signing a digital certificate; i.e., an entity that is not a CA.
(D) "A certificate subject which uses its public [sic] key for
purposes other than signing certificates." [X509]
(C) ISDs SHOULD NOT use the X.509 definition, because it is
misleading and incomplete. First, the X.509 definition should say
"private key" rather than "public key" because certificates are
not usefully signed with a public key. Second, the X.509
definition is weak regarding whether an end entity may or may not
use the private key to sign a certificate, i.e., whether the
subject may be a CA. The intent of X.509's authors was that an end
entity certificate is not valid for use in verifying a signature
on an X.509 certificate or X.509 CRL. Thus, it would have been
better for the X.509 definition to have said "only for purposes
other than signing certificates".
(C) Despite the problems in the X.509 definition, the term itself
is useful in describing applications of asymmetric cryptography.
The way the term is used in X.509 implies that it was meant to be
defined, as we have done here, relative to roles that an entity
(which is associated with an OSI end system) is playing or is
permitted to play in applications of asymmetric cryptography other
than the PKI that supports applications.
(C) Whether a subject can play both CA and non-CA roles, with
either the same or different certificates, is a matter of policy.
(See: certification practice statement.) A v3 X.509 public-key
certificate may have a "basicConstraints" extension containing a
"cA" value that specifically "indicates whether or not the public
key may be used to verify certificate signatures".
$ end system
(I) An OSI term for a computer that implements all seven layers of
the OSIRM and may attach to a subnetwork. (In the context of the
Internet Protocol Suite, usually called a "host".)
$ end-to-end encryption
(I) Continuous protection of data that flows between two points in
a network, provided by encrypting data when it leaves its source,
leaving it encrypted while it passes through any intermediate
computers (such as routers), and decrypting only when the data
arrives at the intended destination. (See: link encryption,
(C) When two points are separated by multiple communication links
that are connected by one or more intermediate relays, end-to-end
encryption enables the source and destination systems to protect
their communications without depending on the intermediate systems
to provide the protection.
$ end user
(I) General usage: A system entity, usually a human individual,
that makes use of system resources, primarily for application
purposes as opposed to system management purposes.
(I) PKI usage: A synonym for "end entity"; but the term "end
entity" is preferred.
See: system entity.
(I) "The deliberate planting of apparent flaws in a system for the
purpose of detecting attempted penetrations or confusing an
intruder about which flaws to exploit." [FP039] (See: honey pot.)
$ ephemeral key
(I) A public key or a private key that is relatively short-lived.
(See: session key.)
$ error detection code
(I) A checksum designed to detect, but not correct, accidental
(i.e., unintentional) changes in data.
$ Escrowed Encryption Standard (EES)
(N) A U.S. Government standard [FP185] that specifies use of a
symmetric encryption algorithm (SKIPJACK) and a Law Enforcement
Access Field (LEAF) creation method to implement part of a key
escrow system that provides for decryption of encrypted
telecommunications when interception is lawfully authorized.
(C) Both SKIPJACK and the LEAF are to be implemented in equipment
used to encrypt and decrypt unclassified, sensitive
See: Encapsulating Security Payload.
(N) A language (ISO 9074-1989) for formal specification of
computer network protocols.
$ evaluated products list
(O) General usage: A list of information system equipment items
that have been evaluated against, and found to be compliant with,
a particular set of criteria.
(O) U.S. Department of Defense usage: The Evaluated Products List
(http://www.radium.ncsc.mil/tpep/epl/) contains items that have
been evaluated against the TCSEC by the NCSC, or against the
Common Criteria by the NCSC or one of its partner agencies in
another county. The List forms Chapter 4 of NSA's "Information
Systems Security Products and Services Catalogue".
$ evaluated system
(I) Refers to a system that has been evaluated against security
criteria such as the TCSEC or the Common Criteria.
See: certificate expiration.
See: (secondary definition under) threat consequence.
$ Extensible Authentication Protocol
(I) A framework that supports multiple, optional authentication
mechanisms for PPP, including cleartext passwords, challenge-
response, and arbitrary dialog sequences. [R2284]
(C) This protocol is intended for use primarily by a host or
router that connects to a PPP network server via switched circuits
or dial-up lines.
(I) A data item defined for optional inclusion in a v3 X.509
public-key certificate or a v2 X.509 CRL.
(C) The formats defined in X.509 can be extended to provide
methods for associating additional attributes with subjects and
public keys and for managing a certification hierarchy:
- "Certificate extension": X.509 defines standard extensions that
may be included in v3 certificates to provide additional key
and security policy information, subject and issuer attributes,
and certification path constraints.
- "CRL extension": X.509 defines extensions that may be included
in v2 CRLs to provide additional issuer key and name
information, revocation reasons and constraints, and
information about distribution points and delta CRLs.
- "Private extension": Additional extensions, each named by an
OID, can be locally defined as needed by applications or
communities. (See: PKIX private extension, SET private
(I) A computer network that an organization uses to carry
application data traffic between the organization and its business
partners. (See: intranet.)
(C) An extranet can be implemented securely, either on the
Internet or using Internet technology, by constructing the
extranet as a VPN.
$ fail safe
(I) A mode of system termination that automatically leaves system
processes and components in a secure state when a failure occurs
or is detected in the system.
$ fail soft
(I) Selective termination of affected non-essential system
functions and processes when a failure occurs or is detected in
$ failure control
(I) A methodology used to provide fail-safe or fail-soft
termination and recovery of functions and processes when failures
are detected or occur in a system. [FP039]
$ Federal Information Processing Standards (FIPS)
(N) The Federal Information Processing Standards Publication (FIPS
PUB) series issued by the U.S. National Institute of Standards and
Technology as technical guidelines for U.S. Government
procurements of information processing system equipment and
services. [FP031, FP039, FP046, FP081, FP102, FP113, FP140, FP151,
FP180, FP185, FP186, FP188]
(C) Issued under the provisions of section 111(d) of the Federal
Property and Administrative Services Act of 1949 as amended by the
Computer Security Act of 1987, Public Law 100-235.
$ Federal Public-key Infrastructure (FPKI)
(N) A PKI being planned to establish facilities, specifications,
and policies needed by the U.S. Federal Government to use public-
key certificates for INFOSEC, COMSEC, and electronic commerce
involving unclassified but sensitive applications and interactions
between Federal agencies as well as with entities of other
branches of the Federal Government, state, and local governments,
business, and the public. [FPKI]
$ Federal Standard 1027
(N) An U.S. Government document defining emanation, anti-tamper,
security fault analysis, and manual key management criteria for
DES encryption devices, primary for OSI layer 2. Was renamed "FIPS
PUB 140" when responsibility for protecting unclassified,
sensitive information was transferred from NSA to NIST, and then
was superseded by FIPS PUB 140-1.
$ File Transfer Protocol (FTP)
(I) A TCP-based, application-layer, Internet Standard protocol
[R0959] for moving data files from one computer to another.
$ filtering router
(I) An internetwork router that selectively prevents the passage
of data packets according to a security policy.
(C) A filtering router may be used as a firewall or part of a
firewall. A router usually receives a packet from a network and
decides where to forward it on a second network. A filtering
router does the same, but first decides whether the packet should
be forwarded at all, according to some security policy. The policy
is implemented by rules (packet filters) loaded into the router.
The rules mostly involve values of data packet control fields
(especially IP source and destination addresses and TCP port
$ financial institution
(N) "An establishment responsible for facilitating customer-
initiated transactions or transmission of funds for the extension
of credit or the custody, loan, exchange, or issuance of money."
(I) A pattern of curves formed by the ridges on a fingertip. (See:
biometric authentication, thumbprint.)
(D) ISDs SHOULD NOT use this term as a synonym for "hash result"
because it mixes concepts in a potentially misleading way.
(D) ISDs SHOULD NOT use this term with the following PGP
definition, because the term and definition mix concepts in a
potentially misleading way and duplicate the meaning of "hash
(O) PGP usage: A hash result used to authenticate a public key
(key fingerprint) or other data. [PGP]
See: Federal Information Processing Standards.
$ FIPS PUB 140-1
(N) The U.S. Government standard [FP140] for security requirements
to be met by a cryptographic module used to protect unclassified
information in computer and communication systems. (See: Common
Criteria, FIPS, Federal Standard 1027.)
(C) The standard specifies four increasing levels (from "Level 1"
to "Level 4") of requirements to cover a wide range of potential
applications and environments. The requirements address basic
design and documentation, module interfaces, authorized roles and
services, physical security, software security, operating system
security, key management, cryptographic algorithms,
electromagnetic interference and electromagnetic compatibility
(EMI/EMC), and self-testing. NIST and the Canadian Communication
Security Establishment jointly certify modules.
(I) An internetwork gateway that restricts data communication
traffic to and from one of the connected networks (the one said to
be "inside" the firewall) and thus protects that network's system
resources against threats from the other network (the one that is
said to be "outside" the firewall). (See: guard, security
(C) A firewall typically protects a smaller, secure network (such
as a corporate LAN, or even just one host) from a larger network
(such as the Internet). The firewall is installed at the point
where the networks connect, and the firewall applies security
policy rules to control traffic that flows in and out of the
(C) A firewall is not always a single computer. For example, a
firewall may consist of a pair of filtering routers and one or
more proxy servers running on one or more bastion hosts, all
connected to a small, dedicated LAN between the two routers. The
external router blocks attacks that use IP to break security (IP
address spoofing, source routing, packet fragments), while proxy
servers block attacks that would exploit a vulnerability in a
higher layer protocol or service. The internal router blocks
traffic from leaving the protected network except through the
proxy servers. The difficult part is defining criteria by which
packets are denied passage through the firewall, because a
firewall not only needs to keep intruders out, but usually also
needs to let authorized users in and out.
(I) Computer programs and data stored in hardware--typically in
read-only memory (ROM) or programmable read-only memory (PROM)--
such that the programs and data cannot be dynamically written or
modified during execution of the programs. (See: hardware,
See: Forum of Incident Response and Security Teams.
$ flaw hypothesis methodology
(I) An evaluation or attack technique in which specifications and
documentation for a system are analyzed to hypothesize flaws in
the system. The list of hypothetical flaws is prioritized on the
basis of the estimated probability that a flaw exists and,
assuming it does, on the ease of exploiting it and the extent of
control or compromise it would provide. The prioritized list is
used to direct a penetration test or attack against the system.
(I) An attack that attempts to cause a failure in (especially, in
the security of) a computer system or other data processing entity
by providing more input than the entity can process properly.
(See: denial of service.)
$ flow analysis
(I) An analysis performed on a nonprocedural formal system
specification that locates potential flows of information between
system variables. By assigning security levels to the variables,
the analysis can find some types of covert channels.
$ flow control
(I) A procedure or technique to ensure that information transfers
within a system are not made from one security level to another
security level, and especially not from a higher level to a lower
level. (See: covert channel, simple security property, confinement
$ formal specification
(I) A specification of hardware or software functionality in a
computer-readable language; usually a precise mathematical
description of the behavior of the system with the aim of
providing a correctness proof.
(I) A technique for enabling a decision to grant or deny access to
be made dynamically at the time the access is attempted, rather
than earlier when an access control list or ticket is created.
(N) A registered trademark of NSA, used for a family of
interoperable security products that implement a NIST/NSA-approved
suite of cryptographic algorithms for digital signature, hash,
encryption, and key exchange. The products include a PC card that
contains a CAPSTONE chip, serial port modems, server boards, smart
cards, and software implementations.
$ Forum of Incident Response and Security Teams (FIRST)
(N) An international consortium of CSIRTs that work together to
handle computer security incidents and promote preventive
activities. (See: CSIRT, security incident.)
(C) FIRST was founded in 1990 and, as of September 1999, had
nearly 70 members spanning the globe. Its mission includes:
- Provide members with technical information, tools, methods,
assistance, and guidance.
- Coordinate proactive liaison activities and analytical support.
- Encourage development of quality products and services.
- Improve national and international information security for
government, private industry, academia, and the individual.
- Enhance the image and status of the CSIRT community.
$ forward secrecy
See: public-key forward secrecy.
See: Federal Public-Key Infrastructure.
See: File Transfer Protocol.
(I) A relay mechanism that attaches to two (or more) computer
networks that have similar functions but dissimilar
implementations and that enables host computers on one network to
communicate with hosts on the other; an intermediate system that
is the interface between two computer networks. (See: bridge,
firewall, guard, internetwork, proxy server, router, and
(C) In theory, gateways are conceivable at any OSI layer. In
practice, they operate at OSI layer 3 (see: bridge, router) or
layer 7 (see: proxy server). When the two networks differ in the
protocol by which they offer service to hosts, the gateway may
translate one protocol into another or otherwise facilitate
interoperation of hosts (see: Internet Protocol).
See: geopolitical certificate authority.
(N) The ASN.1 data type "GeneralizedTime" (specified in ISO 8601)
contains a calendar date (YYYYMMDD) and a time of day, which is
either (a) the local time, (b) the Coordinated Universal Time, or
(c) both the local time and an offset allowing Coordinated
Universal Time to be calculated. (See: Coordinated Universal Time,
$ Generic Security Service Application Program Interface (GSS-API)
(I) An Internet Standard protocol [R2078] that specifies calling
conventions by which an application (typically another
communication protocol) can obtain authentication, integrity, and
confidentiality security services independently of the underlying
security mechanisms and technologies, thus allowing the
application source code to be ported to different environments.
(C) "A GSS-API caller accepts tokens provided to it by its local
GSS-API implementation and transfers the tokens to a peer on a
remote system; that peer passes the received tokens to its local
GSS-API implementation for processing. The security services
available through GSS-API in this fashion are implementable (and
have been implemented) over a range of underlying mechanisms based
on [symmetric] and [asymmetric cryptography]." [R2078]
$ geopolitical certificate authority (GCA)
(O) SET usage: In a SET certification hierarchy, an optional level
that is certified by a BCA and that may certify cardholder CAs,
merchant CAs, and payment gateway CAs. Using GCAs enables a brand
to distribute responsibility for managing certificates to
geographic or political regions, so that brand policies can vary
between regions as needed.
$ Green Book
(D) Except as an explanatory appositive, ISDs SHOULD NOT use this
term as a synonym for "Defense Password Management Guideline"
[CSC2]. Instead, use the full proper name of the document or, in
subsequent references, a conventional abbreviation. (See: Rainbow
(D) Usage note: To improve international comprehensibility of
Internet Standards and the Internet Standards Process, ISDs SHOULD
NOT use "cute" synonyms for document titles. No matter how popular
and clearly understood a nickname may be in one community, it is
likely to cause confusion in others. For example, several other
information system standards also are called "the Green Book". The
following are some examples:
- Each volume of 1992 ITU-T (at that time, CCITT) standards.
- "PostScript Language Program Design", Adobe Systems, Addison-
- IEEE 1003.1 POSIX Operating Systems Interface.
- "Smalltalk-80: Bits of History, Words of Advice", Glenn
Krasner, Addison-Wesley, 1983.
- "X/Open Compatibility Guide".
- A particular CD-ROM format developed by Phillips.
(I) A contraction of "Guidelines and Recommendations for Security
Incident Processing", the name of the IETF working group that
seeks to facilitate consistent handling of security incidents in
the Internet community. (See: security incident.)
(C) Guidelines to be produced by the WG will address technology
vendors, network service providers, and response teams in their
roles assisting organizations in resolving security incidents.
These relationships are functional and can exist within and across
See: Generic Security Service Application Program Interface.
(I) A gateway that is interposed between two networks (or
computers, or other information systems) operating at different
security levels (one level is usually higher than the other) and
is trusted to mediate all information transfers between the two
levels, either to ensure that no sensitive information from the
first (higher) level is disclosed to the second (lower) level, or
to protect the integrity of data on the first (higher) level.
$ guest login
See: anonymous login.
(I) Generic Upper Layer Security service element (ISO 11586), a
five-part standard for the exchange of security information and
security-transformation functions that protect confidentiality and
integrity of application data.
(I) Someone with a strong interest in computers, who enjoys
learning about them and experimenting with them. (See: cracker.)
(C) The recommended definition is the original meaning of the term
(circa 1960), which then had a neutral or positive connotation of
"someone who figures things out and makes something cool
happen". Today, the term is frequently misused, especially by
journalists, to have the pejorative meaning of cracker.
(I) (1.) Verb: Perform processing operations on data, such as
receive and transmit, collect and disseminate, create and delete,
store and retrieve, read and write, and compare. (2.) Noun: An on-
line pseudonym, particularly one used by a cracker; derived from
citizens band radio culture.
(I) The material physical components of a computer system. (See:
$ hardware token
$ hash code
(D) ISDs SHOULD NOT use this term (especially not as a synonym for
"hash result") because it mixes concepts in a potentially
misleading way. A hash result is not a "code" in any sense defined
by this glossary. (See: code, hash result, hash value, message
$ hash function
(I) An algorithm that computes a value based on a data object
(such as a message or file; usually variable-length; possibly very
large), thereby mapping the data object to a smaller data object
(the "hash result") which is usually a fixed-size value. (See:
checksum, keyed hash.)
(O) "A (mathematical) function which maps values from a large
(possibly very large) domain into a smaller range. A 'good' hash
function is such that the results of applying the function to a
(large) set of values in the domain will be evenly distributed
(and apparently at random) over the range." [X509]
(C) The kind of hash function needed for security applications is
called a "cryptographic hash function", an algorithm for which it
is computationally infeasible (because no attack is significantly
more efficient than brute force) to find either (a) a data object
that maps to a pre-specified hash result (the "one-way" property)
or (b) two data objects that map to the same hash result (the
"collision-free" property). (See: MD2, MD4, MD5, SHA-1.)
(C) A cryptographic hash is "good" in the sense stated in the "O"
definition for hash function. Any change to an input data object
will, with high probability, result in a different hash result, so
that the result of a cryptographic hash makes a good checksum for
a data object.
$ hash result
(I) The output of a hash function. (See: hash code, hash value.)
(O) "The output produced by a hash function upon processing a
message" (where "message" is broadly defined as "a digital
representation of data"). [ABA] (The recommended definition is
compatible with this ABA definition, but we avoid the unusual
definition of "message".)
$ hash value
(D) ISDs SHOULD NOT use this term (especially not as a synonym for
"hash result", the output of a hash function) because it might be
confused with "hashed value" (the input to a hash function). (See:
hash code, hash result, message digest.)
$ hierarchical PKI
(I) A PKI architecture based on a certification hierarchy. (See:
mesh PKI, trust-file PKI.)
$ hierarchy management
(I) The process of generating configuration data and issuing
public-key certificates to build and operate a certification
$ hierarchy of trust
(D) ISDs SHOULD NOT use this term with regard to PKI, especially
not as a synonym for "certification hierarchy", because this term
mixes concepts in a potentially misleading way. (See:
certification hierarchy, trust, web of trust.)
$ hijack attack
(I) A form of active wiretapping in which the attacker seizes
control of a previously established communication association.
(See: man-in-the-middle attack, pagejacking, piggyback attack.)
(I) A keyed hash [R2104] that can be based on any iterated
cryptographic hash (e.g., MD5 or SHA-1), so that the cryptographic
strength of HMAC depends on the properties of the selected
cryptographic hash. (See: [R2202, R2403, R2404].)
(C) Assume that H is a generic cryptographic hash in which a
function is iterated on data blocks of length B bytes. L is the
length of the of hash result of H. K is a secret key of length L
<= K <= B. The values IPAD and OPAD are fixed strings used as
inner and outer padding and defined as follows: IPAD = the byte
0x36 repeated B times, OPAD = the byte 0x5C repeated B times. HMAC
is computed by H(K XOR OPAD, H(K XOR IPAD, inputdata)).
(C) The goals of HMAC are as follows:
- To use available cryptographic hash functions without
modification, particularly functions that perform well in
software and for which software is freely and widely available.
- To preserve the original performance of the selected hash
without significant degradation.
- To use and handle keys in a simple way.
- To have a well-understood cryptographic analysis of the
strength of the mechanism based on reasonable assumptions about
the underlying hash function.
- To enable easy replacement of the hash function in case a
faster or stronger hash is found or required.
$ honey pot
(I) A system (e.g., a web server) or a system resource (e.g., a
file on a server), that is designed to be attractive to potential
crackers and intruders, like honey is attractive to bears. (See:
(D) It is likely that other cultures have different metaphors for
this concept. To ensure international understanding, ISDs should
not use this term unless they also provide an explanation like
this one. (See: (usage note under) Green Book.)
(I) General computer network usage: A computer that is attached to
a communication subnetwork or internetwork and can use services
provided by the network to exchange data with other attached
systems. (See: end system.)
(I) Specific Internet Protocol Suite usage: A networked computer
that does not forward Internet Protocol packets that are not
addressed to the computer itself. (See: router.)
(C) Derivation: As viewed by its users, a host "entertains"
guests, providing application layer services or access to other
computers attached to the network. However, even though some
traditional peripheral service devices, such as printers, can now
be independently connected to networks, they are not usually
See: Hypertext Markup Language.
See: Hypertext Transfer Protocol.
(I) When used in the first part of a URL (the part that precedes
the colon and specifies an access scheme or protocol), this term
specifies the use of HTTP enhanced by a security mechanism, which
is usually SSL. (See: S-HTTP.)
$ hybrid encryption
(I) An application of cryptography that combines two or more
encryption algorithms, particularly a combination of symmetric and
asymmetric encryption. (E.g., see: digital envelope.)
(C) Asymmetric algorithms require more computation than
equivalently strong symmetric ones. Thus, asymmetric encryption is
not normally used for data confidentiality except in distributing
symmetric keys in applications where the key data is usually short
(in terms of bits) compared to the data it protects. (E.g., see:
MSP, PEM, PGP.)
(I) In hypertext or hypermedia, an information object (such as a
word, a phrase, or an image; usually highlighted by color or
underscoring) that points (indicates how to connect) to related
information that is located elsewhere and can be retrieved by
activating the link (e.g., by selecting the object with a mouse
pointer and then clicking).
(I) A generalization of hypertext; any media that contain
hyperlinks that point to material in the same or another data
(I) A computer document, or part of a document, that contains
hyperlinks to other documents; i.e., text that contains active
pointers to other text. Usually written in Hypertext Markup
Language and accessed using a web browser. (See: hypermedia.)
$ Hypertext Markup Language (HTML)
(I) A platform-independent system of syntax and semantics for
adding characters to data files (particularly text files) to
represent the data's structure and to point to related data, thus
creating hypertext for use in the World Wide Web and other
$ Hypertext Transfer Protocol (HTTP)
(I) A TCP-based, application-layer, client-server, Internet
protocol [R2616] used to carry data requests and responses in the
World Wide Web. (See: hypertext.)
See: Internet Architecture Board.
See: Internet Assigned Numbers Authority.
See: Internet Corporation for Assigned Names and Numbers.
See: Internet Control Message Protocol.
$ ICMP flood
(I) A denial of service attack that sends a host more ICMP echo
request ("ping") packets than the protocol implementation can
handle. (See: flooding, smurf.)
See: indirect certificate revocation list.
See: International Data Encryption Algorithm.
(I) An act or process that presents an identifier to a system so
that the system can recognize a system entity and distinguish it
from other entities. (See: authentication.)
$ Identification Protocol
(I) An client-server Internet protocol [R1413] for learning the
identity of a user of a particular TCP connection.
(C) Given a TCP port number pair, the server returns a character
string that identifies the owner of that connection on the
server's system. The protocol is not intended for authorization or
access control. At best, it provides additional auditing
information with respect to TCP.
$ identity-based security policy
(I) "A security policy based on the identities and/or attributes
of users, a group of users, or entities acting on behalf of the
users and the resources/objects being accessed." [I7498 Part 2]
(See: rule-based security policy.)
See: Institute of Electrical and Electronics Engineers, Inc.
$ IEEE 802.10
(N) An IEEE committee developing security standards for local area
networks. (See: SILS.)
$ IEEE P1363
(N) An IEEE working group, Standard for Public-Key Cryptography,
developing a comprehensive reference standard for asymmetric
cryptography. Covers discrete logarithm (e.g., DSA), elliptic
curve, and integer factorization (e.g., RSA); and covers key
agreement, digital signature, and encryption.
See: Internet Engineering Steering Group.
See: Internet Engineering Task Force.
See: IPsec Key Exchange.
See: Internet Message Access Protocol, version 4.
$ IMAP4 AUTHENTICATE
(I) A IMAP4 "command" (better described as a transaction type, or
a protocol-within-a-protocol) by which an IMAP4 client optionally
proposes a mechanism to an IMAP4 server to authenticate the client
to the server and provide other security services. (See: POP3.)
(C) If the server accepts the proposal, the command is followed by
performing a challenge-response authentication protocol and,
optionally, negotiating a protection mechanism for subsequent POP3
interactions. The security mechanisms that are used by IMAP4
AUTHENTICATE--including Kerberos, GSSAPI, and S/Key--are described
$ in the clear
(I) Not encrypted. (See: cleartext.)
$ indirect certificate revocation list (ICRL)
(I) In X.509, a CRL that may contain certificate revocation
notifications for certificates issued by CAs other than the issuer
of the ICRL.
(I) An attribute of an encryption algorithm that is a
formalization of the notion that the encryption of some string is
indistinguishable from the encryption of an equal-length string of
(C) Under certain conditions, this notion is equivalent to
(I) Facts and ideas, which can be represented (encoded) as various
forms of data.
$ Information Technology Security Evaluation Criteria (ITSEC)
(N) Standard developed for use in the European Union; accommodates
a wider range of security assurance and functionality combinations
than the TCSEC. Superseded by the Common Criteria. [ITSEC]
(I) Abbreviation for "information security", referring to security
measures that implement and assure security services in computer
systems (i.e., COMPUSEC) and communication systems (i.e., COMSEC).
$ initialization value (IV)
(I) An input parameter that sets the starting state of a
cryptographic algorithm or mode. (Sometimes called "initialization
vector" or "message indicator".)
(C) An IV can be used to introduce cryptographic variance in
addition to that provided by a key (see: salt), and to synchronize
one cryptographic process with another. For an example of the
latter, cipher block chaining mode requires an IV. [R2405]
$ initialization vector
(D) For consistency, ISDs SHOULD NOT use this term as a synonym
for "initialization value".
$ insider attack
See: (secondary definition under) attack.
$ Institute of Electrical and Electronics Engineers, Inc. (IEEE)
(N) The IEEE is a not-for-profit association of more than 330,000
individual members in 150 countries. The IEEE produces 30 percent
of the world's published literature in electrical engineering,
computers, and control technology; holds annually more than 300
major conferences; and has more than 800 active standards with 700
under development. (See: Standards for Interoperable LAN/MAN
See: data integrity, correctness integrity, source integrity,
$ integrity check
(D) ISDs SHOULD NOT use this term as a synonym for "cryptographic
hash" or "protected checksum", because this term unnecessarily
duplicates the meaning of other, well-established terms.
$ intelligent threat
(I) A circumstance in which an adversary has the technical and
operational capability to detect and exploit a vulnerability and
also has the demonstrated, presumed, or inferred intent to do so.
$ International Data Encryption Algorithm (IDEA)
(N) A patented, symmetric block cipher that uses a 128-bit key and
operates on 64-bit blocks. [Schn] (See: symmetric cryptography.)
$ International Standard
See: (secondary definition under) ISO.
$ International Traffic in Arms Regulations (ITAR)
(N) Rules issued by the U.S. State Department, by authority of the
Arms Export Control Act (22 U.S.C. 2778), to control export and
import of defense articles and defense services, including
information security systems, such as cryptographic systems, and
TEMPEST suppression technology. (See: Wassenaar Arrangement.)
See: internet vs. Internet.
$ Internet Architecture Board (IAB)
(I) A technical advisory group of the ISOC, chartered by the ISOC
Trustees to provide oversight of Internet architecture and
protocols and, in the context of Internet Standards, a body to
which decisions of the IESG may be appealed. Responsible for
approving appointments to the IESG from among nominees submitted
by the IETF nominating committee. [R2026]
$ Internet Assigned Numbers Authority (IANA)
(I) From the early days of the Internet, the IANA was chartered by
the ISOC and the U.S. Government's Federal Network Council to be
the central coordination, allocation, and registration body for
parameters for Internet protocols. Superseded by ICANN.
$ Internet Control Message Protocol (ICMP)
(I) An Internet Standard protocol [R0792] that is used to report
error conditions during IP datagram processing and to exchange
other information concerning the state of the IP network.
$ Internet Corporation for Assigned Names and Numbers (ICANN)
(I) The non-profit, private corporation that has assumed
responsibility for the IP address space allocation, protocol
parameter assignment, domain name system management, and root
server system management functions formerly performed under U.S.
Government contract by IANA and other entities.
(C) The Internet Protocol Suite, as defined by the IETF and the
IESG, contains numerous parameters, such as internet addresses,
domain names, autonomous system numbers, protocol numbers, port
numbers, management information base object identifiers, including
private enterprise numbers, and many others. The Internet
community requires that the values used in these parameter fields
be assigned uniquely. ICANN makes those assignments as requested
and maintains a registry of the current values.
(C) ICANN was formed in October 1998, by a coalition of the
Internet's business, technical, and academic communities. The U.S.
Government designated ICANN to serve as the global consensus
entity with responsibility for coordinating four key functions for
the Internet: the allocation of IP address space, the assignment
of protocol parameters, the management of the DNS, and the
management of the DNS root server system.
$ Internet Draft
(I) A working document of the IETF, its areas, and its working
groups. (Other groups may also distribute working documents as
Internet Drafts.) An Internet Draft is not an archival document
like an RFC is. Instead, an Internet Draft is a preliminary or
working document that is valid for a maximum of six months and may
be updated, replaced, or made obsolete by other documents at any
time. It is inappropriate to use an Internet Draft as reference
material or to cite it other than as "work in progress."
$ Internet Engineering Steering Group (IESG)
(I) The part of the ISOC responsible for technical management of
IETF activities and administration of the Internet Standards
Process according to procedures approved by the ISOC Trustees.
Directly responsible for actions along the "standards track",
including final approval of specifications as Internet Standards.
Composed of IETF Area Directors and the IETF chairperson, who also
chairs the IESG. [R2026]
$ Internet Engineering Task Force (IETF)
(I) A self-organized group of people who make contributions to the
development of Internet technology. The principal body engaged in
developing Internet Standards, although not itself a part of the
ISOC. Composed of Working Groups, which are arranged into Areas
(such as the Security Area), each coordinated by one or more Area
Directors. Nominations to the IAB and the IESG are made by a
committee selected at random from regular IETF meeting attendees
who have volunteered. [R2026, R2323]
$ Internet Message Access Protocol, version 4 (IMAP4)
(I) An Internet protocol [R2060] by which a client workstation can
dynamically access a mailbox on a server host to manipulate and
retrieve mail messages that the server has received and is holding
for the client. (See: POP3.)
(C) IMAP4 has mechanisms for optionally authenticating a client to
a server and providing other security services. (See: IMAP4
$ Internet Policy Registration Authority (IPRA)
(I) An X.509-compliant CA that is the top CA of the Internet
certification hierarchy operated under the auspices of the ISOC
[R1422]. (See: (PEM usage under) certification hierarchy.)
$ Internet Protocol (IP)
(I) A Internet Standard protocol (version 4 [R0791] and version 6
[R2460]) that moves datagrams (discrete sets of bits) from one
computer to another across an internetwork but does not provide
reliable delivery, flow control, sequencing, or other end-to-end
services that TCP provides. (See: IP address, TCP/IP.)
(C) In the OSIRM, IP would be located at the top of layer 3.
$ Internet Protocol security (IPsec)
(I) (1.) The name of the IETF working group that is specifying a
security architecture [R2401] and protocols to provide security
services for Internet Protocol traffic. (2.) A collective name for
that architecture and set of protocols. (Implementation of IPsec
protocols is optional for IP version 4, but mandatory for IP
version 6.) (See: Internet Protocol Security Option.)
(C) Note that the letters "sec" are lower-case.
(C) The IPsec architecture specifies (a) security protocols (AH
and ESP), (b) security associations (what they are, how they work,
how they are managed, and associated processing), (c) key
management (IKE), and (d) algorithms for authentication and
encryption. The set of security services include access control
service, connectionless data integrity service, data origin
authentication service, protection against replays (detection of
the arrival of duplicate datagrams, within a constrained window),
data confidentiality service, and limited traffic flow
$ Internet Protocol Security Option (IPSO)
(I) Refers to one of three types of IP security options, which are
fields that may be added to an IP datagram for the purpose of
carrying security information about the datagram. (See: IPsec.)
(D) ISDs SHOULD NOT use this term without a modifier to indicate
which of the three types is meant.