tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Gloss.     Arch.     IMS     UICC    |    Misc.    |    search     info

RFC 4949


Internet Security Glossary, Version 2

Part 5 of 13, p. 99 to 130
Prev RFC Part       Next RFC Part


prevText      Top      Up      ToC       Page 99 
   $ decode
      1. (I) Convert encoded data back to its original form of
      representation. (Compare: decrypt.)

      2. (D) Synonym for "decrypt".

      Deprecated Definition: Encoding is not usually meant to conceal
      meaning. Therefore, IDOCs SHOULD NOT use this term as a synonym
      for "decrypt", because that would mix concepts in a potentially
      misleading way.

   $ decrypt
      (I) Cryptographically restore cipher text to the plaintext form it
      had before encryption.

   $ decryption
      (I) See: secondary definition under "encryption".

   $ dedicated security mode
      (I) A mode of system operation wherein all users having access to
      the system possess, for all data handled by the system, both (a)
      all necessary authorizations (i.e., security clearance and formal
      access approval) and (b) a need-to-know. (See: /system operation/
      under "mode", formal access approval, need to know, protection
      level, security clearance.)

      Usage: Usually abbreviated as "dedicated mode". This mode was
      defined in U.S. Government policy on system accreditation, but the
      term is also used outside the Government. In this mode, the system
      may handle either (a) a single classification level or category of
      information or (b) a range of levels and categories.

   $ default account
      (I) A system login account (usually accessed with a user
      identifier and password) that has been predefined in a
      manufactured system to permit initial access when the system is
      first put into service. (See: harden.)

      Tutorial: A default account becomes a serious vulnerability if not
      properly administered. Sometimes, the default identifier and
      password are well-known because they are the same in each copy of
      the system. In any case, when a system is put into service, any
      default password should immediately be changed or the default
      account should be disabled.

   $ defense in depth
      (N) "The siting of mutually supporting defense positions designed
      to absorb and progressively weaken attack, prevent initial

Top      Up      ToC       Page 100 
      observations of the whole position by the enemy, and [enable] the
      commander to maneuver the reserve." [JP1]

      Tutorial: In information systems, defense in depth means
      constructing a system's security architecture with layered and
      complementary security mechanisms and countermeasures, so that if
      one security mechanism is defeated, one or more other mechanisms
      (which are "behind" or "beneath" the first mechanism) still
      provide protection.

      This architectural concept is appealing because it aligns with
      traditional warfare doctrine, which applies defense in depth to
      physical, geospatial structures; but applying the concept to
      logical, cyberspace structures of computer networks is more
      difficult. The concept assumes that networks have a spatial or
      topological representation. It also assumes that there can be
      implemented -- from the "outer perimeter" of a network, through
      its various "layers" of components, to its "center" (i.e., to the
      subscriber application systems supported by the network) -- a
      varied series of countermeasures that together provide adequate
      protection. However, it is more difficult to map the topology of
      networks and make certain that no path exists by which an attacker
      could bypass all defensive layers.

   $ Defense Information Infrastructure (DII)
      (O) /U.S. DoD/ The U.S. DoD's shared, interconnected system of
      computers, communications, data, applications, security, people,
      training, and support structures, serving information needs
      worldwide. (See: DISN.) Usage: Has evolved to be called the GIG.

      Tutorial: The DII connects mission support, command and control,
      and intelligence computers and users through voice, data, imagery,
      video, and multimedia services, and provides information
      processing and value-added services to subscribers over the DISN.
      Users' own data and application software are not considered part
      of the DII.

   $ Defense Information Systems Network (DISN)
      (O) /U.S. DoD/ The U.S. DoD's consolidated, worldwide, enterprise
      level telecommunications infrastructure that provides end-to-end
      information transfer for supporting military operations; a part of
      the DII. (Compare: GIG.)

   $ degauss
      1a. (N) Apply a magnetic field to permanently remove data from a
      magnetic storage medium, such as a tape or disk [NCS25]. (Compare:
      erase, purge, sanitize.)

Top      Up      ToC       Page 101 
      1b. (N) Reduce magnetic flux density to zero by applying a
      reversing magnetic field. (See: magnetic remanence.)

   $ degausser
      (N) An electrical device that can degauss magnetic storage media.

   $ DEK
      (I) See: data encryption key.

   $ delay
      (I) /packet/ See: secondary definition under "stream integrity

   $ deletion
      (I) /packet/ See: secondary definition under "stream integrity

   $ deliberate exposure
      (I) /threat action/ See: secondary definition under "exposure".

   $ delta CRL
      (I) A partial CRL that only contains entries for certificates that
      have been revoked since the issuance of a prior, base CRL [X509].
      This method can be used to partition CRLs that become too large
      and unwieldy. (Compare: CRL distribution point.)

   $ demilitarized zone (DMZ)
      (D) Synonym for "buffer zone".

      Deprecated Term: IDOCs SHOULD NOT use this term because it mixes
      concepts in a potentially misleading way. (See: Deprecated Usage
      under "Green Book".)

   $ denial of service
      (I) The prevention of authorized access to a system resource or
      the delaying of system operations and functions. (See:
      availability, critical, flooding.)

      Tutorial: A denial-of-service attack can prevent the normal
      conduct of business on the Internet. There are four types of
      solutions to this security problem:
      -  Awareness: Maintaining cognizance of security threats and
         vulnerabilities. (See: CERT.)
      -  Detection: Finding attacks on end systems and subnetworks.
         (See: intrusion detection.)
      -  Prevention: Following defensive practices on network-connected
         systems. (See: [R2827].)

Top      Up      ToC       Page 102 
      -  Response: Reacting effectively when attacks occur. (See: CSIRT,
         contingency plan.)

   $ DES
      (N) See: Data Encryption Standard.

   $ designated approving authority (DAA)
      (O) /U.S. Government/ Synonym for "accreditor".

   $ detection
      (I) See: secondary definition under "security".

   $ deterrence
      (I) See: secondary definition under "security".

   $ dictionary attack
      (I) An attack that uses a brute-force technique of successively
      trying all the words in some large, exhaustive list.

      Examples: Attack an authentication service by trying all possible
      passwords. Attack an encryption service by encrypting some known
      plaintext phrase with all possible keys so that the key for any
      given encrypted message containing that phrase may be obtained by

   $ Diffie-Hellman
   $ Diffie-Hellman-Merkle
      (N) A key-agreement algorithm published in 1976 by Whitfield
      Diffie and Martin Hellman [DH76, R2631].

      Usage: The algorithm is most often called "Diffie-Hellman".
      However, in the November 1978 issue of "IEEE Communications
      Magazine", Hellman wrote that the algorithm "is a public key
      distribution system, a concept developed by [Ralph C.] Merkle, and
      hence should be called 'Diffie-Hellman-Merkle' ... to recognize
      Merkle's equal contribution to the invention of public key

      Tutorial: Diffie-Hellman-Merkle does key establishment, not
      encryption. However, the key that it produces may be used for
      encryption, for further key management operations, or for any
      other cryptography.

      The algorithm is described in [R2631] and [Schn]. In brief, Alice
      and Bob together pick large integers that satisfy certain
      mathematical conditions, and then use the integers to each
      separately compute a public-private key pair. They send each other
      their public key. Each person uses their own private key and the

Top      Up      ToC       Page 103 
      other person's public key to compute a key, k, that, because of
      the mathematics of the algorithm, is the same for each of them.
      Passive wiretapping cannot learn the shared k, because k is not
      transmitted, and neither are the private keys needed to compute k.

      The difficulty of breaking Diffie-Hellman-Merkle is considered to
      be equal to the difficulty of computing discrete logarithms modulo
      a large prime. However, without additional mechanisms to
      authenticate each party to the other, a protocol based on the
      algorithm may be vulnerable to a man-in-the-middle attack.

   $ digest
      See: message digest.

   $ digital certificate
      (I) A certificate document in the form of a digital data object (a
      data object used by a computer) to which is appended a computed
      digital signature value that depends on the data object. (See:
      attribute certificate, public-key certificate.)

      Deprecated Usage: IDOCs SHOULD NOT use this term to refer to a
      signed CRL or CKL. Although the recommended definition can be
      interpreted to include other signed items, the security community
      does not use the term with those meanings.

   $ digital certification
      (D) Synonym for "certification".

      Deprecated Definition: IDOCs SHOULD NOT use this definition unless
      the context is not sufficient to distinguish between digital
      certification and another kind of certification, in which case it
      would be better to use "public-key certification" or another
      phrase that indicates what is being certified.

   $ digital document
      (I) An electronic data object that represents information
      originally written in a non-electronic, non-magnetic medium
      (usually ink on paper) or is an analogue of a document of that

   $ digital envelope
      (I) A combination of (a) encrypted content data (of any kind)
      intended for a recipient and (b) the content encryption key in an
      encrypted form that has been prepared for the use of the

Top      Up      ToC       Page 104 
      Usage: In IDOCs, the term SHOULD be defined at the point of first
      use because, although the term is defined in PKCS #7 and used in
      S/MIME, it is not widely known.

      Tutorial: Digital enveloping is not simply a synonym for
      implementing data confidentiality with encryption; digital
      enveloping is a hybrid encryption scheme to "seal" a message or
      other data, by encrypting the data and sending both it and a
      protected form of the key to the intended recipient, so that no
      one other than the intended recipient can "open" the message. In
      PKCS #7, it means first encrypting the data using a symmetric
      encryption algorithm and a secret key, and then encrypting the
      secret key using an asymmetric encryption algorithm and the public
      key of the intended recipient. In S/MIME, additional methods are
      defined for encrypting the content encryption key.

   $ Digital ID(service mark)
      (D) Synonym for "digital certificate".

      Deprecated Term: IDOCs SHOULD NOT use this term. It is a service
      mark of a commercial firm, and it unnecessarily duplicates the
      meaning of a better-established term. (See: credential.)

   $ digital key
      (D) Synonym for an input parameter of a cryptographic algorithm or
      other process. (See: key.)

      Deprecated Usage: The adjective "digital" need not be used with
      "key" or "cryptographic key", unless the context is insufficient
      to distinguish the digital key from another kind of key, such as a
      metal key for a door lock.

   $ digital notary
      (I) An electronic functionary analogous to a notary public.
      Provides a trusted timestamp for a digital document, so that
      someone can later prove that the document existed at that point in
      time; verifies the signature(s) on a signed document before
      applying the stamp. (See: notarization.)

   $ digital signature
      1. (I) A value computed with a cryptographic algorithm and
      associated with a data object in such a way that any recipient of
      the data can use the signature to verify the data's origin and
      integrity. (See: data origin authentication service, data
      integrity service, signer. Compare: digitized signature,
      electronic signature.)

Top      Up      ToC       Page 105 
      2. (O) "Data appended to, or a cryptographic transformation of, a
      data unit that allows a recipient of the data unit to prove the
      source and integrity of the data unit and protect against forgery,
      e.g. by the recipient." [I7498-2]

      Tutorial: A digital signature should have these properties:
      -  Be capable of being verified. (See: validate vs. verify.)
      -  Be bound to the signed data object in such a way that if the
         data is changed, then when an attempt is made to verify the
         signature, it will be seen as not authentic. (In some schemes,
         the signature is appended to the signed object as stated by
         definition 2, but in other it, schemes is not.)
      -  Uniquely identify a system entity as being the signer.
      -  Be under the signer's sole control, so that it cannot be
         created by any other entity.

      To achieve these properties, the data object is first input to a
      hash function, and then the hash result is cryptographically
      transformed using a private key of the signer. The final resulting
      value is called the digital signature of the data object. The
      signature value is a protected checksum, because the properties of
      a cryptographic hash ensure that if the data object is changed,
      the digital signature will no longer match it. The digital
      signature is unforgeable because one cannot be certain of
      correctly creating or changing the signature without knowing the
      private key of the supposed signer.

      Some digital signature schemes use an asymmetric encryption
      algorithm (e.g., "RSA") to transform the hash result. Thus, when
      Alice needs to sign a message to send to Bob, she can use her
      private key to encrypt the hash result. Bob receives both the
      message and the digital signature. Bob can use Alice's public key
      to decrypt the signature, and then compare the plaintext result to
      the hash result that he computes by hashing the message himself.
      If the values are equal, Bob accepts the message because he is
      certain that it is from Alice and has arrived unchanged. If the
      values are not equal, Bob rejects the message because either the
      message or the signature was altered in transit.

      Other digital signature schemes (e.g., "DSS") transform the hash
      result with an algorithm (e.g., "DSA", "El Gamal") that cannot be
      directly used to encrypt data. Such a scheme creates a signature
      value from the hash and provides a way to verify the signature
      value, but does not provide a way to recover the hash result from
      the signature value. In some countries, such a scheme may improve
      exportability and avoid other legal constraints on usage. Alice
      sends the signature value to Bob along with both the message and
      its hash result. The algorithm enables Bob to use Alice's public

Top      Up      ToC       Page 106 
      signature key and the signature value to verify the hash result he
      receives. Then, as before, he compares that hash result she sent
      to the one that he computes by hashing the message himself.

   $ Digital Signature Algorithm (DSA)
      (N) An asymmetric cryptographic algorithm for a digital signature
      in the form of a pair of large numbers. The signature is computed
      using rules and parameters such that the identity of the signer
      and the integrity of the signed data can be verified. (See: DSS.)

   $ Digital Signature Standard (DSS)
      (N) The U.S. Government standard [FP186] that specifies the DSA.

   $ digital watermarking
      (I) Computing techniques for inseparably embedding unobtrusive
      marks or labels as bits in digital data -- text, graphics, images,
      video, or audio -- and for detecting or extracting the marks

      Tutorial: A "digital watermark", i.e., the set of embedded bits,
      is sometimes hidden, usually imperceptible, and always intended to
      be unobtrusive. Depending on the particular technique that is
      used, digital watermarking can assist in proving ownership,
      controlling duplication, tracing distribution, ensuring data
      integrity, and performing other functions to protect intellectual
      property rights. [ACM]

   $ digitized signature
      (D) Denotes various forms of digitized images of handwritten
      signatures. (Compare: digital signature).

      Deprecated Term: IDOCs SHOULD NOT use this term without including
      this definition. This term suggests careless use of "digital
      signature", which is the term standardized by [I7498-2]. (See:
      electronic signature.)

   $ DII
      (O) See: Defense Information Infrastructure.

   $ direct attack
      (I) See: secondary definition under "attack". (Compare: indirect

   $ directory, Directory
      1. (I) /not capitalized/ Refers generically to a database server
      or other system that stores and provides access to values of
      descriptive or operational data items that are associated with the
      components of a system. (Compare: repository.)

Top      Up      ToC       Page 107 
      2. (N) /capitalized/ Refers specifically to the X.500 Directory.
      (See: DN, X.500.)

   $ Directory Access Protocol (DAP)
      (N) An OSI protocol [X519] for communication between a Directory
      User Agent (a type of X.500 client) and a Directory System Agent
      (a type of X.500 server). (See: LDAP.)

   $ disaster plan
      (O) Synonym for "contingency plan".

      Deprecated Term: IDOCs SHOULD NOT use this term; instead, for
      consistency and neutrality of language, IDOCs SHOULD use
      "contingency plan".

   $ disclosure
      See: unauthorized disclosure. Compare: exposure.

   $ discretionary access control
      1a. (I) An access control service that (a) enforces a security
      policy based on the identity of system entities and the
      authorizations associated with the identities and (b) incorporates
      a concept of ownership in which access rights for a system
      resource may be granted and revoked by the entity that owns the
      resource. (See: access control list, DAC, identity-based security
      policy, mandatory access control.)

      Derivation: This service is termed "discretionary" because an
      entity can be granted access rights to a resource such that the
      entity can by its own volition enable other entities to access the

      1b. (O) /formal model/ "A means of restricting access to objects
      based on the identity of subjects and/or groups to which they
      belong. The controls are discretionary in the sense that a subject
      with a certain access permission is capable of passing that
      permission (perhaps indirectly) on to any other subject." [DoD1]

   $ DISN
      (O) See: Defense Information Systems Network (DISN).

   $ disruption
      (I) A circumstance or event that interrupts or prevents the
      correct operation of system services and functions. (See:
      availability, critical, system integrity, threat consequence.)

Top      Up      ToC       Page 108 
      Tutorial: Disruption is a type of threat consequence; it can be
      caused by the following types of threat actions: incapacitation,
      corruption, and obstruction.

   $ Distinguished Encoding Rules (DER)
      (N) A subset of the Basic Encoding Rules that always provides only
      one way to encode any data structure defined by ASN.1. [X690].

      Tutorial: For a data structure defined abstractly in ASN.1, BER
      often provides for encoding the structure into an octet string in
      more than one way, so that two separate BER implementations can
      legitimately produce different octet strings for the same ASN.1
      definition. However, some applications require all encodings of a
      structure to be the same, so that encodings can be compared for
      equality. Therefore, DER is used in applications in which unique
      encoding is needed, such as when a digital signature is computed
      on a structure defined by ASN.1.

   $ distinguished name (DN)
      (N) An identifier that uniquely represents an object in the X.500
      Directory Information Tree (DIT) [X501]. (Compare: domain name,
      identity, naming authority.)

      Tutorial: A DN is a set of attribute values that identify the path
      leading from the base of the DIT to the object that is named. An
      X.509 public-key certificate or CRL contains a DN that identifies
      its issuer, and an X.509 attribute certificate contains a DN or
      other form of name that identifies its subject.

   $ distributed attack
      1a. (I) An attack that is implemented with distributed computing.
      (See: zombie.)

      1b. (I) An attack that deploys multiple threat agents.

   $ Distributed Authentication Security Service (DASS)
      (I) An experimental Internet protocol [R1507] that uses
      cryptographic mechanisms to provide strong, mutual authentication
      services in a distributed environment.

   $ distributed computing
      (I) A technique that disperses a single, logically related set of
      tasks among a group of geographically separate yet cooperating
      computers. (See: distributed attack.)

Top      Up      ToC       Page 109 
   $ distribution point
      (I) An X.500 Directory entry or other information source that is
      named in a v3 X.509 public-key certificate extension as a location
      from which to obtain a CRL that may list the certificate.

      Tutorial: A v3 X.509 public-key certificate may have a
      "cRLDistributionPoints" extension that names places to get CRLs on
      which the certificate might be listed. (See: certificate profile.)
      A CRL obtained from a distribution point may (a) cover either all
      reasons for which a certificate might be revoked or only some of
      the reasons, (b) be issued by either the authority that signed the
      certificate or some other authority, and (c) contain revocation
      entries for only a subset of the full set of certificates issued
      by one CA or (d) contain revocation entries for multiple CAs.

   $ DKIM
      (I) See: Domain Keys Identified Mail.

   $ DMZ
      (D) See: demilitarized zone.

   $ DN
      (N) See: distinguished name.

   $ DNS
      (I) See: Domain Name System.

   $ doctrine
      See: security doctrine.

   $ DoD
      (N) Department of Defense.

      Usage: To avoid international misunderstanding, IDOCs SHOULD use
      this abbreviation only with a national qualifier (e.g., U.S. DoD).

   $ DOI
      (I) See: Domain of Interpretation.

   $ domain
      1a. (I) /general security/ An environment or context that (a)
      includes a set of system resources and a set of system entities
      that have the right to access the resources and (b) usually is
      defined by a security policy, security model, or security
      architecture. (See: CA domain, domain of interpretation, security
      perimeter. Compare: COI, enclave.)

Top      Up      ToC       Page 110 
      Tutorial: A "controlled interface" or "guard" is required to
      transfer information between network domains that operate under
      different security policies.

      1b. (O) /security policy/ A set of users, their information
      objects, and a common security policy. [DoD6, SP33]

      1c. (O) /security policy/ A system or collection of systems that
      (a) belongs to a community of interest that implements a
      consistent security policy and (b) is administered by a single

      2. (O) /COMPUSEC/ An operating state or mode of a set of computer

      Tutorial: Most computers have at least two hardware operating
      modes [Gass]:
      -  "Privileged" mode: a.k.a. "executive", "master", "system",
         "kernel", or "supervisor" mode. In this mode, software can
         execute all machine instructions and access all storage
      -  "Unprivileged" mode: a.k.a. "user", "application", or "problem"
         mode. In this mode, software is restricted to a subset of the
         instructions and a subset of the storage locations.

      3. (O) "A distinct scope within which certain common
      characteristics are exhibited and common rules are observed."

      4. (O) /MISSI/ The domain of a MISSI CA is the set of MISSI users
      whose certificates are signed by the CA.

      5. (I) /Internet/ That part of the tree-structured name space of
      the DNS that is at or below the name that specifies the domain. A
      domain is a subdomain of another domain if it is contained within
      that domain. For example, D.C.B.A is a subdomain of C.B.A

      6. (O) /OSI/ An administrative partition of a complex distributed
      OSI system.

   $ Domain Keys Identified Mail (DKIM)
      (I) A protocol, which is being specified by the IETF working group
      of the same name, to provide data integrity and domain-level (see:
      DNS, domain name) data origin authentication for Internet mail
      messages. (Compare: PEM.)

      Tutorial: DKIM employs asymmetric cryptography to create a digital
      signature for an Internet email message's body and selected

Top      Up      ToC       Page 111 
      headers (see RFC 1822), and the signature is then carried in a
      header of the message. A recipient of the message can verify the
      signature and, thereby, authenticate the identity of the
      originating domain and the integrity of the signed content, by
      using a public key belonging to the domain. The key can be
      obtained from the DNS.

   $ domain name
      (I) The style of identifier that is defined for subtrees in the
      Internet DNS -- i.e., a sequence of case-insensitive ASCII labels
      separated by dots (e.g., "") -- and also is used in other
      types of Internet identifiers, such as host names (e.g.,
      ""), mailbox names (e.g., "") and
      URLs (e.g., ""). (See: domain.
      Compare: DN.)

      Tutorial: The name space of the DNS is a tree structure in which
      each node and leaf holds records describing a resource. Each node
      has a label. The domain name of a node is the list of labels on
      the path from the node to the root of the tree. The labels in a
      domain name are printed or read left to right, from the most
      specific (lowest, farthest from the root) to the least specific
      (highest, closest to the root), but the root's label is the null
      string. (See: country code.)

   $ Domain Name System (DNS)
      (I) The main Internet operations database, which is distributed
      over a collection of servers and used by client software for
      purposes such as (a) translating a domain name-style host name
      into an IP address (e.g., "" translates to
      "") and (b) locating a host that accepts mail for a
      given mailbox address. (RFC 1034) (See: domain name.)

      Tutorial: The DNS has three major components:
      -  Domain name space and resource records: Specifications for the
         tree-structured domain name space, and data associated with the
      -  Name servers: Programs that hold information about a subset of
         the tree's structure and data holdings, and also hold pointers
         to other name servers that can provide information from any
         part of the tree.
      -  Resolvers: Programs that extract information from name servers
         in response to client requests; typically, system routines
         directly accessible to user programs.

      Extensions to the DNS [R4033, R4034, R4035] support (a) key
      distribution for public keys needed for the DNS and for other
      protocols, (b) data origin authentication service and data

Top      Up      ToC       Page 112 
      integrity service for resource records, (c) data origin
      authentication service for transactions between resolvers and
      servers, and (d) access control of records.

   $ domain of interpretation (DOI)
      (I) /IPsec/ A DOI for ISAKMP or IKE defines payload formats,
      exchange types, and conventions for naming security-relevant
      information such as security policies or cryptographic algorithms
      and modes. Example: See [R2407].

      Derivation: The DOI concept is based on work by the TSIG's CIPSO
      Working Group.

   $ dominate
      (I) Security level A is said to "dominate" security level B if the
      (hierarchical) classification level of A is greater (higher) than
      or equal to that of B, and A's (nonhierarchical) categories
      include (as a subset) all of B's categories. (See: lattice,
      lattice model.)

   $ dongle
      (I) A portable, physical, usually electronic device that is
      required to be attached to a computer to enable a particular
      software program to run. (See: token.)

      Tutorial: A dongle is essentially a physical key used for copy
      protection of software; that is, the program will not run unless
      the matching dongle is attached. When the software runs, it
      periodically queries the dongle and quits if the dongle does not
      reply with the proper authentication information. Dongles were
      originally constructed as an EPROM (erasable programmable read-
      only memory) to be connected to a serial input-output port of a
      personal computer.

   $ downgrade
      (I) /data security/ Reduce the security level of data (especially
      the classification level) without changing the information content
      of the data. (Compare: downgrade.)

   $ downgrade attack
      (I) A type of man-in-the-middle attack in which the attacker can
      cause two parties, at the time they negotiate a security
      association, to agree on a lower level of protection than the
      highest level that could have been supported by both of them.
      (Compare: downgrade.)

Top      Up      ToC       Page 113 
   $ draft RFC
      (D) A preliminary, temporary version of a document that is
      intended to become an RFC. (Compare: Internet-Draft.)

      Deprecated Term: IDOCs SHOULD NOT use this term. The RFC series is
      archival in nature and consists only of documents in permanent
      form. A document that is intended to become an RFC usually needs
      to be published first as an Internet-Draft (RFC 2026). (See:
      "Draft Standard" under "Internet Standard".)

   $ Draft Standard
      (I) See: secondary definition under "Internet Standard".

   $ DSA
      (N) See: Digital Signature Algorithm.

   $ DSS
      (N) See: Digital Signature Standard.

   $ dual control
      (I) A procedure that uses two or more entities (usually persons)
      operating in concert to protect a system resource, such that no
      single entity acting alone can access that resource. (See: no-lone
      zone, separation of duties, split knowledge.)

   $ dual signature
      (O) /SET/ A single digital signature that protects two separate
      messages by including the hash results for both sets in a single
      encrypted value. [SET2]

      Deprecated Usage: IDOCs SHOULD NOT use this term except when
      qualified as "SET(trademark) dual signature" with this definition.

      Tutorial: Generated by hashing each message separately,
      concatenating the two hash results, and then hashing that value
      and encrypting the result with the signer's private key. Done to
      reduce the number of encryption operations and to enable
      verification of data integrity without complete disclosure of the

   $ dual-use certificate
      (O) A certificate that is intended for use with both digital
      signature and data encryption services. [SP32]

      Usage: IDOCs that use this term SHOULD state a definition for it
      by identifying the intended uses of the certificate, because there
      are more than just these two uses mentioned in the NIST
      publication. A v3 X.509 public-key certificate may have a "key

Top      Up      ToC       Page 114 
      Usage" extension, which indicates the purposes for which the
      public key may be used. (See: certificate profile.)

   $ duty
      (I) An attribute of a role that obligates an entity playing the
      role to perform one or more tasks, which usually are essential for
      the functioning of the system. [Sand] (Compare authorization,
      privilege. See: role, billet.)

   $ e-cash
      (O) Electronic cash; money that is in the form of data and can be
      used as a payment mechanism on the Internet. (See: IOTP.)

      Usage: IDOCs that use this term SHOULD state a definition for it
      because many different types of electronic cash have been devised
      with a variety of security mechanisms.

   $ EAP
      (I) See: Extensible Authentication Protocol.

   $ EAL
      (O) See: evaluation assurance level.

   $ Easter egg
      (O) "Hidden functionality within an application program, which
      becomes activated when an undocumented, and often convoluted, set
      of commands and keystrokes is entered. Easter eggs are typically
      used to display the credits for the development team and [are]
      intended to be non-threatening" [SP28], but Easter eggs have the
      potential to contain malicious code.

      Deprecated Usage: It is likely that other cultures use different
      metaphors for this concept. Therefore, to avoid international
      misunderstanding, IDOCs SHOULD NOT use this term. (See: Deprecated
      Usage under "Green Book".)

   $ eavesdropping
      (I) Passive wiretapping done secretly, i.e., without the knowledge
      of the originator or the intended recipients of the communication.

   $ ECB
      (N) See: electronic codebook.

   $ ECDSA
      (N) See: Elliptic Curve Digital Signature Algorithm.

Top      Up      ToC       Page 115 
   $ economy of alternatives
      (I) The principle that a security mechanism should be designed to
      minimize the number of alternative ways of achieving a service.
      (Compare: economy of mechanism.)

   $ economy of mechanism
      (I) The principle that a security mechanism should be designed to
      be as simple as possible, so that (a) the mechanism can be
      correctly implemented and (b) it can be verified that the
      operation of the mechanism enforces the system's security policy.
      (Compare: economy of alternatives, least privilege.)

   $ ECU
      (N) See: end cryptographic unit.

   $ EDI
      (I) See: electronic data interchange.

      (N) See: secondary definition under "electronic data interchange".

   $ EE
      (D) Abbreviation of "end entity" and other terms.

      Deprecated Abbreviation: IDOCs SHOULD NOT use this abbreviation;
      there could be confusion among "end entity", "end-to-end
      encryption", "escrowed encryption standard", and other terms.

   $ EES
      (O) See: Escrowed Encryption Standard.

   $ effective key length
      (O) "A measure of strength of a cryptographic algorithm,
      regardless of actual key length." [IATF] (See: work factor.)

   $ effectiveness
      (O) /ITSEC/ A property of a TOE representing how well it provides
      security in the context of its actual or proposed operational use.

   $ El Gamal algorithm
      (N) An algorithm for asymmetric cryptography, invented in 1985 by
      Taher El Gamal, that is based on the difficulty of calculating
      discrete logarithms and can be used for both encryption and
      digital signatures. [ElGa]

Top      Up      ToC       Page 116 
   $ electronic codebook (ECB)
      (N) A block cipher mode in which a plaintext block is used
      directly as input to the encryption algorithm and the resultant
      output block is used directly as cipher text [FP081]. (See: block
      cipher, [SP38A].)

   $ electronic commerce
      1. (I) Business conducted through paperless exchanges of
      information, using electronic data interchange, electronic funds
      transfer (EFT), electronic mail, computer bulletin boards,
      facsimile, and other paperless technologies.

      2. (O) /SET/ "The exchange of goods and services for payment
      between the cardholder and merchant when some or all of the
      transaction is performed via electronic communication." [SET2]

   $ electronic data interchange (EDI)
      (I) Computer-to-computer exchange, between trading partners, of
      business data in standardized document formats.

      Tutorial: EDI formats have been standardized primarily by ANSI X12
      and by EDIFACT (EDI for Administration, Commerce, and
      Transportation), which is an international, UN-sponsored standard
      primarily used in Europe and Asia. X12 and EDIFACT are aligning to
      create a single, global EDI standard.

   $ Electronic Key Management System (EKMS)
      (O) "Interoperable collection of systems developed by ... the U.S.
      Government to automate the planning, ordering, generating,
      distributing, storing, filling, using, and destroying of
      electronic keying material and the management of other types of
      COMSEC material." [C4009]

   $ electronic signature
      (D) Synonym for "digital signature" or "digitized signature".

      Deprecated Term: IDOCs SHOULD NOT use this term; there is no
      current consensus on its definition. Instead, use "digital
      signature", if that is what was intended

   $ electronic wallet
      (D) A secure container to hold, in digitized form, some sensitive
      data objects that belong to the owner, such as electronic money,
      authentication material, and various types of personal
      information. (See: IOTP.)

      Deprecated Term: IDOCs SHOULD NOT use this term. There is no
      current consensus on its definition; and some uses and definitions

Top      Up      ToC       Page 117 
      may be proprietary. Meanings range from virtual wallets
      implemented by data structures to physical wallets implemented by
      cryptographic tokens. (See: Deprecated Usage under "Green Book".)

   $ elliptic curve cryptography (ECC)
      (I) A type of asymmetric cryptography based on mathematics of
      groups that are defined by the points on a curve, where the curve
      is defined by a quadratic equation in a finite field. [Schn]

      Tutorial: ECC is based on mathematics different than that
      originally used to define the Diffie-Hellman-Merkle algorithm and
      the DSA, but ECC can be used to define an algorithm for key
      agreement that is an analog of Diffie-Hellman-Merkle [A9063] and
      an algorithm for digital signature that is an analog of DSA
      [A9062]. The mathematical problem upon which ECC is based is
      believed to be more difficult than the problem upon which Diffie-
      Hellman-Merkle is based and, therefore, that keys for ECC can be
      shorter for a comparable level of security. (See: ECDSA.)

   $ Elliptic Curve Digital Signature Algorithm (ECDSA)
      (N) A standard [A9062] that is the analog, in elliptic curve
      cryptography, of the Digital Signature Algorithm.

   $ emanation
      (I) A signal (e.g., electromagnetic or acoustic) that is emitted
      by a system (e.g., through radiation or conductance) as a
      consequence (i.e., byproduct) of the system's operation, and that
      may contain information. (See: emanations security.)

   $ emanations analysis
      (I) /threat action/ See: secondary definition under

   $ emanations security (EMSEC)
      (I) Physical security measures to protect against data compromise
      that could occur because of emanations that might be received and
      read by an unauthorized party. (See: emanation, TEMPEST.)

      Usage: Refers either to preventing or limiting emanations from a
      system and to preventing or limiting the ability of unauthorized
      parties to receive the emissions.

   $ embedded cryptography
      (N) "Cryptography engineered into an equipment or system whose
      basic function is not cryptographic." [C4009]

   $ emergency plan
      (D) Synonym for "contingency plan".

Top      Up      ToC       Page 118 
      Deprecated Term: IDOCs SHOULD NOT use this term. Instead, for
      neutrality and consistency of language, use "contingency plan".

   $ emergency response
      (O) An urgent response to a fire, flood, civil commotion, natural
      disaster, bomb threat, or other serious situation, with the intent
      of protecting lives, limiting damage to property, and minimizing
      disruption of system operations. [FP087] (See: availability, CERT,
      emergency plan.)

   $ EMSEC
      (I) See: emanations security.

   $ EMV
      (N) Abbreviation of "Europay, MasterCard, Visa". Refers to a
      specification for smart cards that are used as payment cards, and
      for related terminals and applications. [EMV1, EMV2, EMV3]

   $ Encapsulating Security Payload (ESP)
      (I) An Internet protocol [R2406, R4303] designed to provide data
      confidentiality service and other security services for IP
      datagrams. (See: IPsec. Compare: AH.)

      Tutorial: ESP may be used alone, or in combination with AH, or in
      a nested fashion with tunneling. Security services can be provided
      between a pair of communicating hosts, between a pair of
      communicating security gateways, or between a host and a gateway.
      The ESP header is encapsulated by the IP header, and the ESP
      header encapsulates either the upper-layer protocol header
      (transport mode) or an IP header (tunnel mode). ESP can provide
      data confidentiality service, data origin authentication service,
      connectionless data integrity service, an anti-replay service, and
      limited traffic-flow confidentiality. The set of services depends
      on the placement of the implementation and on options selected
      when the security association is established.

   $ encipher
      (D) Synonym for "encrypt".

      Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
      for "encrypt". However, see Usage note under "encryption".

   $ encipherment
      (D) Synonym for "encryption".

      Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
      for "encryption". However, see Usage note under "encryption".

Top      Up      ToC       Page 119 
   $ enclave
      1. (I) A set of system resources that operate in the same security
      domain and that share the protection of a single, common,
      continuous security perimeter. (Compare: domain.)

      2. (D) /U.S. Government/ "Collection of computing environments
      connected by one or more internal networks under the control of a
      single authority and security policy, including personnel and
      physical security." [C4009]

      Deprecated Definition: IDOCs SHOULD NOT use this term with
      definition 2 because the definition applies to what is usually
      called a "security domain". That is, a security domain is a set of
      one or more security enclaves.

   $ encode
      1. (I) Use a system of symbols to represent information, which
      might originally have some other representation. Example: Morse
      code. (See: ASCII, BER.) (See: code, decode.)

      2. (D) Synonym for "encrypt".

      Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
      for "encrypt"; encoding is not always meant to conceal meaning.

   $ encrypt
      (I) Cryptographically transform data to produce cipher text. (See:
      encryption. Compare: seal.)

   $ encryption
      1. (I) Cryptographic transformation of data (called "plain text")
      into a different form (called "cipher text") that conceals the
      data's original meaning and prevents the original form from being
      used. The corresponding reverse process is "decryption", a
      transformation that restores encrypted data to its original form.
      (See: cryptography.)

      2. (O) "The cryptographic transformation of data to produce
      ciphertext." [I7498-2]

      Usage: For this concept, IDOCs SHOULD use the verb "to encrypt"
      (and related variations: encryption, decrypt, and decryption).
      However, because of cultural biases involving human burial, some
      international documents (particularly ISO and CCITT standards)
      avoid "to encrypt" and instead use the verb "to encipher" (and
      related variations: encipherment, decipher, decipherment).

Top      Up      ToC       Page 120 
      Tutorial: Usually, the plaintext input to an encryption operation
      is clear text. But in some cases, the plain text may be cipher
      text that was output from another encryption operation. (See:

      Encryption and decryption involve a mathematical algorithm for
      transforming data. Besides the data to be transformed, the
      algorithm has one or more inputs that are control parameters: (a)
      a key that varies the transformation and, in some cases, (b) an IV
      that establishes the starting state of the algorithm.

   $ encryption certificate
      (I) A public-key certificate that contains a public key that is
      intended to be used for encrypting data, rather than for verifying
      digital signatures or performing other cryptographic functions.

      Tutorial: A v3 X.509 public-key certificate may have a "keyUsage"
      extension that indicates the purpose for which the certified
      public key is intended. (See: certificate profile.)

   $ end cryptographic unit (ECU)
      1. (N) Final destination device into which a key is loaded for
      operational use.

      2. (N) A device that (a) performs cryptographic functions, (b)
      typically is part of a larger system for which the device provides
      security services, and (c), from the viewpoint of a supporting
      security infrastructure such as a key management system, is the
      lowest level of identifiable component with which a management
      transaction can be conducted

   $ end entity
      1. (I) A system entity that is the subject of a public-key
      certificate and that is using, or is permitted and able to use,
      the matching private key only for purposes other than signing a
      digital certificate; i.e., an entity that is not a CA.

      2. (O) "A certificate subject [that] uses its public [sic] key for
      purposes other than signing certificates." [X509]

      Deprecated Definition: IDOCs SHOULD NOT use definition 2, which is
      misleading and incomplete. First, that definition should have said
      "private key" rather than "public key" because certificates are
      not usefully signed with a public key. Second, the X.509
      definition is ambiguous regarding whether an end entity may or may
      not use the private key to sign a certificate, i.e., whether the
      subject may be a CA. The intent of X.509's authors was that an end
      entity certificate is not valid for use in verifying a signature

Top      Up      ToC       Page 121 
      on an X.509 certificate or X.509 CRL. Thus, it would have been
      better for the X.509 definition to have said "only for purposes
      other than signing certificates".

      Usage: Despite the problems in the X.509 definition, the term
      itself is useful in describing applications of asymmetric
      cryptography. The way the term is used in X.509 implies that it
      was meant to be defined, as we have done here, relative to roles
      that an entity (which is associated with an OSI end system) is
      playing or is permitted to play in applications of asymmetric
      cryptography other than the PKI that supports applications.

      Tutorial: Whether a subject can play both CA and non-CA roles,
      with either the same or different certificates, is a matter of
      policy. (See: CPS.) A v3 X.509 public-key certificate may have a
      "basicConstraints" extension containing a "cA" value that
      specifically "indicates whether or not the public key may be used
      to verify certificate signatures". (See: certificate profile.)

   $ end system
      (N) /OSIRM/ A computer that implements all seven layers of the
      OSIRM and may attach to a subnetwork. Usage: In the IPS context,
      an end system is called a "host".

   $ end-to-end encryption
      (I) Continuous protection of data that flows between two points in
      a network, effected by encrypting data when it leaves its source,
      keeping it encrypted while it passes through any intermediate
      computers (such as routers), and decrypting it only when it
      arrives at the intended final destination. (See: wiretapping.
      Compare: link encryption.)

      Examples: A few are BLACKER, CANEWARE, IPLI, IPsec, PLI, SDNS,
      SILS, SSH, SSL, TLS.

      Tutorial: When two points are separated by multiple communication
      links that are connected by one or more intermediate relays, end-
      to-end encryption enables the source and destination systems to
      protect their communications without depending on the intermediate
      systems to provide the protection.

   $ end user
      1. (I) /information system/ A system entity, usually a human
      individual, that makes use of system resources, primarily for
      application purposes as opposed to system management purposes.

      2. (D) /PKI/ Synonym for "end entity".

Top      Up      ToC       Page 122 
      Deprecated Definition: IDOCs SHOULD NOT use "end user" as a
      synonym for "end entity", because that would mix concepts in a
      potentially misleading way.

   $ endorsed-for-unclassified cryptographic item (EUCI)
      (O) /U.S. Government/ "Unclassified cryptographic equipment that
      embodies a U.S. Government classified cryptographic logic and is
      endorsed by NSA for the protection of national security
      information." [C4009] (Compare: CCI, type 2 product.)

   $ entity
      See: system entity.

   $ entrapment
      (I) "The deliberate planting of apparent flaws in a system for the
      purpose of detecting attempted penetrations or confusing an
      intruder about which flaws to exploit." [FP039] (See: honey pot.)

   $ entropy
      1. (I) An information-theoretic measure (usually stated as a
      number of bits) of the amount of uncertainty that an attacker
      faces to determine the value of a secret. [SP63] (See: strength.)

      Example: If a password is said to contain at least 20 bits of
      entropy, that means that it must be as hard to find the password
      as to guess a 20-bit random number.

      2. (I) An information-theoretic measure (usually stated as a
      number of bits) of the amount of information in a message; i.e.,
      the minimum number of bits needed to encode all possible meanings
      of that message. [Schn] (See: uncertainty.)

   $ ephemeral
      (I) /adjective/ Refers to a cryptographic key or other
      cryptographic parameter or data object that is short-lived,
      temporary, or used one time. (See: session key. Compare: static.)

   $ erase
      1. (I) Delete stored data. (See: sanitize, zeroize.)

      2. (O) /U.S. Government/ Delete magnetically stored data in such a
      way that the data cannot be recovered by ordinary means, but might
      be recoverable by laboratory methods. [C4009] (Compare: /U.S.
      Government/ purge.)

   $ error detection code
      (I) A checksum designed to detect, but not correct, accidental
      (i.e., unintentional) changes in data.

Top      Up      ToC       Page 123 
   $ Escrowed Encryption Standard (EES)
      (N) A U.S. Government standard [FP185] that specifies how to use a
      symmetric encryption algorithm (SKIPJACK) and create a Law
      Enforcement Access Field (LEAF) for implementing part of a key
      escrow system that enables decryption of telecommunications when
      interception is lawfully authorized.

      Tutorial: Both SKIPJACK and the LEAF are intended for use in
      equipment used to encrypt and decrypt sensitive, unclassified,
      telecommunications data.

   $ ESP
      (I) See: Encapsulating Security Payload.

   $ Estelle
      (N) A language (ISO 9074-1989) for formal specification of
      computer network protocols.

   $ ETSI
      (N) See: European Telecommunication Standards Institute.

   $ EUCI
      (O) See: endorsed-for-unclassified cryptographic item.

   $ European Telecommunication Standards Institute (ETSI)
      (N) An independent, non-profit organization, based in France, that
      is officially recognized by the European Commission and
      responsible for standardization of information and communication
      technologies within Europe.

      Tutorial: ETSI maintains the standards for a number of security
      algorithms, including encryption algorithms for mobile telephone
      systems in Europe.

   $ evaluated system
      (I) A system that has been evaluated against security criteria
      (for example, against the TCSEC or against a profile based on the
      Common Criteria).

   $ evaluation
      (I) Assessment of an information system against defined security
      criteria (for example, against the TCSEC or against a profile
      based on the Common Criteria). (Compare: certification.)

   $ evaluation assurance level (EAL)
      (N) A predefined package of assurance components that represents a
      point on the Common Criteria's scale for rating confidence in the
      security of information technology products and systems.

Top      Up      ToC       Page 124 
      Tutorial: The Common Criteria defines a scale of seven,
      hierarchically ordered EALs for rating a TOE. From highest to
      lowest, they are as follows:
      -  EAL7. Formally verified design and tested.
      -  EAL6. Semiformally verified design and tested.
      -  EAL5. Semiformally designed and tested.
      -  EAL4. Methodically designed, tested, and reviewed.
      -  EAL3. Methodically tested and checked.
      -  EAL2. Structurally tested.
      -  EAL1. Functionally tested.

      An EAL is a consistent, baseline set of requirements. The increase
      in assurance from EAL to EAL is accomplished by substituting
      higher assurance components (i.e., criteria of increasing rigor,
      scope, or depth) from seven assurance classes: (a) configuration
      management, (b) delivery and operation, (c) development, (d)
      guidance documents, (e) lifecycle support, (f) tests, and (g)
      vulnerability assessment.

      The EALs were developed with the goal of preserving concepts of
      assurance that were adopted from earlier criteria, so that results
      of previous evaluations would remain relevant. For example, EALs
      levels 2-7 are generally equivalent to the assurance portions of
      the TCSEC C2-A1 scale. However, this equivalency should be used
      with caution. The levels do not derive assurance in the same
      manner, and exact mappings do not exist.

   $ expire
      (I) /credential/ Cease to be valid (i.e., change from being valid
      to being invalid) because its assigned lifetime has been exceeded.
      (See: certificate expiration.)

   $ exposure
      (I) A type of threat action whereby sensitive data is directly
      released to an unauthorized entity. (See: unauthorized

      Usage: This type of threat action includes the following subtypes:
      -  "Deliberate Exposure": Intentional release of sensitive data to
         an unauthorized entity.
      -  "Scavenging": Searching through data residue in a system to
         gain unauthorized knowledge of sensitive data.
      -  "Human error": /exposure/ Human action or inaction that
         unintentionally results in an entity gaining unauthorized
         knowledge of sensitive data. (Compare: corruption,
      -  "Hardware or software error": /exposure/ System failure that
         unintentionally results in an entity gaining unauthorized

Top      Up      ToC       Page 125 
         knowledge of sensitive data. (Compare: corruption,

   $ Extended Security Option
      (I) See: secondary definition under "IPSO".

   $ Extensible Authentication Protocol (EAP)
      (I) An extension framework for PPP that supports multiple,
      optional authentication mechanisms, including cleartext passwords,
      challenge-response, and arbitrary dialog sequences. [R3748]
      (Compare: GSS-API, SASL.)

      Tutorial: EAP typically runs directly over IPS data link protocols
      or OSIRM Layer 2 protocols, i.e., without requiring IP.
      Originally, EAP was developed for use in PPP, by a host or router
      that connects to a network server via switched circuits or dial-up
      lines. Today, EAP's domain of applicability includes other areas
      of network access control; it is used in wired and wireless LANs
      with IEEE 802.1X, and in IPsec with IKEv2. EAP is conceptually
      related to other authentication mechanism frameworks, such as SASL
      and GSS-API.

   $ Extensible Markup Language (XML)
      (N) A version of Standard Generalized Markup Language (ISO 8879)
      that separately represents a document's content and its structure.
      XML was designed by W3C for use on the World Wide Web.

   $ extension
      (I) /protocol/ A data item or a mechanism that is defined in a
      protocol to extend the protocol's basic or original functionality.

      Tutorial: Many protocols have extension mechanisms, and the use of
      these extension is usually optional. IP and X.509 are two examples
      of protocols that have optional extensions. In IP version 4,
      extensions are called "options", and some of the options have
      security purposes (see: IPSO).

      In X.509, certificate and CRL formats can be extended to provide
      methods for associating additional attributes with subjects and
      public keys and for managing a certification hierarchy:
      -  A "certificate extension": X.509 defines standard extensions
         that may be included in v3 certificates to provide additional
         key and security policy information, subject and issuer
         attributes, and certification path constraints.
      -  A "CRL extension": X.509 defines extensions that may be
         included in v2 CRLs to provide additional issuer key and name
         information, revocation reasons and constraints, and
         information about distribution points and delta CRLs.

Top      Up      ToC       Page 126 
      -  A "private extension": Additional extensions, each named by an
         OID, can be locally defined as needed by applications or
         communities. (See: Authority Information Access extension, SET
         private extensions.)

   $ external controls
      (I) /COMPUSEC/ Refers to administrative security, personnel
      security, and physical security. (Compare: internal controls.)

   $ extranet
      (I) A computer network that an organization uses for application
      data traffic between the organization and its business partners.
      (Compare: intranet.)

      Tutorial: An extranet can be implemented securely, either on the
      Internet or using Internet technology, by constructing the
      extranet as a VPN.

   $ extraction resistance
      (O) Ability of cryptographic equipment to resist efforts to
      extract keying material directly from the equipment (as opposed to
      gaining knowledge of keying material by cryptanalysis). [C4009]

   $ extrusion detection
      (I) Monitoring for unauthorized transfers of sensitive information
      and other communications that originate inside a system's security
      perimeter and are directed toward the outside; i.e., roughly the
      opposite of "intrusion detection".

   $ fail-safe
      1. (I) Synonym for "fail-secure".

      2. (I) A mode of termination of system functions that prevents
      damage to specified system resources and system entities (i.e.,
      specified data, property, and life) when a failure occurs or is
      detected in the system (but the failure still might cause a
      security compromise). (See: failure control.)

      Tutorial: Definitions 1 and 2 are opposing design alternatives.
      Therefore, IDOCs SHOULD NOT use this term without providing a
      definition for it. If definition 1 is intended, IDOCs can avoid
      ambiguity by using "fail-secure" instead.

   $ fail-secure
      (I) A mode of termination of system functions that prevents loss
      of secure state when a failure occurs or is detected in the system
      (but the failure still might cause damage to some system resource
      or system entity). (See: failure control. Compare: fail-safe.)

Top      Up      ToC       Page 127 
   $ fail-soft
      (I) Selective termination of affected, non-essential system
      functions when a failure occurs or is detected in the system.
      (See: failure control.)

   $ failure control
      (I) A methodology used to provide fail-safe, fail-secure or fail-
      soft termination and recovery of system functions. [FP039]

   $ fairness
      (I) A property of an access protocol for a system resource whereby
      the resource is made equitably or impartially available to all
      eligible users. (RFC 3753)

      Tutorial: Fairness can be used to defend against some types of
      denial-of-service attacks on a system connected to a network.
      However, this technique assumes that the system can properly
      receive and process inputs from the network. Therefore, the
      technique can mitigate flooding but is ineffective against

   $ falsification
      (I) A type of threat action whereby false data deceives an
      authorized entity. (See: active wiretapping, deception.)

      Usage: This type of threat action includes the following subtypes:
      -  "Substitution": Altering or replacing valid data with false
         data that serves to deceive an authorized entity.
      -  "Insertion": Introducing false data that serves to deceive an
         authorized entity.

   $ fault tree
      (I) A branching, hierarchical data structure that is used to
      represent events and to determine the various combinations of
      component failures and human acts that could result in a specified
      undesirable system event. (See: attack tree, flaw hypothesis

      Tutorial: "Fault-tree analysis" is a technique in which an
      undesired state of a system is specified and the system is studied
      in the context of its environment and operation to find all
      credible ways in which the event could occur. The specified fault
      event is represented as the root of the tree. The remainder of the
      tree represents AND or OR combinations of subevents, and
      sequential combinations of subevents, that could cause the root
      event to occur. The main purpose of a fault-tree analysis is to
      calculate the probability of the root event, using statistics or
      other analytical methods and incorporating actual or predicted

Top      Up      ToC       Page 128 
      quantitative reliability and maintainability data. When the root
      event is a security violation, and some of the subevents are
      deliberate acts intended to achieve the root event, then the fault
      tree is an attack tree.

   $ FEAL
      (O) A family of symmetric block ciphers that was developed in
      Japan; uses a 64-bit block, keys of either 64 or 128 bits, and a
      variable number of rounds; and has been successfully attacked by
      cryptanalysts. [Schn]

   $ Federal Information Processing Standards (FIPS)
      (N) The Federal Information Processing Standards Publication (FIPS
      PUB) series issued by NIST under the provisions of Section 111(d)
      of the Federal Property and Administrative Services Act of 1949 as
      amended by the Computer Security Act of 1987 (Public Law 100-235)
      as technical guidelines for U.S. Government procurements of
      information processing system equipment and services. (See:
      "[FPxxx]" items in Section 7, Informative References.)

   $ Federal Public-key Infrastructure (FPKI)
      (O) A PKI being planned to establish facilities, specifications,
      and policies needed by the U.S. Government to use public-key
      certificates in systems involving unclassified but sensitive
      applications and interactions between Federal agencies as well as
      with entities of state and local governments, the business
      community, and the public. [FPKI]

   $ Federal Standard 1027
      (N) An U.S. Government document defining emanation, anti-tamper,
      security fault analysis, and manual key management criteria for
      DES encryption devices, primary for OSIRM Layer 2. Was renamed
      "FIPS PUB 140" when responsibility for protecting unclassified,
      sensitive information was transferred from NSA to NIST, and has
      since been superseded by newer versions of that standard [FP140].

   $ File Transfer Protocol (FTP)
      (I) A TCP-based, Application-Layer, Internet Standard protocol
      (RFC 959) for moving data files from one computer to another.

   $ fill device
      (N) /COMSEC/ A device used to transfer or store keying material in
      electronic form or to insert keying material into cryptographic

   $ filter
      1. (I) /noun/ Synonym for "guard". (Compare: content filter,
      filtering router.)

Top      Up      ToC       Page 129 
      2. (I) /verb/ To process a flow of data and selectively block
      passage or permit passage of individual data items according to a
      security policy.

   $ filtering router
      (I) An internetwork router that selectively prevents the passage
      of data packets according to a security policy. (See: guard.)

      Tutorial: A router usually has two or more physical connections to
      networks or other systems; and when the router receives a packet
      on one of those connections, it forwards the packet on a second
      connection. A filtering router does the same; but it first
      decides, according to some security policy, whether the packet
      should be forwarded at all. The policy is implemented by rules
      (packet filters) loaded into the router. The rules mostly involve
      values of data packet control fields (especially IP source and
      destination addresses and TCP port numbers) [R2179]. A filtering
      router may be used alone as a simple firewall or be used as a
      component of a more complex firewall.

   $ financial institution
      (N) "An establishment responsible for facilitating customer-
      initiated transactions or transmission of funds for the extension
      of credit or the custody, loan, exchange, or issuance of money."

   $ fingerprint
      1. (I) A pattern of curves formed by the ridges on a fingertip.
      (See: biometric authentication. Compare: thumbprint.)

      2. (D) /PGP/ A hash result ("key fingerprint") used to
      authenticate a public key or other data. [PGP]

      Deprecated Definition: IDOCs SHOULD NOT use this term with
      definition 2, and SHOULD NOT use this term as a synonym for "hash
      result" of *any* kind. Either use would mix concepts in a
      potentially misleading way.

   $ FIPS
      (N) See: Federal Information Processing Standards.

   $ FIPS PUB 140
      (N) The U.S. Government standard [FP140] for security requirements
      to be met by a cryptographic module when the module is used to
      protect unclassified information in computer and communication
      systems. (See: Common Criteria, FIPS, Federal Standard 1027.)

Top      Up      ToC       Page 130 
      Tutorial: The standard specifies four increasing levels (from
      "Level 1" to "Level 4") of requirements to cover a wide range of
      potential applications and environments. The requirements address
      basic design and documentation, module interfaces, authorized
      roles and services, physical security, software security,
      operating system security, key management, cryptographic
      algorithms, electromagnetic interference and electromagnetic
      compatibility (EMI/EMC), and self-testing. NIST and the Canadian
      Communication Security Establishment jointly certify modules.

      (O) /U.S. Government/ "Key management protocol based on public-key
      cryptography." [C4009]

   $ firewall
      1. (I) An internetwork gateway that restricts data communication
      traffic to and from one of the connected networks (the one said to
      be "inside" the firewall) and thus protects that network's system
      resources against threats from the other network (the one that is
      said to be "outside" the firewall). (See: guard, security

      2. (O) A device or system that controls the flow of traffic
      between networks using differing security postures. [SP41]

      Tutorial: A firewall typically protects a smaller, secure network
      (such as a corporate LAN, or even just one host) from a larger
      network (such as the Internet). The firewall is installed at the
      point where the networks connect, and the firewall applies policy
      rules to control traffic that flows in and out of the protected

      A firewall is not always a single computer. For example, a
      firewall may consist of a pair of filtering routers and one or
      more proxy servers running on one or more bastion hosts, all
      connected to a small, dedicated LAN (see: buffer zone) between the
      two routers. The external router blocks attacks that use IP to
      break security (IP address spoofing, source routing, packet
      fragments), while proxy servers block attacks that would exploit a
      vulnerability in a higher-layer protocol or service. The internal
      router blocks traffic from leaving the protected network except
      through the proxy servers. The difficult part is defining criteria
      by which packets are denied passage through the firewall, because
      a firewall not only needs to keep unauthorized traffic (i.e.,
      intruders) out, but usually also needs to let authorized traffic
      pass both in and out.

Next RFC Part