tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Gloss.     Arch.     IMS     UICC    |    Misc.    |    search     info

RFC 4949


Internet Security Glossary, Version 2

Part 9 of 13, p. 223 to 252
Prev RFC Part       Next RFC Part


prevText      Top      Up      ToC       Page 223 
   $ phreaking
      (D) A contraction of "telephone breaking". An attack on or
      penetration of a telephone system or, by extension, any other
      communication or information system. [Raym]

      Deprecated Term: IDOCs SHOULD NOT use this contraction; it is not
      listed in most dictionaries and could confuse international
      readers. (See: Deprecated Usage under "Green Book".)

   $ physical destruction
      (I) /threat action/ See: secondary definition under

   $ physical security
      (I) Tangible means of preventing unauthorized physical access to a
      system. Examples: Fences, walls, and other barriers; locks, safes,
      and vaults; dogs and armed guards; sensors and alarm bells.
      [FP031, R1455] (See: security architecture.)

   $ piggyback attack
      (I) A form of active wiretapping in which the attacker gains
      access to a system via intervals of inactivity in another user's
      legitimate communication connection. Sometimes called a "between-
      the-lines" attack. (See: hijack attack, man-in-the-middle attack.)

      Deprecated Usage: IDOCs that use this term SHOULD state a
      definition for it because the term could confuse international

   $ PIN
      (I) See: personal identification number.

   $ ping of death
      (D) A denial-of-service attack that sends an improperly large ICMP
      echo request packet (a "ping") with the intent of causing the
      destination system to fail. (See: ping sweep, teardrop.)

      Deprecated Term: IDOCs SHOULD NOT use this term; instead, use
      "ping packet overflow attack" or some other term that is specific
      with regard to the attack mechanism.

      Tutorial: This attack seeks to exploit an implementation
      vulnerability. The IP specification requires hosts to be prepared
      to accept datagrams of up to 576 octets, but also permits IP
      datagrams to be up to 65,535 octets long. If an IP implementation
      does not properly handle very long IP packets, the ping packet may
      overflow the input buffer and cause a fatal system error.

Top      Up      ToC       Page 224 
   $ ping sweep
      (I) An attack that sends ICMP echo requests ("pings") to a range
      of IP addresses, with the goal of finding hosts that can be probed
      for vulnerabilities. (See: ping of death. Compare: port scan.)

   $ PKCS
      (N) See: Public-Key Cryptography Standards.

   $ PKCS #5
      (N) A standard [PKC05] (see: RFC 2898) from the PKCS series;
      defines a method for encrypting an octet string with a secret key
      derived from a password.

      Tutorial: Although the method can be used for arbitrary octet
      strings, its intended primary application in public-key
      cryptography is for encrypting private keys when transferring them
      from one computer system to another, as described in PKCS #8.

   $ PKCS #7
      (N) A standard [PKC07] (see: RFC 2315) from the PKCS series;
      defines a syntax for data that may have cryptography applied to
      it, such as for digital signatures and digital envelopes. (See:

   $ PKCS #10
      (N) A standard [PKC10] (see: RFC 2986) from the PKCS series;
      defines a syntax for certification requests. (See: certification

      Tutorial: A PKCS #10 request contains a DN and a public key, and
      may contain other attributes, and is signed by the entity making
      the request. The request is sent to a CA, who converts it to an
      X.509 public-key certificate (or some other form), and returns it,
      possibly in PKCS #7 format.

   $ PKCS #11
      (N) A standard [PKC11] from the PKCS series; defines CAPI called
      "Cryptoki" for devices that hold cryptographic information and
      perform cryptographic functions.

   $ PKI
      (I) See: public-key infrastructure.

      (I) Abbreviation for "Public Key Cryptography for Initial
      Authentication in Kerberos" (RFC 4556). (See: Tutorial under

Top      Up      ToC       Page 225 
   $ PKIX
      1a. (I) A contraction of "Public-Key Infrastructure (X.509)", the
      name of the IETF working group that is specifying an architecture
      [R3280] and set of protocols [R4210] to provide X.509-based PKI
      services for the Internet.

      1b. (I) A collective name for that Internet PKI architecture and
      associated set of protocols.

      Tutorial: The goal of PKIX is to facilitate the use of X.509
      public-key certificates in multiple Internet applications and to
      promote interoperability between different implementations that
      use those certificates. The resulting PKI is intended to provide a
      framework that supports a range of trust and hierarchy
      environments and a range of usage environments. PKIX specifies (a)
      profiles of the v3 X.509 public-key certificate standards and the
      v2 X.509 CRL standards for the Internet, (b) operational protocols
      used by relying parties to obtain information such as certificates
      or certificate status, (c) management protocols used by system
      entities to exchange information needed for proper management of
      the PKI, and (d) information about certificate policies and CPSs,
      covering the areas of PKI security not directly addressed in the
      rest of PKIX.

   $ plain text
      1. (I) /noun/ Data that is input to an encryption process. (See:
      plaintext. Compare: cipher text, clear text.)

      2. (D) /noun/ Synonym for "clear text".

      Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
      for "clear text". Sometimes plain text that is input to an
      encryption operation is clear text, but other times plain text is
      cipher text that was output from a previous encryption operation.
      (See: superencryption.)

   $ plaintext
      1. (O) /noun/ Synonym for "plain text".

      2. (I) /adjective/ Referring to plain text. Usage: Commonly used
      instead of "plain-text". (Compare: ciphertext, cleartext.)

      3. (D) /noun/ Synonym for "cleartext".

      Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
      for "cleartext". Cleartext data is, by definition, not encrypted;
      but plaintext data that is input to an encryption operation may be

Top      Up      ToC       Page 226 
      cleartext data or may be ciphertext data that was output from a
      previous encryption operation. (See: superencryption.)

   $ PLI
      (I) See: Private Line Interface.

   $ PMA
      (N) See: policy management authority.

   $ Point-to-Point Protocol (PPP)
      (I) An Internet Standard protocol (RFC 1661) for encapsulation and
      full-duplex transportation of protocol data packets in OSIRM Layer
      3 over an OSIRM Layer 2 link between two peers, and for
      multiplexing different Layer 3 protocols over the same link.
      Includes optional negotiation to select and use a peer entity
      authentication protocol to authenticate the peers to each other
      before they exchange Layer 3 data. (See: CHAP, EAP, PAP.)

   $ Point-to-Point Tunneling Protocol (PPTP)
      (I) An Internet client-server protocol (RFC 2637) (originally
      developed by Ascend and Microsoft) that enables a dial-up user to
      create a virtual extension of the dial-up link across a network by
      tunneling PPP over IP. (See: L2TP.)

      Tutorial: PPP can encapsulate any IPS Network Interface Layer
      protocol or OSIRM Layer 3 protocol. Therefore, PPTP does not
      specify security services; it depends on protocols above and below
      it to provide any needed security. PPTP makes it possible to
      divorce the location of the initial dial-up server (i.e., the PPTP
      Access Concentrator, the client, which runs on a special-purpose
      host) from the location at which the dial-up protocol (PPP)
      connection is terminated and access to the network is provided
      (i.e., at the PPTP Network Server, which runs on a general-purpose

   $ policy
      1a. (I) A plan or course of action that is stated for a system or
      organization and is intended to affect and direct the decisions
      and deeds of that entity's components or members. (See: security

      1b. (O) A definite goal, course, or method of action to guide and
      determine present and future decisions, that is implemented or
      executed within a particular context, such as within a business
      unit. [R3198]

      Deprecated Abbreviation: IDOCs SHOULD NOT use "policy" as an
      abbreviation of either "security policy" or "certificate policy".

Top      Up      ToC       Page 227 
      Instead, to avoid misunderstanding, use a fully qualified term, at
      least at the point of first usage.

      Tutorial: The introduction of new technology to replace
      traditional systems can result in new systems being deployed
      without adequate policy definition and before the implications of
      the new technology are fully understand. In some cases, it can be
      difficult to establish policies for new technology before the
      technology has been operationally tested and evaluated. Thus,
      policy changes tend to lag behind technological changes, such that
      either old policies impede the technical innovation, or the new
      technology is deployed without adequate policies to govern its

      When new technology changes the ways that things are done, new
      "procedures" must be defined to establish operational guidelines
      for using the technology and achieving satisfactory results, and
      new "practices" must be established for managing new systems and
      monitoring results. Practices and procedures are more directly
      coupled to actual systems and business operations than are
      polices, which tend to be more abstract.
      -  "Practices" define how a system is to be managed and what
         controls are in place to monitor the system and detect abnormal
         behavior or quality problems. Practices are established to
         ensure that a system is managed in compliance with stated
         policies. System audits are primarily concerned with whether or
         not practices are being followed. Auditors evaluate the
         controls to make sure they conform to accepted industry
         standards, and then confirm that controls are in place and that
         control measurements are being gathered. Audit trails are
         examples of control measurements that are recorded as part of
         system operations.
      -  "Procedures" define how a system is operated, and relate
         closely to issues of what technology is used, who the operators
         are, and how the system is deployed physically. Procedures
         define both normal and abnormal operating circumstances.
      -  For every control defined by a practice statement, there should
         be corresponding procedures to implement the control and
         provide ongoing measurement of the control parameters.
         Conversely, procedures require management practices to insure
         consistent and correct operational behavior.

   $ policy approval authority
      (D) /PKI/ Synonym for "policy management authority". [PAG]

      Deprecated Term: IDOCs SHOULD NOT use this term as synonym for
      "policy management authority". The term suggests a limited,
      passive role that is not typical of PMAs.

Top      Up      ToC       Page 228 
   $ policy approving authority (PAA)
      (O) /MISSI/ The top-level signing authority of a MISSI
      certification hierarchy. The term refers both to that
      authoritative office or role and to the person who plays that
      role. (See: policy management authority, root registry.)

      Tutorial: A MISSI PAA (a) registers MISSI PCAs and signs their
      X.509 public-key certificates, (b) issues CRLs but does not issue
      a CKL, and (c) may issue cross-certificates to other PAAs.

   $ policy authority
      (D) /PKI/ Synonym for "policy management authority". [PAG]

      Deprecated Term: IDOCs SHOULD NOT use this term as synonym for
      "policy management authority". The term is unnecessarily vague and
      thus may be confused with other PKI entities, such as CAs and RAs,
      that enforce of apply various aspects of PKI policy.

   $ policy certification authority (Internet PCA)
      (I) An X.509-compliant CA at the second level of the Internet
      certification hierarchy, under the IPRA. Each PCA operates under
      its published security policy (see: certificate policy, CPS) and
      within constraints established by the IPRA for all PCAs. [R1422].
      (See: policy creation authority.)

   $ policy creation authority (MISSI PCA)
      (O) /MISSI/ The second level of a MISSI certification hierarchy;
      the administrative root of a security policy domain of MISSI users
      and other, subsidiary authorities. The term refers both to that
      authoritative office or role and to the person who fills that
      office. (See: policy certification authority.)

      Tutorial: A MISSI PCA's certificate is issued by a PAA. The PCA
      registers the CAs in its domain, defines their configurations, and
      issues their X.509 public-key certificates. (The PCA may also
      issue certificates for SCAs, ORAs, and other end entities, but a
      PCA does not usually do this.) The PCA periodically issues CRLs
      and CKLs for its domain.

   $ policy management authority (PMA)
      (I) /PKI/ A person, role, or organization within a PKI that is
      responsible for (a) creating or approving the content of the
      certificate policies and CPSs that are used in the PKI; (b)
      ensuring the administration of those policies; and (c) approving
      any cross-certification or interoperability agreements with CAs
      external to the PKI and any related policy mappings. The PMA may
      also be the accreditor for the PKI as a whole or for some of its

Top      Up      ToC       Page 229 
      components or applications. [DoD9, PAG] (See: policy approving

      Example: In the U.S. Department of Defense, an organization called
      the Policy Management Authority is responsible for DoD PKI [DoD9].

   $ policy mapping
      (I) "Recognizing that, when a CA in one domain certifies a CA in
      another domain, a particular certificate policy in the second
      domain may be considered by the authority of the first domain to
      be equivalent (but not necessarily identical in all respects) to a
      particular certificate policy in the first domain." [X509]

   $ policy rule
      (I) A building block of a security policy; it (a) defines a set of
      system conditions and (b) specifies a set of system actions that
      are to be performed if those conditions occur. [R3198]

   $ POP3
      (I) See: Post Office Protocol, version 3.

   $ POP3 APOP
      (I) A POP3 command (better described as a transaction type, or
      subprotocol) by which a POP3 client optionally uses a keyed hash
      (based on MD5) to authenticate itself to a POP3 server and,
      depending on the server implementation, to protect against replay
      attacks. (See: CRAM, POP3 AUTH, IMAP4 AUTHENTICATE.)

      Tutorial: The server includes a unique time stamp in its greeting
      to the client. The subsequent APOP command sent by the client to
      the server contains the client's name and the hash result of
      applying MD5 to a string formed from both the time stamp and a
      shared secret value that is known only to the client and the
      server. APOP was designed to provide an alternative to using
      POP3's USER and PASS (i.e., password) command pair, in which the
      client sends a cleartext password to the server.

   $ POP3 AUTH
      (I) A POP3 command [R1734] (better described as a transaction
      type, or subprotocol) by which a POP3 client optionally proposes a
      mechanism to a POP3 server to authenticate the client to the
      server and provide other security services. (See: POP3 APOP, IMAP4

      Tutorial: If the server accepts the proposal, the command is
      followed by performing a challenge-response authentication
      protocol and, optionally, negotiating a protection mechanism for

Top      Up      ToC       Page 230 
      subsequent POP3 interactions. The security mechanisms used by POP3
      AUTH are those used by IMAP4.

   $ port scan
      (I) A technique that sends client requests to a range of service
      port addresses on a host. (See: probe. Compare: ping sweep.)

      Tutorial: A port scan can be used for pre-attack surveillance,
      with the goal of finding an active port and subsequently
      exploiting a known vulnerability of that port's service. A port
      scan can also be used as a flooding attack.

   $ positive authorization
      (I) The principle that a security architecture should be designed
      so that access to system resources is permitted only when
      explicitly granted; i.e., in the absence of an explicit
      authorization that grants access, the default action shall be to
      refuse access. (See: authorization, access.)

   $ POSIX
      (N) Portable Operating System Interface for Computer Environments,
      a standard [FP151, I9945] (originally IEEE Standard P1003.1) that
      defines an operating system interface and environment to support
      application portability at the source code level. It is intended
      to be used by both application developers and system implementers.

      Tutorial: P1003.1 supports security functionality like that on
      most UNIX systems, including discretionary access control and
      privileges. IEEE Draft Standard P1003.6 specifies additional
      functionality not provided in the base standard, including (a)
      discretionary access control, (b) audit trail mechanisms, (c)
      privilege mechanisms, (d) mandatory access control, and (e)
      information label mechanisms.

   $ Post Office Protocol, version 3 (POP3)
      (I) An Internet Standard protocol (RFC 1939) by which a client
      workstation can dynamically access a mailbox on a server host to
      retrieve mail messages that the server has received and is holding
      for the client. (See: IMAP4.)

      Tutorial: POP3 has mechanisms for optionally authenticating a
      client to a server and providing other security services. (See:
      POP3 APOP, POP3 AUTH.)

   $ PPP
      (I) See: Point-to-Point Protocol.

Top      Up      ToC       Page 231 
   $ PPTP
      (I) See: Point-to-Point Tunneling Protocol.

   $ preauthorization
      (N) /PKI/ A CAW feature that enables certification requests to be
      automatically validated against data provided in advance to the CA
      by an authorizing entity.

   $ precedence
      1. (I) /information system/ A ranking assigned to events or data
      objects that determines the relative order in which they are

      2. (N) /communication system/ A designation assigned to a
      communication (i.e., packet, message, data stream, connection,
      etc.) by the originator to state the importance or urgency of that
      communication versus other communications, and thus indicate to
      the transmission system the relative order of handling, and
      indicate to the receiver the order in which the communication is
      to be noted. [F1037] (See: availability, critical, preemption.)

      Example: The "Precedence" subfield of the "Type of Service" field
      of the IPv4 header supports the following designations (in
      descending order of importance): 111 Network Control, 110
      Internetwork Control, 101 CRITIC/ECP (Critical Intelligence
      Communication/Emergency Command Precedence), 100 Flash Override,
      011 Flash, 010 Immediate, 001 Priority, and 000 Routine. These
      designations were adopted from U.S. DoD systems that existed
      before ARPANET.

   $ preemption
      (N) The seizure, usually automatic, of system resources that are
      being used to serve a lower-precedence communication, in order to
      serve immediately a higher-precedence communication. [F1037]

   $ Pretty Good Privacy(trademark) (PGP(trademark))
      (O) Trademarks of Network Associates, Inc., referring to a
      computer program (and related protocols) that uses cryptography to
      provide data security for electronic mail and other applications
      on the Internet. (Compare: DKIM, MOSS, MSP, PEM, S/MIME.)

      Tutorial: PGP encrypts messages with a symmetric algorithm
      (originally, IDEA in CFB mode), distributes the symmetric keys by
      encrypting them with an asymmetric algorithm (originally, RSA),
      and creates digital signatures on messages with a cryptographic
      hash and an asymmetric encryption algorithm (originally, MD5 and
      RSA). To establish ownership of public keys, PGP depends on the
      "web of trust".

Top      Up      ToC       Page 232 
   $ prevention
      (I) See: secondary definition under "security".

   $ primary account number (PAN)
      (O) /SET/ "The assigned number that identifies the card issuer and
      cardholder. This account number is composed of an issuer
      identification number, an individual account number
      identification, and an accompanying check digit as defined by ISO
      7812-1985." [SET2, I7812] (See: bank identification number.)

      Tutorial: The PAN is embossed, encoded, or both on a magnetic-
      strip-based credit card. The PAN identifies the issuer to which a
      transaction is to be routed and the account to which it is to be
      applied unless specific instructions indicate otherwise. The
      authority that assigns the BIN part of the PAN is the American
      Bankers Association.

   $ principal
      (I) A specific identity claimed by a user when accessing a system.

      Usage: Usually understood to be an identity that is registered in
      and authenticated by the system; equivalent to the notion of login
      account identifier. Each principal is normally assigned to a
      single user, but a single user may be assigned (or attempt to use)
      more than one principal. Each principal can spawn one or more
      subjects, but each subject is associated with only one principal.
      (Compare: role, subject, user.)

      (I) /Kerberos/ A uniquely identified (i.e., uniquely named) client
      or server instance that participates in a network communication.

   $ priority
      (I) /information system/ Precedence for processing an event or
      data object, determined by security importance or other factors.
      (See: precedence.)

   $ privacy
      1. (I) The right of an entity (normally a person), acting in its
      own behalf, to determine the degree to which it will interact with
      its environment, including the degree to which the entity is
      willing to share its personal information with others. (See:
      HIPAA, personal information, Privacy Act of 1974. Compare:
      anonymity, data confidentiality.) [FP041]

      2. (O) "The right of individuals to control or influence what
      information related to them may be collected and stored and by
      whom and to whom that information may be disclosed." [I7498-2]

Top      Up      ToC       Page 233 
      3. (D) Synonym for "data confidentiality".

      Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym
      for "data confidentiality" or "data confidentiality service",
      which are different concepts. Privacy is a reason for security
      rather than a kind of security. For example, a system that stores
      personal data needs to protect the data to prevent harm,
      embarrassment, inconvenience, or unfairness to any person about
      whom data is maintained, and to protect the person's privacy. For
      that reason, the system may need to provide data confidentiality

      Tutorial: The term "privacy" is used for various separate but
      related concepts, including bodily privacy, territorial privacy,
      personal information privacy, and communication privacy. IDOCs are
      expected to address only communication privacy, which in this
      Glossary is defined primarily by "data confidentiality" and
      secondarily by "data integrity".

      IDOCs are not expected to address information privacy, but this
      Glossary provides definition 1 for that concept because personal
      information privacy is often confused with communication privacy.
      IDOCs are not expected to address bodily privacy or territorial
      privacy, and this Glossary does not define those concepts because
      they are not easily confused with communication privacy.

   $ Privacy Act of 1974
      (O) A U.S. Federal law (Section 552a of Title 5, United States
      Code) that seeks to balance the U.S. Government's need to maintain
      data about individuals with the rights of individuals to be
      protected against unwarranted invasions of their privacy stemming
      from federal agencies' collection, maintenance, use, and
      disclosure of personal data. (See: privacy.)

      Tutorial: In 1974, the U.S. Congress was concerned with the
      potential for abuses that could arise from the Government's
      increasing use of computers to store and retrieve personal data.
      Therefore, the Act has four basic policy objectives:
      -  To restrict disclosure of personally identifiable records
         maintained by Federal agencies.
      -  To grant individuals increased rights of access to Federal
         agency records maintained on themselves.
      -  To grant individuals the right to seek amendment of agency
         records maintained on themselves upon a showing that the
         records are not accurate, relevant, timely, or complete.
      -  To establish a code of "fair information practices" that
         requires agencies to comply with statutory norms for
         collection, maintenance, and dissemination of records.

Top      Up      ToC       Page 234 
   $ Privacy Enhanced Mail (PEM)
      (I) An Internet protocol to provide data confidentiality, data
      integrity, and data origin authentication for electronic mail.
      [R1421, R1422]. (Compare: DKIM, MOSS, MSP, PGP, S/MIME.)

      Tutorial: PEM encrypts messages with a symmetric algorithm
      (originally, DES in CBC mode), provides distribution for the
      symmetric keys by encrypting them with an asymmetric algorithm
      (originally, RSA), and signs messages with an asymmetric
      encryption algorithm over a cryptographic hash (originally, RSA
      over either MD2 or MD5). To establish ownership of public keys,
      PEM uses a certification hierarchy, with X.509 public-key
      certificates and X.509 CRLs that are signed with an asymmetric
      encryption algorithm over a cryptographic hash (originally, RSA
      over MD2).

      PEM is designed to be compatible with a wide range of key
      management methods, but is limited to specifying security services
      only for text messages and, like MOSS, has not been widely
      implemented in the Internet.

   $ private component
      (I) Synonym for "private key".

      Deprecated Usage: In most cases, IDOCs SHOULD NOT use this term;
      instead, to avoid confusing readers, use "private key". However,
      the term MAY be used when discussing a key pair; e.g., "A key pair
      has a public component and a private component."

   $ private extension
      (I) See: secondary definition under "extension".

   $ private key
      1. (I) The secret component of a pair of cryptographic keys used
      for asymmetric cryptography. (See: key pair, public key, secret

      2. (O) In a public key cryptosystem, "that key of a user's key
      pair which is known only by that user." [X509]

   $ Private Line Interface (PLI)
      (I) The first end-to-end packet encryption system for a computer
      network, developed by BBN starting in 1975 for the U.S. DoD,
      incorporating U.S. Government-furnished, military-grade COMSEC
      equipment (TSEC/KG-34). [B1822] (Compare: IPLI.)

Top      Up      ToC       Page 235 
   $ privilege
      1a. (I) /access control/ A synonym for "authorization". (See
      authorization. Compare: permission.)

      1b. (I) /computer platform/ An authorization to perform a
      security-relevant function in the context of a computer's
      operating system.

   $ privilege management infrastructure
      (O) "The infrastructure able to support the management of
      privileges in support of a comprehensive authorization service and
      in relationship with a" PKI; i.e., processes concerned with
      attribute certificates. [X509]

      Deprecated Usage: IDOCs SHOULD NOT use this term with this
      definition. This definition is vague, and there is no consensus on
      a more specific one.

   $ privileged process
      (I) A computer process that is authorized (and, therefore,
      trusted) to perform some security-relevant functions that ordinary
      processes are not. (See: privilege, trusted process.)

   $ privileged user
      (I) An user that has access to system control, monitoring, or
      administration functions. (See: privilege, /UNIX/ under "root",
      superuser, user.)

      Tutorial: Privileged users include the following types:
      -  Users with near or complete control of a system, who are
         authorized to set up and administer user accounts, identifiers,
         and authentication information, or are authorized to assign or
         change other users' access to system resources.
      -  Users that are authorized to change control parameters (e.g.,
         network addresses, routing tables, processing priorities) on
         routers, multiplexers, and other important equipment.
      -  Users that are authorized to monitor or perform troubleshooting
         for a system's security functions, typically using special
         tools and features that are not available to ordinary users.

   $ probe
      (I) /verb/ A technique that attempts to access a system to learn
      something about the system. (See: port scan.)

      Tutorial: The purpose of a probe may be offensive, e.g., an
      attempt to gather information for circumventing the system's
      protections; or the purpose may be defensive, e.g., to verify that
      the system is working properly.

Top      Up      ToC       Page 236 
   $ procedural security
      (D) Synonym for "administrative security".

      Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
      "administrative security". The term may be misleading because any
      type of security may involve procedures, and procedures may be
      either external to the system or internal. Instead, use
      "administrative security", "communication security", "computer
      security", "emanations security", "personnel security", "physical
      security", or whatever specific type is meant. (See: security

   $ profile
      See: certificate profile, protection profile.

   $ proof-of-possession protocol
      (I) A protocol whereby a system entity proves to another that it
      possesses and controls a cryptographic key or other secret
      information. (See: zero-knowledge proof.)

   $ proprietary
      (I) Refers to information (or other property) that is owned by an
      individual or organization and for which the use is restricted by
      that entity.

   $ protected checksum
      (I) A checksum that is computed for a data object by means that
      protect against active attacks that would attempt to change the
      checksum to make it match changes made to the data object. (See:
      digital signature, keyed hash, Tutorial under "checksum".)

   $ protective packaging
      (N) "Packaging techniques for COMSEC material that discourage
      penetration, reveal a penetration has occurred or was attempted,
      or inhibit viewing or copying of keying material prior to the time
      it is exposed for use." [C4009] (See: tamper-evident, tamper-
      resistant. Compare: QUADRANT.)

   $ protection authority
      (I) See: secondary definition under "Internet Protocol Security

   $ protection level
      (N) /U.S. Government/ An indication of the trust that is needed in
      a system's technical ability to enforce security policy for
      confidentiality. (Compare: /system operation/ under "mode of

Top      Up      ToC       Page 237 
      Tutorial: An organization's security policy could define
      protection levels that are based on comparing (a) the sensitivity
      of information handled by a system to (b) the authorizations of
      users that receive information from the system without manual
      intervention and reliable human review. For each level, the policy
      could specify security features and assurances that must be
      included in any system that was intended to operate at that level.

      Example: Given some set of data objects that are classified at one
      or more hierarchical levels and in one or more non-hierarchical
      categories, the following table defines five protection levels for
      systems that would handle that data. Beginning with PL1 and
      evolving to PL5, each successive level would require stronger
      features and assurances to handle the dataset. (See: clearance,
      formal access approval, and need-to-know.)

             Lowest Clearance      Formal Access       Need-To-Know
              Among All Users    Approval of Users      of Users
      PL5  | Some user has no  | [Does not matter.]| [Does not matter.]|
      High | clearance at all. |                   |                   |
      PL4  | All are cleared   | [Does not matter.]| [Does not matter.]|
           | for some data.    |                   |                   |
      PL3  | All are cleared   | Some not approved | [Does not matter.]|
           | for all data.     | for all data.     |                   |
      PL2  | All are cleared   | All are approved  | Some don't need to|
           | for all data.     | for all data.     | to know all data. |
      PL1  | All are cleared   | All are approved  | All have a need   |
      Low  | for all data.     | for all data.     | to know all data. |

   Each of these protection levels can be viewed as being equivalent to
   one or more modes of system operation defined in this Glossary:
   -  PL5 is equivalent to multilevel security mode.
   -  PL4 is equivalent to either multilevel or compartmented
      security mode, depending on the details of users' clearances.
   -  PL3 is equivalent to partitioned security mode.
   -  PL2 is equivalent to system-high security mode.
   -  PL1 is equivalent to dedicated security mode.

   $ protection profile
      (N) /Common Criteria/ An implementation-independent set of
      security requirements for a category of targets of evaluation that

Top      Up      ToC       Page 238 
      meet specific consumer needs. [CCIB] Example: [IDSAN]. (See:
      target of evaluation. Compare: certificate profile, package.)

      Tutorial: A protection profile (PP) is the kind of document used
      by consumers to specify functional requirements they want in a
      product, and a security target (ST) is the kind of document used
      by vendors to make functional claims about a product.

      A PP is intended to be a reusable statement of product security
      needs, which are known to be useful and effective, for a set of
      information technology security products that could be built. A PP
      contains a set of security requirements, preferably taken from the
      catalogs in Parts 2 and 3 of the Common Criteria, and should
      include an EAL. A PP could be developed by user communities,
      product developers, or any other parties interested in defining a
      common set of requirements.

   $ protection ring
      (I) One of a hierarchy of privileged operation modes of a system
      that gives certain access rights to processes authorized to
      operate in that mode. (See: Multics.)

   $ protective distribution system (PDS)
      (N) A wireline or fiber-optic communication system used to
      transmit cleartext classified information through an area of
      lesser classification or control. [N7003]

   $ protocol
      1a. (I) A set of rules (i.e., formats and procedures) to implement
      and control some type of association (e.g., communication) between
      systems. Example: Internet Protocol.

      1b. (I) A series of ordered computing and communication steps that
      are performed by two or more system entities to achieve a joint
      objective. [A9042]

   $ protocol control information (PCI)
      (N) See: secondary definition under "protocol data unit".

   $ protocol data unit (PDU)
      (N) A data packet that is defined for peer-to-peer transfers in a
      protocol layer.

      Tutorial: A PDU consists of two disjoint subsets of data: the SDU
      and the PCI. (Although these terms -- PDU, SDU, and PCI --
      originated in the OSIRM, they are also useful and permissible in
      an IPS context.)

Top      Up      ToC       Page 239 
      -  The "service data unit" (SDU) in a packet is data that the
         protocol transfers between peer protocol entities on behalf of
         the users of that layer's services. For Layers 1 through 6, the
         layer's users are peer protocol entities at a higher layer; for
         Layer 7, the users are application entities outside the scope
         of the OSIRM.
      -  The "protocol control information" (PCI) in a packet is data
         that peer protocol entities exchange between themselves to
         control their joint operation of the layer.

   $ protocol suite
      (I) A complementary collection of communication protocols used in
      a computer network. (See: IPS, OSI.)

   $ proxy
      1. (I) A computer process that acts on behalf of a user or client.

      2. (I) A computer process -- often used as, or as part of, a
      firewall -- that relays application transactions or a protocol
      between client and server computer systems, by appearing to the
      client to be the server and appearing to the server to be the
      client. (See: SOCKS.)

      Tutorial: In a firewall, a proxy server usually runs on a bastion
      host, which may support proxies for several applications and
      protocols (e.g., FTP, HTTP, and TELNET). Instead of a client in
      the protected enclave connecting directly to an external server,
      the internal client connects to the proxy server, which in turn
      connects to the external server. The proxy server waits for a
      request from inside the firewall, forwards the request to the
      server outside the firewall, gets the response, then sends the
      response back to the client. The proxy may be transparent to the
      clients, or they may need to connect first to the proxy server,
      and then use that association to also initiate a connection to the
      real server.

      Proxies are generally preferred over SOCKS for their ability to
      perform caching, high-level logging, and access control. A proxy
      can provide security service beyond that which is normally part of
      the relayed protocol, such as access control based on peer entity
      authentication of clients, or peer entity authentication of
      servers when clients do not have that ability. A proxy at OSIRM
      Layer 7 can also provide finer-grained security service than can a
      filtering router at Layer 3. For example, an FTP proxy could
      permit transfers out of, but not into, a protected network.

Top      Up      ToC       Page 240 
   $ proxy certificate
      (I) An X.509 public-key certificate derived from an end-entity
      certificate, or from another proxy certificate, for the purpose of
      establishing proxies and delegating authorizations in the context
      of a PKI-based authentication system. [R3820]

      Tutorial: A proxy certificate has the following properties:
      -  It contains a critical extension that (a) identifies it as a
         proxy certificate and (b) may contain a certification path
         length constraint and policy constraints.
      -  It contains the public component of a key pair that is distinct
         from that associated with any other certificate.
      -  It is signed by the private component of a key pair that is
         associated with an end-entity certificate or another proxy
      -  Its associated private key can be used to sign only other proxy
         certificates (not end-entity certificates).
      -  Its "subject" DN is derived from its "issuer" DN and is unique.
      -  Its "issuer" DN is the "subject" DN of an end-entity
         certificate or another proxy certificate.

   $ pseudorandom
      (I) A sequence of values that appears to be random (i.e.,
      unpredictable) but is actually generated by a deterministic
      algorithm. (See: compression, random, random number generator.)

   $ pseudorandom number generator
      (I) See: secondary definition under "random number generator".

   $ public component
      (I) Synonym for "public key".

      Deprecated Usage: In most cases, IDOCs SHOULD NOT use this term;
      to avoid confusing readers, use "private key" instead. However,
      the term MAY be used when discussing a key pair; e.g., "A key pair
      has a public component and a private component."

   $ public key
      1. (I) The publicly disclosable component of a pair of
      cryptographic keys used for asymmetric cryptography. (See: key
      pair. Compare: private key.)

      2. (O) In a public key cryptosystem, "that key of a user's key
      pair which is publicly known." [X509]

Top      Up      ToC       Page 241 
   $ public-key certificate
      1. (I) A digital certificate that binds a system entity's
      identifier to a public key value, and possibly to additional,
      secondary data items; i.e., a digitally signed data structure that
      attests to the ownership of a public key. (See: X.509 public-key

      2. (O) "The public key of a user, together with some other
      information, rendered unforgeable by encipherment with the private
      key of the certification authority which issued it." [X509]

      Tutorial: The digital signature on a public-key certificate is
      unforgeable. Thus, the certificate can be published, such as by
      posting it in a directory, without the directory having to protect
      the certificate's data integrity.

   $ public-key cryptography
      (I) Synonym for "asymmetric cryptography".

   $ Public-Key Cryptography Standards (PKCS)
      (N) A series of specifications published by RSA Laboratories for
      data structures and algorithms used in basic applications of
      asymmetric cryptography. [PKCS] (See: PKCS #5 through PKCS #11.)

      Tutorial: The PKCS were begun in 1991 in cooperation with industry
      and academia, originally including Apple, Digital, Lotus,
      Microsoft, Northern Telecom, Sun, and MIT. Today, the
      specifications are widely used, but they are not sanctioned by an
      official standards organization, such as ANSI, ITU-T, or IETF. RSA
      Laboratories retains sole decision-making authority over the PKCS.

   $ public-key forward secrecy (PFS)
      (I) For a key-agreement protocol based on asymmetric cryptography,
      the property that ensures that a session key derived from a set of
      long-term public and private keys will not be compromised if one
      of the private keys is compromised in the future. (See: Usage note
      and other discussion under "perfect forward secrecy".)

   $ public-key Kerberos
      (I) See: Tutorial under "Kerberos", PKINIT.

   $ public-key infrastructure (PKI)
      1. (I) A system of CAs (and, optionally, RAs and other supporting
      servers and agents) that perform some set of certificate
      management, archive management, key management, and token
      management functions for a community of users in an application of
      asymmetric cryptography. (See: hierarchical PKI, mesh PKI,
      security management infrastructure, trust-file PKI.)

Top      Up      ToC       Page 242 
      2. (I) /PKIX/ The set of hardware, software, people, policies, and
      procedures needed to create, manage, store, distribute, and revoke
      digital certificates based on asymmetric cryptography.

      Tutorial: The core PKI functions are (a) to register users and
      issue their public-key certificates, (b) to revoke certificates
      when required, and (c) to archive data needed to validate
      certificates at a much later time. Key pairs for data
      confidentiality may be generated (and perhaps escrowed) by CAs or
      RAs, but requiring a PKI client to generate its own digital
      signature key pair helps maintain system integrity of the
      cryptographic system, because then only the client ever possesses
      the private key it uses. Also, an authority may be established to
      approve or coordinate CPSs, which are security policies under
      which components of a PKI operate.

      A number of other servers and agents may support the core PKI, and
      PKI clients may obtain services from them, such as certificate
      validation services. The full range of such services is not yet
      fully understood and is evolving, but supporting roles may include
      archive agent, certified delivery agent, confirmation agent,
      digital notary, directory, key escrow agent, key generation agent,
      naming agent who ensures that issuers and subjects have unique
      identifiers within the PKI, repository, ticket-granting agent,
      time-stamp agent, and validation agent.

   $ purge
      1. (I) Synonym for "erase".

      2. (O) /U.S. Government/ Use degaussing or other methods to render
      magnetically stored data unusable and irrecoverable by any means,
      including laboratory methods. [C4009] (Compare: /U.S. Government/

      (O) /U.S. Government/ Short name for technology and methods that
      protect cryptographic equipment by making the equipment tamper-
      resistant. [C4009] (Compare: protective packaging, TEMPEST.)

      Tutorial: Equipment cannot be made completely tamper-proof, but it
      can be made tamper-resistant or tamper-evident.

   $ qualified certificate
      (I) A public-key certificate that has the primary purpose of
      identifying a person with a high level of assurance, where the
      certificate meets some qualification requirements defined by an
      applicable legal framework, such as the European Directive on
      Electronic Signature. [R3739]

Top      Up      ToC       Page 243 
   $ quick mode
      (I) See: /IKE/ under "mode".

   $ RA
      (I) See: registration authority.

   $ RA domains
      (I) A feature of a CAW that allows a CA to divide the
      responsibility for certificate requests among multiple RAs.

      Tutorial: This ability might be used to restrict access to private
      authorization data that is provided with a certificate request,
      and to distribute the responsibility to review and approve
      certificate requests in high-volume environments. RA domains might
      segregate certificate requests according to an attribute of the
      certificate's subject, such as an organizational unit.

      (I) See: Remote Authentication Dial-In User Service.

   $ Rainbow Series
      (O) /COMPUSEC/ A set of more than 30 technical and policy
      documents with colored covers, issued by the NCSC, that discuss in
      detail the TCSEC and provide guidance for meeting and applying the
      criteria. (See: Green Book, Orange Book, Red Book, Yellow Book.)

   $ random
      (I) In essence, "random" means "unpredictable". [SP22, Knut,
      R4086] (See: cryptographic key, pseudorandom.)
      -  "Random sequence": A sequence in which each successive value is
         obtained merely by chance and does not depend on the preceding
         values of the sequence. In a random sequence of bits, each bit
         is unpredictable; i.e., (a) the probability of each bit being a
         "0" or "1" is 1/2, and (b) the value of each bit is independent
         of any other bit in the sequence.
      -  "Random value": An individual value that is unpredictable;
         i.e., each value in the total population of possibilities has
         equal probability of being selected.

   $ random number generator
      (I) A process that is invoked to generate a random sequence of
      values (usually a sequence of bits) or an individual random value.

      Tutorial: There are two basic types of generators. [SP22]
      -  "(True) random number generator": It uses one or more non-
         deterministic bit sources (e.g., electrical circuit noise,
         timing of human processes such as key strokes or mouse
         movements, semiconductor quantum effects, and other physical

Top      Up      ToC       Page 244 
         phenomena) and a processing function that formats the bits, and
         it outputs a sequence of values that is unpredictable and
         uniformly distributed.
      -  "Pseudorandom number generator": It uses a deterministic
         computational process (usually implemented by software) that
         has one or more inputs called "seeds", and it outputs a
         sequence of values that appears to be random according to
         specified statistical tests.

   $ RBAC
      (N) See: role-based access control, rule-based access control.

      Deprecated Usage: IDOCs that use this term SHOULD state a
      definition for it because the abbreviation is ambiguous.

   $ RC2, RC4, RC6
      (N) See: Rivest Cipher #2, #4, #6.

   $ read
      (I) /security model/ A system operation that causes a flow of
      information from an object to a subject. (See: access mode.
      Compare: write.)

   $ realm
      (I) /Kerberos/ A domain consisting of a set of Kerberized clients,
      Kerberized application servers, and one or more Kerberos
      authentication servers and ticket-granting servers that support
      the clients and applications, all operating under the same
      security policy. (See: domain.)

   $ recovery
      1. (I) /cryptography/ The process of learning or obtaining
      cryptographic data or plain text through cryptanalysis. (See: key
      recovery, data recovery.)

      2a. (I) /system integrity/ The process of restoring a secure state
      in a system after there has been an accidental failure or a
      successful attack. (See: secondary definition under "security",
      system integrity.)

      2b. (I) /system integrity/ The process of restoring an information
      system's assets and operation following damage or destruction.
      (See: contingency plan.)

   $ RED
      1. (N) Designation for data that consists only of clear text, and
      for information system equipment items and facilities that handle

Top      Up      ToC       Page 245 
      clear text. Example: "RED key". (See: BCR, color change, RED/BLACK
      separation. Compare: BLACK.)

      Derivation: From the practice of marking equipment with colors to
      prevent operational errors.

      2. (O) /U.S. Government/ Designation applied to information
      systems, and to associated areas, circuits, components, and
      equipment, "in which unencrypted national security information is
      being processed." [C4009]

   $ RED/BLACK separation
      (N) An architectural concept for cryptographic systems that
      strictly separates the parts of a system that handle plain text
      (i.e., RED information) from the parts that handle cipher text
      (i.e., BLACK information). (See: BLACK, RED.)

   $ Red Book
      (D) /slang/ Synonym for "Trusted Network Interpretation of the
      Trusted Computer System Evaluation Criteria" [NCS05].

      Deprecated Term: IDOCs SHOULD NOT use this term. Instead, use the
      full proper name of the document or, in subsequent references, a
      more conventional abbreviation, e.g., TNI-TCSEC. (See: TCSEC,
      Rainbow Series, Deprecated Usage under "Green Book".)

   $ RED key
      (N) A cleartext key, which is usable in its present form (i.e., it
      does not need to be decrypted before being used). (See: RED.
      Compare: BLACK key.)

   $ reference monitor
      (I) "An access control concept that refers to an abstract machine
      that mediates all accesses to objects by subjects." [NCS04] (See:
      security kernel.)

      Tutorial: This concept was described in the Anderson report. A
      reference monitor should be (a) complete (i.e., it mediates every
      access), (b) isolated (i.e., it cannot be modified by other system
      entities), and (c) verifiable (i.e., small enough to be subjected
      to analysis and tests to ensure that it is correct).

   $ reflection attack
      (I) An attack in which a valid data transmission is replayed to
      the originator by an attacker who intercepts the original
      transmission. (Compare: indirect attack, replay attack.)

Top      Up      ToC       Page 246 
   $ reflector attack
      (D) Synonym for "indirect attack".

      Deprecated Term: IDOCs SHOULD NOT use this term; it could be
      confused with "reflection attack", which is a different concept.

   $ registered user
      (I) A system entity that is authorized to receive a system's
      products and services or otherwise access system resources. (See:
      registration, user.)

   $ registration
      1. (I) /information system/ A system process that (a) initializes
      an identity (of a system entity) in the system, (b) establishes an
      identifier for that identity, (c) may associate authentication
      information with that identifier, and (d) may issue an identifier
      credential (depending on the type of authentication mechanism
      being used). (See: authentication information, credential,
      identifier, identity, identity proofing.)

      2. (I) /PKI/ An administrative act or process whereby an entity's
      name and other attributes are established for the first time at a
      CA, prior to the CA issuing a digital certificate that has the
      entity's name as the subject. (See: registration authority.)

      Tutorial: Registration may be accomplished either directly, by the
      CA, or indirectly, by a separate RA. An entity is presented to the
      CA or RA, and the authority either records the name(s) claimed for
      the entity or assigns the entity's name(s). The authority also
      determines and records other attributes of the entity that are to
      be bound in a certificate (such as a public key or authorizations)
      or maintained in the authority's database (such as street address
      and telephone number). The authority is responsible, possibly
      assisted by an RA, for verifying the entity's identity and vetting
      the other attributes, in accordance with the CA's CPS.

      Among the registration issues that a CPS may address are the
      following [R3647]:
      -  How a claimed identity and other attributes are verified.
      -  How organization affiliation or representation is verified.
      -  What forms of names are permitted, such as X.500 DN, domain
         name, or IP address.
      -  Whether names are required to be meaningful or unique, and
         within what domain.
      -  How naming disputes are resolved, including the role of
      -  Whether certificates are issued to entities that are not

Top      Up      ToC       Page 247 
      -  Whether a person is required to appear before the CA or RA, or
         can instead be represented by an agent.
      -  Whether and how an entity proves possession of the private key
         matching a public key.

   $ registration authority (RA)
      1. (I) An optional PKI entity (separate from the CAs) that does
      not sign either digital certificates or CRLs but has
      responsibility for recording or verifying some or all of the
      information (particularly the identities of subjects) needed by a
      CA to issue certificates and CRLs and to perform other certificate
      management functions. (See: ORA, registration.)

      2. (I) /PKIX/ An optional PKI component, separate from the CA(s).
      The functions that the RA performs will vary from case to case but
      may include identity authentication and name assignment, key
      generation and archiving of key pairs, token distribution, and
      revocation reporting. [R4210]

      Tutorial: Sometimes, a CA may perform all certificate management
      functions for all end users for which the CA signs certificates.
      Other times, such as in a large or geographically dispersed
      community, it may be necessary or desirable to offload secondary
      CA functions and delegate them to an assistant, while the CA
      retains the primary functions (signing certificates and CRLs). The
      tasks that are delegated to an RA by a CA may include personal
      authentication, name assignment, token distribution, revocation
      reporting, key generation, and archiving.

      An RA is an optional PKI entity, separate from the CA, that is
      assigned secondary functions. The duties assigned to RAs vary from
      case to case but may include the following:
      -  Verifying a subject's identity, i.e., performing personal
         authentication functions.
      -  Assigning a name to a subject. (See: distinguished name.)
      -  Verifying that a subject is entitled to have the attributes
         requested for a certificate.
      -  Verifying that a subject possesses the private key that matches
         the public key requested for a certificate.
      -  Performing functions beyond mere registration, such as
         generating key pairs, distributing tokens, handling revocation
         reports, and archiving data. (Such functions may be assigned to
         a PKI component that is separate from both the CA and the RA.)

      3. (O) /SET/ "An independent third-party organization that
      processes payment card applications for multiple payment card
      brands and forwards applications to the appropriate financial
      institutions." [SET2]

Top      Up      ToC       Page 248 
   $ regrade
      (I) Deliberately change the security level (especially the
      hierarchical classification level) of information in an authorized
      manner. (See: downgrade, upgrade.)

   $ rekey
      (I) Change the value of a cryptographic key that is being used in
      an application of a cryptographic system. (See: certificate

      Tutorial: Rekey is required at the end of a cryptoperiod or key

   $ reliability
      (I) The ability of a system to perform a required function under
      stated conditions for a specified period of time. (Compare:
      availability, survivability.)

   $ reliable human review
      (I) Any manual, automated, or hybrid process or procedure that
      ensures that a human examines a digital object, such as text or an
      image, to determine whether the object may be permitted, according
      to some security policy, to be transferred across a controlled
      interface. (See: guard.)

   $ relying party
      (I) Synonym for "certificate user".

      Usage: Used in a legal context to mean a recipient of a
      certificate who acts in reliance on that certificate. (See: ABA

   $ remanence
      (I) Residual information that can be recovered from a storage
      medium after clearing. (See: clear, magnetic remanence, purge.)

   $ Remote Authentication Dial-In User Service (RADIUS)
      (I) An Internet protocol [R2865] for carrying dial-in users'
      authentication information and configuration information between a
      shared, centralized authentication server (the RADIUS server) and
      a network access server (the RADIUS client) that needs to
      authenticate the users of its network access ports. (See: TACACS.)

      User presents authentication and possibly other information to the
      RADIUS client (e.g., health information regarding the user

Top      Up      ToC       Page 249 
      Tutorial: A user presents authentication information and possibly
      other information to the RADIUS client, and the client passes that
      information to the RADIUS server. The server authenticates the
      client using a shared secret value and checks the presented
      information, and then returns to the client all authorization and
      configuration information needed by the client to serve the user.

   $ renew
      See: certificate renewal.

   $ reordering
      (I) /packet/ See: secondary definition under "stream integrity

   $ replay attack
      (I) An attack in which a valid data transmission is maliciously or
      fraudulently repeated, either by the originator or by a third
      party who intercepts the data and retransmits it, possibly as part
      of a masquerade attack. (See: active wiretapping, fresh, liveness,
      nonce. Compare: indirect attack, reflection attack.)

   $ repository
      1. (I) A system for storing and distributing digital certificates
      and related information (including CRLs, CPSs, and certificate
      policies) to certificate users. (Compare: archive, directory.)

      2. (O) "A trustworthy system for storing and retrieving
      certificates or other information relevant to certificates." [DSG]

      Tutorial: A certificate is published to those who might need it by
      putting it in a repository. The repository usually is a publicly
      accessible, on-line server. In the FPKI, for example, the expected
      repository is a directory that uses LDAP, but also may be an X.500
      Directory that uses DAP, or an HTTP server, or an FTP server that
      permits anonymous login.

   $ repudiation
      1. (I) Denial by a system entity that was involved in an
      association (especially a communication association that transfers
      data) of having participated in the relationship. (See:
      accountability, non-repudiation service.)

      2. (I) A type of threat action whereby an entity deceives another
      by falsely denying responsibility for an act. (See: deception.)

Top      Up      ToC       Page 250 
      Usage: This type of threat action includes the following subtypes:
      -  False denial of origin: Action whereby an originator denies
         responsibility for sending data.
      -  False denial of receipt: Action whereby a recipient denies
         receiving and possessing data.

      3. (O) /OSIRM/ "Denial by one of the entities involved in a
      communication of having participated in all or part of the
      communication." [I7498-2]

   $ Request for Comment (RFC)
      1. (I) One of the documents in the archival series that is the
      official channel for IDOCs and other publications of the Internet
      Engineering Steering Group, the Internet Architecture Board, and
      the Internet community in general. (RFC 2026, 2223) (See: Internet

      2. (D) A popularly misused synonym for a document on the Internet
      Standards Track, i.e., an Internet Standard, Draft Standard, or
      Proposed Standard. (See: Internet Standard.)

      Deprecated Definition: IDOCs SHOULD NOT use this term with
      definition 2 because many other types of documents also are
      published as RFCs.

   $ residual risk
      (I) The portion of an original risk or set of risks that remains
      after countermeasures have been applied. (Compare: acceptable
      risk, risk analysis.)

   $ restore
      See: card restore.

   $ reverse engineering
      (I) /threat action/ See: secondary definition under "intrusion".

   $ revocation
      See: certificate revocation.

   $ revocation date
      (N) /X.509/ In a CRL entry, a date-time field that states when the
      certificate revocation occurred, i.e., when the CA declared the
      digital certificate to be invalid. (See: invalidity date.)

      Tutorial: The revocation date may not resolve some disputes
      because, in the worst case, all signatures made during the
      validity period of the certificate may have to be considered
      invalid. However, it may be desirable to treat a digital signature

Top      Up      ToC       Page 251 
      as valid even though the private key used to sign was compromised
      after the signing. If more is known about when the compromise
      actually occurred, a second date-time, an "invalidity date", can
      be included in an extension of the CRL entry.

   $ revocation list
      See: certificate revocation list.

   $ revoke
      (I) See: certificate revocation.

   $ RFC
      (I) See: Request for Comment.

   $ Rijndael
      (N) A symmetric, block cipher that was designed by Joan Daemen and
      Vincent Rijmen as a candidate for the AES, and that won that
      competition. [Daem] (See: Advanced Encryption Standard.)

   $ risk
      1. (I) An expectation of loss expressed as the probability that a
      particular threat will exploit a particular vulnerability with a
      particular harmful result. (See: residual risk.)

      2. (O) /SET/ "The possibility of loss because of one or more
      threats to information (not to be confused with financial or
      business risk)." [SET2]

      Tutorial: There are four basic ways to deal with a risk [SP30]:
      -  "Risk avoidance": Eliminate the risk by either countering the
         threat or removing the vulnerability. (Compare: "avoidance"
         under "security".)
      -  "Risk transference": Shift the risk to another system or
         entity; e.g., buy insurance to compensate for potential loss.
      -  "Risk limitation": Limit the risk by implementing controls that
         minimize resulting loss.
      -  "Risk assumption": Accept the potential for loss and continue
         operating the system.

   $ risk analysis
      (I) An assessment process that systematically (a) identifies
      valuable system resources and threats to those resources, (b)
      quantifies loss exposures (i.e., loss potential) based on
      estimated frequencies and costs of occurrence, and (c)
      (optionally) recommends how to allocate available resources to
      countermeasures so as to minimize total exposure. (See: risk
      management, business-case analysis. Compare: threat analysis.)

Top      Up      ToC       Page 252 
      Tutorial: Usually, it is financially and technically infeasible to
      avoid or transfer all risks (see: "first corollary" of "second
      law" under "Courtney's laws"), and some residual risks will
      remain, even after all available countermeasures have been
      deployed (see: "second corollary" of "second law" under
      "Courtney's laws"). Thus, a risk analysis typically lists risks in
      order of cost and criticality, thereby determining where
      countermeasures should be applied first. [FP031, R2196]

      In some contexts, it is infeasible or inadvisable to attempt a
      complete or quantitative risk analysis because needed data, time,
      and expertise are not available. Instead, basic answers to
      questions about threats and risks may be already built into
      institutional security policies. For example, U.S. DoD policies
      for data confidentiality "do not explicitly itemize the range of
      expected threats" but instead "reflect an operational approach ...
      by stating the particular management controls that must be used to
      achieve [confidentiality] ... Thus, they avoid listing threats,
      which would represent a severe risk in itself, and avoid the risk
      of poor security design implicit in taking a fresh approach to
      each new problem". [NRC91]

   $ risk assumption
      (I) See: secondary definition under "risk".

   $ risk avoidance
      (I) See: secondary definition under "risk".

   $ risk limitation
      (I) See: secondary definition under "risk".

   $ risk management
      1. (I) The process of identifying, measuring, and controlling
      (i.e., mitigating) risks in information systems so as to reduce
      the risks to a level commensurate with the value of the assets
      protected. (See: risk analysis.)

      2. (I) The process of controlling uncertain events that may affect
      information system resources.

      3. (O) "The total process of identifying, controlling, and
      mitigating information system-related risks. It includes risk
      assessment; cost-benefit analysis; and the selection,
      implementation, test, and security evaluation of safeguards. This
      overall system security review considers both effectiveness and
      efficiency, including impact on the mission and constraints due to
      policy, regulations, and laws." [SP30]

Next RFC Part