Listen to this page:
Getting Started
Web App Security & Privacy Glossary
The Web App Security & Privacy Glossary provides terms, definitions, and external references for further study. Use the following Index to find terms and definitions with references.
A
- Access Control
- Access Control ensures that resources are only granted to those users who are entitled to them.
- Reference: Access Control
- Access Control List
-
A list of credentials attached to a resource indicating whether or not the credentials have access to the resource.
Also referred to as an ACL.
ACL's are typically used for authorizing actions in applications.
- Reference: Access Control List
- Access Control Matrix
- An Access Control Matrix uses rows to represent subjects and columns to represent objects with privileges listed in each cell.
- Reference: Access Control Matrix
- Access Control Service
- A security service that provides protection of system resources against unauthorized access. The two basic mechanisms for implementing this service are ACLs and Tickets.
- Reference: Access Control Service
- Access Management
- Management is the maintenance of access information which consists of four tasks: account administration, maintenance, monitoring, and revocation.
- Reference: Access management
- Account Harvesting
- Account Harvesting is the process of collecting all the legitimate account names on a system.
- Reference: Account Harvesting
- ACK (Acknowledgement Packet) Piggybacking
- ACK piggybacking is the practice of sending an ACK inside another packet going to the same destination.
- Reference: Piggybacking (data transmission)
- Active Attack
-
Any attack that involves actions that are detectable as an attack by the target.
- A port scan is active because it can be detected by the remote host.
- An active attack might involve posting data to an endpoint with the hope of achieving XSS or SQL Injectino.
- Logging of regular http request/response activity that is later analyzed for potential vulnerabilities is passive.
- Reference: Active Attack
- Active Content
- Program code embedded in the contents of a web page. When the page is accessed by a web browser, the embedded code is automatically downloaded and executed on the user's workstation. Ex. Java, ActiveX (MS)
- Reference: Active Content
- Activity Monitors
- Activity monitors aim to prevent virus infection by monitoring for malicious activity on a system, and blocking that activity when possible.
- Reference: Database activity monitoring
- Address Resolution Protocol (ARP)
- Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address to a physical machine address that is recognized in the local network. A table, usually called the ARP cache, is used to maintain a correlation between each MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions.
- Reference: Address Resolution Protocol
- Advanced Encryption Standard (AES)
-
A fast general-purpose block cipher standardized by NIST (the National Institute of Standards and Technology).
- The AES selection process was a multi-year competition, where Rijndael was the winning cipher.
-
AES has been adopted by the U.S. government and is now used worldwide.
- It supersedes the Data Encryption Standard (DES) which was published in 1977.
- The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.
- Reference:
- Algorithm
- A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer.
- Reference: Algorithm
- Applet
- Java programs; an application program that uses the client's web browser to provide a user interface.
- Reference: Applet
- Anti-debugger
- Refers to technology that detects or thwarts the use of a debugger on a piece of software.
- Reference: Anti Debugging Protection Techniques With Examples
- Anti-tampering
- Refers to technology that attempts to thwart the reverse engineering and patching of a piece of software in binary format.
- Reference: Anti-tamper software
- Architectural Security (Risk) Assessment
-
Architectural risk assessment is a risk management process that identifies flaws in a software architecture and determines risks to business information assets that result from those flaws.
-
Through the process of architectural security/risk assessment:
- Flaws are found that expose information assets to risk.
- Risks are prioritized based on their impact to the business.
- Mitigations for those risks are developed and implemented.
- The software is reassessed to determine the efficacy of the mitigations.
-
Through the process of architectural security/risk assessment:
- Reference: Architectural Risk Analysis
- ASN.1 (Abstract Syntax Notation One)
-
Abstract Syntax Notation (ASN) is a language for representing data objects.
- It is popular to use this in specifying cryptographic protocols, usually using DER (Distinguished Encoding Rules), which allows the data layout to be unambiguously specified.
- Reference: Abstract Syntax Notation One
- Asymmetric Cryptography (a.k.a. Public Key Cryptography)
- This is cryptography involving public keys, as opposed to cryptography making use of shared secrets.
- Reference: Public-key cryptography
- Audit
-
In the context of security, this is a review of a system in order to validate the security of the system.
- Generally, this either refers to code auditing or reviewing audit logs.
- Reference: Information technology security audit
- Audit log
- These are records kept for the purpose of later verifying that the security properties of a system have remained intact.
- Reference: Security Audit Logging Guideline
- Authenticate-and-encrypt
-
When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and encrypts the plaintext, possibly in parallel.
- This is not secure in the general case.
- Reference: Authenticated encryption
- Authenticate-then-encrypt
-
When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and then encrypts the plaintext concatenated with the MAC tag.
- This is not secure in the general case, but usually works well in practice.
- Reference: Authenticated encryption
- Authentication
-
This is the process of verifying that someone or something is the actual entity that they claim to be.
- Authentication is what happens when you log into a system.
- It compares your credentials (often user name and password) with a previously established known value such that the system can know that you are who you say you are.
- For sensitive systems, there is a trend toward using two factor authentication (2FA) which essentially means that users must supply two different secrets, usually one is a password (something they know) and the other is a pin supplied via text (verifying something they have).
- Reference: Authentication
- Authorization
-
Authorization is the process of determining whether an authenticated subject (a user) can see, change, delete or take other actions upon data.
- For example, if you log into a time keeping application, submit your timesheet and then your boss approves it, the act of logging in is authenticating.
- The act of filling out your timesheet and submitting it should only be something your user is authorized to do.
- The act of approving the timesheet is something only the boss is authorized to do.
- Reference: Authorization
B
- Backdoor
- Malicious code inserted into a program for the purposes of providing the author covert access to machines running the program.
- Reference:
- Base64
- A method for encoding binary data into printable ASCII strings. Every byte of output maps to six bits of input (minus possible padding bytes).
- Reference: Base64
- Bastion Host
- A bastion host has been hardened in anticipation of vulnerabilities that have not been discovered yet.
- Reference: Bastion Host
- Big endian
-
Refers to machines representing words most significant byte first.
- While x86 machines do not use big endian byte ordering (instead using little endian), the PowerPC and SPARC architectures do.
- This is also the network byte order.
- Reference: Endianness
- BIND
- BIND stands for Berkeley Internet Name Domain and is an implementation of DNS. DNS is used for domain name to IP address resolution.
- Reference: BIND
- Binding Corporate Rules
- Personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity.
- Reference: Art. 47 GDPR Binding corporate rules
- Biometric Data
- Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.
- Reference: Biometric Data
- Birthday Attack
-
This takes a function f() that seems to map an input to a random output of some fixed size (a pseudo-random function or PRF).
- A birthday attack is simply selecting random inputs for f() and checking to see if any previous values gave the same output.
- Statistically, if the output size is S bits, then one can find a collision in 2S/2 operations, on average.
- Reference: Birthday Attack
- Bit-flipping Attack
-
In a stream cipher, flipping a bit in the ciphertext flips the corresponding bit in the plaintext.
- If using a message authentication code (MAC), such attacks are not practical.
- Reference: Bit-flipping Attack
- Blacklist
-
When performing input validation, the set of items, that if matched, result in the input being considered invalid.
- If no invalid items are found, the result is valid.
- Reference: Blacklist
- Blinding
- A technique used to thwart timing attacks.
- Reference: Blinding (cryptography)
- Block Cipher
-
An encryption algorithm that maps inputs of size n to outputs of size n (n is called the block size).
- Data that is not a valid block size must somehow be padded (generally by using an encryption mode).
- The same input always produces the same output.
- Reference: Block Cipher
- Blowfish
-
A block cipher with 64-bit blocks and variable length keys, created by Bruce Schneier.
- This cipher is infamous for having slow key-setup times.
- Reference: Blowfish Cipher
- Boot Record Infector
- A boot record infector is a piece of malware that inserts malicious code into the boot sector of a disk.
- Reference: System or boot-record infectors
- British Standard 7799
- A standard code of practice and provides guidance on how to secure an information system. It includes the management framework, objectives, and control requirements for information security management systems.
- Reference: BS 7799
- Brute-force attack
- An attack on an encryption algorithm where the encryption key for a ciphertext is determined by trying to decrypt using every key until valid plaintext is obtained.
- Reference: Brute-force Attack
- Buffer Overflow
-
A buffer overflow is when you can put more data into a memory location than is allocated to hold that data.
- Languages like C and C++ that do no built-in bounds checking are susceptible to such problems.
- These problems are often security-critical.
- Reference: Buffer Overflow
- Business Continuity Plan (BCP)
- A Business Continuity Plan is the plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.
- Reference: Business Continuity Plan (BCP)
- Business Impact Analysis (BIA)
- A Business Impact Analysis determines what levels of impact to a system are tolerable.
- Reference: Business Impact Analysis (BIA)
C
- Cache Cramming
- Cache Cramming is the technique of tricking a browser to run cached Java code from the local disk, instead of the internet zone, so it runs with less restrictive permissions.
- Reference: Cache Cramming
- Cache Poisoning
- Malicious or misleading data from a remote name server is saved [cached] by another name server. Typically used with DNS cache poisoning attacks.
- Reference: Cache Poisoning
- Canary
-
A piece of data, the absence of which indicates a violation of a security policy.
- Several tools use a canary for preventing certain stack-smashing buffer overflow attacks.
- Reference: Canaries
- Capture-replay Attack
- Occurs when an attacker can capture data off the wire and replay it later without the bogus data being detected as bogus.
- Reference:
- Carter-Wegman Counter (CWC - data encryption mode)
- A parallelizable and patent-free high-level encryption mode that provides both encryption and built-in message integrity.
- Reference: CWC mode - Wikipedia
- CAST-5 (a.k.a CAST-128)
-
A block cipher with 64-bit blocks and key sizes up to 128 bits.
- It is patent-free and generally considered sound, but modern algorithms with larger block sizes are generally preferred (e.g., AES).
- Reference: CAST-128
- CBC Mode (Cipher Block Chaining)
-
- A block cipher mode that provides secrecy but not message integrity.
- Messages encrypted with this mode should have random initialization vectors.
-
In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted.
- This way, each ciphertext block depends on all plaintext blocks processed up to that point.
- To make each message unique, an initialization vector must be used in the first block.
- Reference: Cipher Block Chaining (CBC)
- CBC-MAC
-
A simple construction for turning a block cipher into a message authentication code.
- It only is secure when all messages MAC’d with a single key are the same size.
- However, there are several variants that thwart this problem, the most important being OMAC.
- Reference: CBC-MAC
- CCM Mode
-
This is a mode of operation for cryptographic block ciphers.
- It is an authenticated encryption algorithm designed to provide both authentication and confidentiality.
- CCM mode is only defined for block ciphers with a block length of 128 bits.
- Reference: CCM Mode
- Certificate
-
A data object that binds information about a person or some other entity to a public key.
The binding is generally done using a digital signature from a trusted third party (a certification authority).
- Reference:
- Certificate-Based Authentication
- Certificate-Based Authentication is the use of SSL and certificates to authenticate and encrypt HTTP traffic.
- Reference: What Is Certificate-Based Authentication and Why Should I Use It?
- Certificate Revocation List
- A list published by a certification authority indicating which issued certificates should be considered invalid.
- Reference:
- Certificate Signing Request
-
Data about an entity given to a certification authority.
The authority will package the data into a certificate and sign the certificate if the data in the signing request is validated.
- Reference: Certificate Signing Request
- Certification Authority
-
An entity that manages digital certificates, i.e., issues and revokes.
Verisign and InstantSSL are two well known CAs.
- Reference: Certification Authority
- Chain Responder
- An OCSP (Online Certificate Status Protocol) responder that relays the results of querying another OCSP responder.
- Reference: OCSP Protocol Details
- Challenge-Handshake Authentication Protocol (CHAP)
- The Challenge-Handshake Authentication Protocol uses a challenge/response authentication mechanism where the response varies every challenge to prevent replay attacks.
- Reference: Challenge-Handshake Authentication Protocol (CHAP)
- Checksum
- A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.
- Reference: Checksum
- Chokepoint
-
In computer security, a place in a system where input is routed for the purposes of performing data validation.
The implication is that there are few such places in a system and that all data must pass through one or more of the chokepoints.
The idea is that funneling input through a small number of choke points makes it easier to ensure that input is properly validated.
One potential concern is that poorly chosen chokepoints may not have enough information to perform input validation that is as accurate as possible.
- Reference: Creating Chokepoints
- chroot
-
A UNIX system call that sets the root directory for a process to any arbitrary directory.
The idea is compartmentalization: Even if a process is compromised, it should not be able to see interesting parts of the file system beyond its own little world.
There are some instances where chroot "jails" can be circumvented; it can be difficult to build proper operating environments to make chroot work well.
- Reference: chroot
- Cipher
- A cryptographic algorithm for encryption and decryption.
- Reference: Cipher
- Cipher Feedback Mode
-
A mode that turns a block cipher into a stream cipher.
This mode is safe only when used in particular configurations.
Generally, CTR mode and OFB mode are used instead since both have better security bounds.
- Reference: Cipher Feedback Mode
- Ciphertext
- The result of encrypting a message.
- Reference: Ciphertext
- Ciphertext Stealing Mode
-
A block cipher mode of operation that is similar to CBC mode except that the final block is processed in such a way that the output is always the same length as the input.
This mode is similar to CBC mode but does not require padding.
- Reference: Ciphertext Stealing Mode
- CLASP (Comprehesive Lightweight Application Security Process)
- An activity-driven, role based set of process components whose core contains formalized best practices for building security into your existing or new-start software development lifecycles in a structured, repeatable, and measurable way.
- Reference: Introduction to the CLASP Process
- Code Auditing
- Reviewing computer software for security problems.
- Reference: Code Audit
- Code Signing
-
Signing executable code to establish that it comes from a trustworthy vendor.
The signature must be validated using a trusted third party in order to establish identity.
- Reference: Code Signing
- Compartmentalization
-
Separating a system into parts with distinct boundaries, using simple, well- defined interfaces.
The basic idea is that of containment.
If one part is compromised, perhaps the extent of the damage can be limited.
- Reference: Compartmentalization
- Competitive Intelligence
- Competitive Intelligence is espionage using legal, or at least not obviously illegal, means.
- Reference: Competitive Intelligence
- Computer Emergency Response Team (CERT)
- An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.
- Reference: Computer Emergency Response Team (CERT)
- Confidentiality
- Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.
- Reference: Confidentiality
- Consent
- Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
- Reference: Consent
- Context Object
-
In a cryptographic library, a data object that holds the intermediate state associated with the cryptographic processing of a piece of data.
If incrementally hashing a string, a context object stores the internal state of the hash function necessary to process further data.
- Reference: RFC 8152 - CBOR Object Signing and Encryption (COSE) - IETF Tools
- Controller
- The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- Reference: Chapter 4. Controller and Processor
- Counter Mode
-
A parallelizable encryption mode that effectively turns a block cipher into a stream cipher.
It is a popular component in authenticated encryption schemes due to its optimal security bounds and good performance characteristics.
- Reference: Counter (CTR)
- Counter Mode with CBC-MAC (CCM)
- An encryption mode that provides both message secrecy and integrity. It was the first such mode that was not covered by patent.
- Reference: CCM Mode
- Countermeasure
- Reactive methods used to prevent an exploit from successfully occurring once a threat has been detected. Intrusion Prevention Systems (IPS) commonly employ countermeasures to prevent intruders form gaining further access to a computer network. Other counter measures are patches, access control lists and malware filters.
- Reference: Countermeasure
- Covert Channels
- Covert Channels are the means by which information can be communicated between two parties in a covert fashion using normal system operations. For example by changing the amount of hard drive space that is available on a file server can be used to communicate information.
- Reference: Covert Channels
- CRAM (Challenge Response Authentication Mechanism)
-
A password-based authentication mechanism using a cryptographic hash function (usually MD5).
It does not provide adequate protection against several common threats to password-based authentication systems.
HTTP Digest Authentication is a somewhat better alternative; it is replacing CRAM in most places.
- Reference: CRAM-MD5
- CRC (Cyclic Redundancy Check)
-
A means of determining whether accidental transmission errors have occurred.
Such algorithms are not cryptographically secure because attackers can often forge CRC values or even modify data maliciously in such a way that the CRC value does not change.
Instead, one should use a strong, keyed message authentication code such as HMAC or OMAC.
- Reference: Cyclic Redundancy Check
- Critical Extensions
-
In an X.509 certificate, those extensions that must be recognized by any software processing the certificate.
If a piece of software does not recognize an extension marked as critical, the software must regard the certificate as invalid.
- Reference: x.509 Certificates - Critical vs non-critical extensions
- Cross-border Processing
-
Processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State or;
Processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
- Reference: Cross-border processing and the one stop shop
- Cross-site Request Forgery (CSRF)
-
CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.
With little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attackers choosing.
A successful CSRF exploit can compromise end user data and operation in case of normal user.
If the targeted end user is the administrator account, this can compromise the entire web application.
- Reference: Cross-Site Request Forgery
- Cross-site scripting (XSS)
-
A class of problems resulting from insufficient input validation where one user can add content to a web site that can be malicious when viewed by other users to the web site.
For example, one might post to a message board that accepts arbitrary HTML and include a malicious code item.
- Reference: Cross-site scripting (XSS)
- Cryptanalysis
- The science of breaking cryptographic algorithms.
- Reference: Cryptanalysis
- Cryptographic Hash Function
-
A function that takes an input string of arbitrary length and produces a fixed- size output, where it is unfeasible:
To find two inputs that map to the same output.
To learn anything about the input from the output.
- Reference: Cryptographic Hash Function
- Cryptographic Randomness
-
Data produced by a cryptographic pseudo-random number generator.
The probability of figuring out the internal state of the generator is related to the strength of the underlying cryptography, i.e., assuming the generator is seeded with enough entropy.
- Reference: Cryptographically Secure Pseudo-random Number Generator
- Cryptography
- The science of providing secrecy, integrity, and non-repudiation for data.
- Reference: Cryptography
- CWE (Common Weakness Enumeration)
-
The CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are:
Often easy to find, and easy to exploit.
Dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
- Reference: Home: CWE (Common Weakness Enumeration)
D
- DACL (Discretionary Access Control List)
- In a Windows ACL (Access Control List), a list that determines access rights to an object.
- Reference: Discretionary Access Control
- Data Concerning Health
- Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
- Reference: Health data in the workplace
- Data Controller
- The entity that determines the purposes, conditions, and means of the processing of personal data.
- Reference: Art. 24 GDPR Responsibility of the controller
- Data Encryption Standard
-
An encryption algorithm standardized by the US Government.
The key length is too short, so this algorithm should be considered insecure.
The effective key strength is 56 bits; the actual key size is 64 bits — 8 bits are wasted.
However, there are variations such as Triple DES and DESX that increase security while also increasing the key size.
- Reference: Data Encryption Standard
- Data Erasure (The Right to be Forgotten)
- Entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data.
- Reference: Art. 17 GDPR Right to erasure ("right to be forgotten")
- Data Portability
- The requirement for controllers to provide the data subject with a copy of his or her data in a format that allows for easy use with another controller.
- Reference: Data Portability
- Data Processor
- The entity that processes data on behalf of the Data Controller.
- Reference: What is a data processor?
- Data Protection Authority (DPA)
- National authorities tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations within the Union.
- Reference: What are Data Protection Authorities (DPAs)?
- Data Protection Officer (DPO)
- An expert on data privacy who works independently to ensure that an entity is adhering to the policies and procedures set forth in the GDPR.
- Reference: Data Protection Officers (DPOs)
- Data Subject
- A natural person whose personal data is processed by a controller or processor.
- Reference: What is a Data Subject?
- Davies-Meyer
- An algorithm for turning a block cipher into a cryptographic one-way hash function.
- Reference: Davies-Meyer
- Default Deny
-
A paradigm for access control and input validation where an action must explicitly be allowed.
The idea behind this paradigm is that one should limit the possibilities for unexpected behavior by being strict, instead of lenient, with rules.
- Reference: AWS Evaluation Logic
- Defense-in-depth (a.k.a. Castle Approach)
-
A principle for building systems stating that multiple defensive mechanisms at different layers of a system are usually more secure than a single layer of defense.
For example, when performing input validation, one might validate user data as it comes in and then also validate it before each use — just in case something was not caught, or the underlying components are linked against a different front end, etc.
- Reference: Defense In Depth
- DEK (Data Encryption Key)
- A data encrypting key.
- Reference: Data Encryption Key
- Delegated Acts
- Non-legislative acts enacted in order to supplement existing legislation and provide criteria or clarity.
- Reference: Chapter 10. Delegated acts and implementing acts
- Delta CRLs
- A variation of Certificate Revocation Lists that allows for incremental updating, as an effort to avoid frequently re-downloading a large amount of unchanged data.
- Reference: RFC 5280 - 5.2.4. Delta CRL Indicator
- Denial of Service (DDoS) Attack
-
Any attack that affects the availability of a service.
Reliability bugs that cause a service to crash or go into some sort of vegetative state are usually potential denial-of-service problems.
- Reference: Denial-Of-Service (DDoS) attack
- Derogation
- An exemption from a law.
- Reference: Article 49. GDPR Derogations for specific situations
- DES (Data Encryption Standard)
- The Data Encryption Standard is a symmetric-key algorithm for the encryption of electronic data.
- Reference: Data Encryption Standard
- DESX (DES-XEX3-CBC block cipher trans-form interface)
-
An extended version of DES that increases the resistance to brute-force attack in a highly efficient way by increasing the key length.
The extra key material is mixed into the encryption process, using XORs.
This technique does not improve resistance to differential attacks, but such attacks are still generally considered unfeasible against DES.
- Reference: DES-X
- Dictionary Attack
-
An attack against a cryptographic system, using precomputating values to build a dictionary.
For example, in a password system, one might keep a dictionary mapping ciphertext pairs in plaintext form to keys for a single plaintext that frequently occurs.
A large enough key space can render this attack useless.
In a password system, there are similar dictionary attacks, which are somewhat alleviated by salt.
The end result is that the attacker — once he knows the salt — can do a "Crack"-style dictionary attack.
Crack-style attacks can be avoided to some degree by making the password verifier computationally expensive to compute.
Select strong random passwords, or do not use a password-based system.
- Reference: Dictionary Attack
- Differential Cryptanalysis
-
A type of cryptographic attack where an attacker who can select related inputs learns information about the key from comparing the outputs.
Modern ciphers of merit are designed in such a way as to thwart such attacks.
Also note that such attacks generally require enough chosen plaintexts as to be considered unfeasible, even when there is a cipher that theoretically falls prey to such a problem.
- Reference: Differential Cryptanalysis
- Diffie-Hellman Key Exchange
-
A method for exchanging a secret key over an untrusted medium in such a way as to preserve the secrecy of the key.
The two parties both contribute random data that factors into the final shared secret.
The fundamental problem with this method is authenticating the party with whom you exchanged keys.
The simple Diffie-Hellman protocol does not do that.
One must also use some public-key authentication system such as DSA.
- Reference: Diffie-Hellman Key Exchange
- Digest Size
- The output size for a hash function.
- Reference: Cryptographic Hash Function
- Digital Signature
-
Data that proves that a document (or other piece of data) was not modified since being processed by a particular entity.
Generally, what this really means is that (if someone "signs" a piece of data) anyone who has the right public key can demonstrate which private key was used to sign the data.
- Reference: Digital Signature
- Digital Signature Algorithm (DSA)
-
The Digital Signature Algorithm.
This is a public key algorithm dedicated to digital signatures which was standardized by NIST.
It is based on the same mathematical principles as Diffie-Hellman.
- Reference: Digital Signature Algorithm
- Directive
- A legislative act that sets out a goal that all EU countries must achieve through their own national laws.
- Reference: Article 94. GDPR Repeal of Directive 95/46/EC
- Distinguished Encoding Rules (DER)
- A set of rules used that describes how to encode ASN.1 data objects unambiguously.
- Reference: DER Encoding
- Distinguished Name
-
In an X.509 certificate, a field that uniquely specifies the user or group to which the certificate is bound.
Usually, the Distinguished Name will contain a user’s name or User ID, an organizational name, and a country designation.
For a server certificate, it will often contain the DNS name of the machine.
- Reference: Distinguished Names
E
- Eavesdropping Attack
- Any attack on a data connection where one simply records or views data instead of tampering with the connection.
- Reference: Eavesdropping Attack
- Electronic Code Book Mode (ECB)
-
An encryption mode for block ciphers that is more or less a direct use of the underlying block cipher.
The only difference is that a message is padded out to a multiple of the block length.
This mode should not be used under any circumstances.
- Reference: Electronic Code Book (ECB)
- Eliptic Curve Cryptography
-
A type of public key cryptography that due to smaller key sizes, tends to be more efficient that standard cryptography.
The basic algorithms are essentially the same, except that the operations are performed over different mathematical groups (called eliptic curves).
- Reference: Eliptic-Curve Cryptography
- EME-OAEP Padding
- A padding scheme for public key cryptography that uses a "random" value generated by using a cryptographic hash function in order to prevent particular types of attacks against RSA.
- Reference: Optimal Asymmetric Encryption Padding
- Encrypt-Then-Authenticate
-
When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one encrypts the plaintext, then MACs the ciphertext.
This paradigm has theoretically appealing properties and is recommended to use in practice.
- Reference: Authenticated encryption
- Encrypted Data
- Personal data that is protected through technological measures to ensure that the data is only accessible/readable by those with specified access.
- Reference: GDPR encryption: What you should know and what you do not know.
- Endianess
- The byte ordering scheme that a machine uses (usually either little endian or big endian).
- Reference: Endianess
- Enterprise
- A natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.
- Reference: Key articles in the GDPR for the enterprise
- Entropy
-
Refers to the inherent unknowability of data to external observers.
If a bit is just as likely to be a 1 as a 0 and a user does not know which it is, then the bit contains one bit of entropy.
- Reference: Entropy (Information Theory)
- Entropy Gathering Daemon
- A substitute for /dev/random; a tool used for entropy harvesting.
- Reference: Entropy Gathering Daemon
- Entropy Harvester
-
A piece of software responsible for gathering entropy from a machine and distilling it into small pieces of high entropy data.
Often an entropy harvester will produce a seed for a cryptographic pseudo-random number generator.
- Reference: Entropy Harvesting
- Ephemeral Keying
-
Using one-time public key pairs for session key exchange in order to prevent recovering previous session keys if a private key is compromised.
Long-term public key pairs are still used to establish identity.
- Reference: Ephemeral Key
- Euclidian Algorithm
- An algorithm that computes the greatest common divisor of any two numbers.
- Reference: Euclidian Algorithm
- Extended Euclidian Algorithm
-
An algorithm used to compute the inverse of a number modulo "some other number".
It also refers to a very similar algorithm for computing the polynomial greatest common divisor and the coefficients of Bézout's identity of two univariate polynomials.
- Reference: Extended Euclidian Algorithm
F
- Filing System
- Any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
- Reference:
- Fingerprint
- The output of a cryptographic hash function.
- Reference: Fingerprint (computing)
- FIPS (Federal Information Processing Standard)
-
A set of standards from NIST.
-
Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors.
-
- Reference: Federal Information Processing Standards
- FIPS-140
- A standard authored by the U.S. National Institute of Standards and Technology, that details general security requirements for cryptographic software deployed in a government systems (primarily cryptographic providers).
- Reference: FIPS 140
- Format String Attack
- The C standard library uses specifiers to format output. If an attacker can control the input to such a format string, he can often write to arbitrary memory locations.
- Reference: Format String Attack
- Forward Secrecy
-
Ensuring that the compromise of a secret does not divulge information that could lead to data protected prior to the compromise.
In many systems with forward secrecy, it is only provided on a per-session basis.
This means that a key compromise will not affect previous sessions, but would allow an attacker to decrypt previous messages sent as a part of the current session.
- Reference: Forward Secrecy
G
- GDPR (European Union General Data Protection Regulation)
-
The General Data Protection Regulation aims to offer EU citizens a uniform and harmonised approach towards privacy in the European Union, and seeks to strengthen people’s rights to data protection as set out in Article 8 of the EU Charter of Fundamental Rights.
Although the document became valid 20 days after the approval date, the enforcement date was established as May 25, 2018.
One of the first changes, and a fundamental change, from the former data protection framework (EU Data Protection Directive – Directive 95/46/EU) is that, after many debates, the EU Parliament decided that the new privacy framework would be established in the form of a regulation rather than a directive.
- Reference: GDPR (European Union General Data Protection Regulation)
- Genetic Data
- Personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.
- Reference: Genetic Data
- Group of Undertakings
- A controlling undertaking and its controlled undertakings.
- Reference: GDPR Recital 37. GDPR and a group of undertakings
H
- Hash Function
-
A function that maps a string of arbitrary length to a fixed size value in a deterministic manner.
Such a function may or may not have cryptographic applications.
- Reference: Hash Function
- Hash Function (Cryptographic)
- A cryptographic hash function is a special class of hash function that has certain properties which make it suitable for use in cryptography.
- Reference: Hash Function (Cryptographic)
- Hash Function (One-way)
- One-way hash functions transform input messages of various length into output sequences of fixed length (usually shorter).
- Reference: One-way Hash Function
- Hash Function (Universal)
- In mathematics and computing universal hashing (in a randomized algorithm or data structure) refers to selecting a hash function at random from a family of hash functions with a certain mathematical property.
- Reference: Universal Hashing
- Hash Output
-
A cryptographic hash function is a special class of hash function that has certain properties which make it suitable for use in cryptography.
The input data is often called the message, and the output (the hash value or hash) is often called the message digest or simply the digest.
- Reference: Hash Output
- Hash Value
-
The output of a hash function.
Hash values can be thought of as fingerprints for files.
A hash value is a numeric value of a fixed length that uniquely identifies data.
- Reference: Ensuring Data Integrity with Hash Codes
- hash127
- A fast, universal hash function from Dan Bernstein that computes a provably secure 127-bit secret-key authenticator of an arbitrarily long message.
- Reference: hash127
- HMAC (Keyed-Hash Message Authentication Code)
- A well-known algorithm for converting a cryptographic one-way hash function into a message authentication code.
- Reference: HMAC
- Honey Pot
- A strategy of setting up resources which an attacker believes are real but are infact designed specifically to catch the attacker.
- Reference: Honeypot (Computing)
I
- IDEA (International Data Encryption Algorithm)
- A block cipher with 128-bit keys and 64-bit blocks popularly used with PGP. It is currently protected by patents.
- Reference: International Data Encryption Algorithm
- Identity establishment
- Regarding authentication, each authentication factor covers a range of elements used to authenticate or verify a person's identity prior to being granted access, approving a transaction request, signing a document or other work product, granting authority to others, and establishing a chain of authority.
- Reference: Factors and identity
- Impact
-
A component of Risk, the impact describes the negative effect that results from a risk being realised.
Example impacts include financial loss, legal and regulatory issues, brand and reputation damage, data loss, breach of contract, and so on.
- Reference: What are the Components of Risk?
- Indirect CRLs
- A CRL issued by a third party that can contain certificates from multiple CA's.
- Reference: Indirect CRLs
- Information Society Service
- a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council
- Reference:
- Initialization Vector
-
A value used to initialize a cryptographic algorithm.
Often, the implication is that the value must be random.
- Reference: Initialization Vector
- Input Validation
- The act of determining that data input to a program is sound.
- Reference: Input Validation Cheat Sheet - OWASP
- Integer Overflow
-
When an integer value is too big to be held by its associated data type, the results can often be disastrous.
This is often a problem when converting unsigned numbers to signed values.
- Reference:
- Integrity Checking
-
The act of checking whether a message has been modified either maliciously or by accident.
Cryptographically strong message integrity algorithms should always be used when integrity is important.
- Reference: Provenance-based Data Integrity Checking and Verification in Cloud Environments
- Interleaved Encryption
- Processing the encryption of a message as multiple messages, generally treating every nth block as part of a single message.
- Reference: Authenticated Interleaved Encryption
- International Organization
- An organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.
- Reference: What Does GDPR Mean for International Organizations?
- ISO/IEC 17799
- Reference: ISO/IEC 17799:2005 - Information Technology - Security Techniques
J
- Jail
-
A restricted execution environment meant to compartmentalize a process, so that even if it has security problems it cannot hurt resources which it would not normally have access to use.
On FreeBSD, a system call similar to chroot that provides compartmentalization.
Unlike chroot, it can also restrict network resources in addition to file system resources.
- Reference: Jail Implementations
K
- Kerberos
-
An authentication protocol that relies solely on symmetric cryptography, as opposed to public key cryptography.
It still relies on a trusted third party (an authentication server).
While Kerberos is often looked upon as a way to avoid problems with Public Key Infrastructure, it can be difficult to scale Kerberos beyond medium-sized organizations.
- Reference: Kerberos: The Network Authentication Protocol - MIT
- Key Agreement
- The process of two parties agreeing on a shared secret, where both parties contribute material to the key.
- Reference: Key Agreement Protocol
- Key Establishment
- The process of agreeing on a shared secret, where both parties contribute material to the key.
- Reference: Key Exchange/Establishment
- Key Exchange
- The process of two parties agreeing on a shared secret, usually implying that both parties contribute to the key.
- Reference: Key Exchange/Establishment
- Key Management
- Mechanisms and process for secure creation, storage, and handling of key material.
- Reference: Key Management
- Key Schedule
- In a block cipher, keys used for individual "rounds" of encryption, derived from the base key in a cipher-dependent manner.
- Reference: Key Schedule
- Key Transport
- When one party picks a session key and communicates it to a second party.
- Reference: Key Transport
- Keystream Output
- This occurs from a stream cipher. The pseudo-random keystream is typically generated serially from a random seed value using digital shift registers.
- Reference: Keystream Output
L
- LDAP (Lightweight Directory Access Protocol)
- A directory protocol commonly used for storing and distributing CRLs.
- Reference: LDAP
- Length Extension Attack
-
A class of attack on message authentication codes, where a tag can be forged without the key by extending a pre-existing message in a particular way.
CBC-MAC in its simplest form has this problem, but variants protect against it (particularly OMAC).
- Reference: Length Extension Attack
- Likelihood
-
A component of risk, likelihood describes the chance that a risk will be realised and the negative impact will occur.
It is typically described in general terms like "low", "medium", and "high".
Sometimes an actual probability is possible (e.g., the probability of two documents producing the same CRC-16 is approximately 1 in 65536).
The likelihood of a technical risk is often related to the likelihood of a vulnerability being successfully exploited.
This likelihood is often influenced by factors like how accessible the vulnerability is, the degree to which special tools need to be used to be successful, the amount of specialised knowledge an attacker needs, and so on.
Likelihood is combined with impact to produce a severity estimate for a risk.
- Reference: Likelihood - Risk Assessment
- LFSR (Linear Feedback Shift Register)
- A non-cryptographic class of pseudo-random number generators, where output is determined by shifting out "output" bits and shifting in "input" bits, where the input bits are a function of the internal state of the register, perhaps combined with new entropy. LFSRs are based on polynomial math, and are not secure in and of themselves; however, they can be put to good use as a component in more secure cryptosystems.
- Reference: LFSR (Linear Feedback Shift Register)
- Linear Cryptanalysis
-
A type of cryptanalytic attack where linear approximations of behavior are used.
Modern ciphers of merit are designed in such a way as to thwart such attacks.
Also note that such attacks generally require enough chosen plaintexts as to be considered unfeasible — even when there is a cipher that theoretically falls prey to such a problem (such as DES).
- Reference: Linear Cryptanalysis
- Little Endian
- Refers to machines representing words of data with the least significant byte first, such as the Intel x86.
- Reference: Little Endian
M
- MAC (Message Authentication Code)
- A function that takes a message and a secret key (and possibly a nonce) and produces an output that cannot, in practice, be forged without possessing the secret key.
- Reference: MAC (Message Authentication Code)
- Main Establishment
-
A controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment
a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation
- Reference:
- Man-in-the-middle Attack
-
An eavesdropping attack where a client’s communication with a server is proxied by an attacker.
Generally, the implication is that the client performs a cryptographic key exchange with an entity and fails to authenticate that entity.
This allows an attacker to look like a valid server.
- Reference: Man-in-the-middle Attack
- Matyas-Meyer-Oseas
- A construction for turning a block cipher into a cryptographic one-way hash function.
- Reference: Matyas-Meyer-Oseas
- MCF (Modular Crypt Format)
- The Modular Crypt Format, a de-facto data format standard for storing password hashes commonly used on UNIX boxes as a replacement for the traditional UNIX crypt() format.
- Reference: MCF (Modular Crypt Format)
- MD-Strengthening (Merkle–Damgård construction)
-
Merkel-Damgard strengthening, a general method for turning a collision-resistant compression function into a collision-resistant hash function by adding padding and an encoded length to the end of the input message.
The key point behind MD-strengthening is that no possible input to the underlying hash function can be the tail end of a different input.
- Reference: MD-Strengthening
- MD2 (Message-Digest Algorithm)
-
A cryptographic hash function optimized for 16-bit platforms.
It has poor performance characteristics on other platforms and has a weak internal structure.
- Reference: MD2
- MD4 (Message-Digest Algorithm)
- A cryptographic hash function that is known to be broken and should not be used under any circumstances.
- Reference: MD4
- MD5 (Message-Digest Algorithm)
-
A popular and fast cryptographic hash function that outputs 128-bit message digests.
Its internal structure is known to be weak and should be avoided if at all possible.
- Reference: MD5
- MD5-MCF
- A way of using MD5 to store password authentication information, using the modular crypt format.
- Reference: Performing Password-Based Authentication with MD5-MCF
- MDC2
- A construction for turning a block cipher into a cryptographic hash function, where the output length is twice the block size of the cipher.
- Reference: MDC2
- Meet-in-the-middle Attack
-
A theoretical attack against encrypting a message twice using a single block cipher and two different keys.
For example, double encryption with DES theoretically is no more secure than DES, which is why Triple DES became popular (it gives twice the effective key strength).
- Reference: Meet-in-the-middle Attack
- Message Digest
- The output of a hash function.
- Reference: Message Digest
- Message Integrity
- A message has integrity if it maintains the value it is supposed to maintain, as opposed to being modified on accident or as part of an attack.
- Reference: Message Integrity
- Methodology
- A mature set of processes applied to various stages of an applications' lifecycle to help reduce the likelihood of security vulnerabilities presence or exploitation.
- Reference: Methodology
- Metrics
- A metric is a standard unit of measure, such as meter or mile for length, or gram or ton for weight, or more generally, part of a system of parameters, or systems of measurement, or a set of ways of quantitatively and periodically measuring, assessing, controlling or selecting a person, process, event, or institution, along with the procedures to carry out measurements and the procedures for the interpretation of the assessment in the light of previous or comparable assessments.
- Reference: Metric
- Miller-Rabin
-
A primality test that is efficient because it is probabilistic, meaning that there is some chance it reports a composite (non-prime) number as a prime.
There is a trade-off between efficiency and probability, but one can gain extremely high assurance without making unreasonable sacrifices in efficiency.
- Reference: Miller–Rabin Primality Test
- Model
- A model is a pattern, plan, representation (especially in miniature), or description designed to show the main object or workings of an object, system, or concept.
- Reference: Model
- Modulus
-
In the context of public key cryptography, a value by which all other values are reduced.
That is, if a number is bigger than the modulus, the value of the number is considered to be the same as if the number were the remainder after dividing the number by the modulus.
- Reference: Modulus
N
- Near-Collision Resistance
- Given a plaintext value and the corresponding hash value, it should be computationally unfeasible to find a second plaintext value that gives the same hash value.
- Reference: Near-Collision Resistance
- NIST (National Institute of Standards and Technology)
-
The National Institute of Standards and Technology is a division of the U.S. Department of Commerce.
NIST issues standards and guidelines, with the hope that they will be adopted by the computing community.
- Reference: NIST
- Non-Repudiation
-
The capability of establishing that a message was signed by a particular entity.
That is, a message is said to be non-repudiatable when a user sends it, and one can prove that the user sent it.
In practice, cryptography can demonstrate that only particular key material was used to produce a message.
There are always legal defenses such as stolen credentials or duress.
- Reference: Non-Repudiation
- Nonce
-
A value used with a cryptographic algorithm that must be unique in order to maintain the security of the system.
Generally, the uniqueness requirement holds only for a single key — meaning that a {key, nonce} pair should never be reused.
- Reference: Cryptographic Nonce
O
- OCB (Offset Code Book) Mode
- A patented encryption mode for block ciphers that provides both secrecy and message integrity and is capable of doing so at high speeds.
- Reference: OCB Mode
- OCSP (Online Certificate Status Protocol)
-
A protocol for determining whether a digital certificate is valid in real time without using CRLs.
This protocol (usually abbreviated OCSP) is specified in RFC 2560.
- Reference::
- OCSP Responder
- The server side software that answers OCSP requests.
- Reference: OCSP Responder
- OFB (Output Feedback) Mode
-
A block cipher mode that turns a block cipher into a stream cipher.
The mode works by continually encrypting the previous block of keystream.
The first block of keystream is generated by encrypting an initialization vector.
- Reference: >OFB Mode
- OMAC (One-key CBC-MAC)
-
A secure, efficient way for turning a block cipher into a message authentication code.
It is an improvement of the CBC-MAC, which is not secure in the arbitrary case.
Other CBC-MAC variants use multiple keys in order to fix the problem with CBC-MAC.
OMAC uses a single key and still has appealing provable security properties.
- Reference: One-key MAC
- One-time Pad
- A particular cryptographic system that is provably secure in some sense, but highly impractical, because it requires a bit of entropy for every bit of message.
- Reference: One-time Pad
- One-time Password
-
A password that is only valid once.
Generally, such passwords are derived from some master secret which is shared by an entity and an authentication server.
They are calculated via a challenge-response protocol.
- Reference: One-time Password
- One-way Hash Function
- A hash function where it is computationally unfeasible to determine anything about the input from the output.
- Reference: One-way Hash Function
P
- Padding
-
Data added to a message that is not part of the message.
For example, some block cipher modes require messages to be padded to a length that is evenly divisible by the block length of the cipher, i.e., the number of bytes that the cipher processes at once.
- Reference: Padding
- PAM (Pluggable Authentication Modules)
-
Pluggable Authentication Modules is a technology for abstracting out authentication at the host level.
It is similar to SASL, but is a bit higher up in the network stack
It tends to be a much easier technology to use, particularly for system administrators, who can configure authentication policies quite easily using PAM.
- Reference: PAM
- Partial Collision Resistance
- When it is unfeasible to find two arbitrary inputs to a hash function that produce similar outputs, i.e., outputs that differ in only a few bits.
- Reference: Collision Resistance
- Passive Attack
- A passive attack on a cryptosystem is one in which the cryptanalyst cannot interact with any of the parties involved, attempting to break the system solely based upon observed data (i.e. the ciphertext).
- Reference: Passive Attack
- Passphrase
- A synonym for "password", meant to encourage people to use longer (it is hoped, more secure) values.
- Reference: Passphrase
- Password
- A value that is used for authentication.
- Reference: Password
- PBKDF2 (Password-Based Key Derivation Function #2)
- An algorithm defined in PKCS #5 for deriving a random value from a password.
- Reference: PBKDF2
- PEM (Privacy-enhanced Electronic Mail) Encoding
-
A simple encoding scheme for cryptographic objects that outputs printable values (by Base 64 encoding a DER-encoded representation of the cryptographic object).
The scheme was first introduced in Privacy Enhanced Mail, a defunct way of providing E-mail security.
- Reference: PEM Encoding
- Personal Data
- Any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
- Reference: What is personal data?
- Personal Data Breach
- A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- Reference: Personal data breaches
- PFS (Perfect Forward Secrecy)
- Ensuring that the compromise of a secret does not divulge information that could lead to the recovery of data protected prior to the compromise.
- Reference: Introduction to Perfect Forward Secrecy
- PKCS #1 (Public Key Cryptography Standard #1)
- A standard from RSA Labs specifying how to use the RSA algorithm for encrypting and signing data.
- Reference: PKCS #1
- PKCS #1 (Public Key Cryptography Standard #1) Padding
-
This form of padding can encrypt messages up to 11 bytes smaller than the modulus size in bytes.
You should not use this method for any purpose other than encrypting session keys or hash values.
- Reference: PKCS #1 Padding
- PKCS #3 (Public Key Cryptography Standard #3)
- A standard from RSA Labs specifying how to implement the Diffie-Hellman key exchange protocol.
- Reference: PKCS #3
- PKCS #5 (Public Key Cryptography Standard #5)
- A standard from RSA Labs specifying how to derive cryptographic keys from a password.
- Reference: RFC 2898 - PKCS #5: Password-Based Cryptography
- PKCS #7 (Public Key Cryptography Standard #7)
- A standard from RSA Labs specifying a generic syntax for data that may be encrypted or signed.
- Reference: RFC 2315 - PKCS #7: Cryptographic Message Syntax Version 1.5
- PKCS #10 (Public Key Cryptography Standard #10)
- Describes a standard syntax for certification requests.
- Reference: RFC 2986 - PKCS #10: Certification Request Syntax Specification
- PKCS #11 (Public Key Cryptography Standard #11)
- Specifies a programming interface called Cryptoki for portable cryptographic devices of all kinds.
- Reference: PKCS #11
- PKI (Public Key Infrastructure)
-
A system that provides a means for establishing trust as to what identity is associated with a public key.
Some sort of Public Key Infrastructure (PKI) is necessary to give reasonable assurance that one is communicating securely with the proper party, even if that infrastructure is "ad hoc".
- Reference: Public Key Infrastructure
- Plaintext
- An unencrypted message.
- Reference: Plaintext
- PMAC (Parallelizable MAC)
-
The MAC portion of the OCB block cipher mode.
It is a patented way of turning a block cipher into a secure, parallelizable MAC.
- Reference: PMAC
- Precomputation Attack
-
Any attack that involves precomputing significant amounts of data in advance of opportunities to launch an attack.
A dictionary attack is a common precomputation attack.
- Reference: Logjam, Diffie-Hellman and Precomputation Attacks
- Predictive Modeling
-
Predictive modeling is the process by which a model is created or chosen to try to best predict the probability of an outcome.
In many cases the model is chosen on the basis of detection theory to try to guess the probability of a signal given a set amount of input data, for example given an email determining how likely that it is spam.
- Reference: Predictive Modeling
- Privacy by Design
- A principle that calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition.
- Reference: GDPR Privacy by Design
- Privacy Impact Assessment
- A tool used to identify and reduce the privacy risks of entities by analysing the personal data that are processed and the policies in place to protect the data
- Reference: GDPR Privacy Impact Assessments
- Private Key
- In a public key cryptosystem, key material that is bound tightly to an individual entity that must remain secret in order for there to be secure communication.
- Reference: What is a Private Key?
- Privilege Separation
-
A technique for trying to minimize the impact that a programming flaw can have, where operations requiring privilege are separated out into a small, independent component (hopefully audited with care).
Generally, the component is implemented as an independent process, and it spawns off a non-privileged process to do most of the real work.
The two processes keep open a communication link, speaking a simple protocol.
- Reference: Privilege Separation
- Processor
- A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Reference: Art.28 GDPR Processor
- Processing
- Any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.
- Reference: Article 5. GDPR Principles relating to processing of personal data
- PRNG (Pseudo-Random Number Generator)
-
An algorithm that produces statistically random outputs.
Many PRNGs are completely predictable, though their outputs are statistically random.
A pseudo-random number generator may be operated in a secure way if it is regularly "seeded" with enough unpredictable entropy.
Most popular pseudo-random number generators are not secure.
- Reference: PRNG
- Profiling
- Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
- Reference: GDPR and Profiling
- Processing
- Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Reference: What constitutes data processing?
- Pseudonymisation
- The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- Reference: Pseudonymisation
- Public Key
-
In a public key cryptosystem, the key material that can be published publicly without compromising the security of the system.
Generally, this material must be published; its authenticity must be determined definitively.
- Reference: Public Key Cryptography
Q
- QRLJacking (Quick Response Code Login Jacking)
-
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on "Login with QR code" feature as a secure way to login into accounts.
In a simple way, the victim scans the attacker's QR code results of session hijacking.
- Reference: QRLJacking
R
- RA (Registration Authority)
- An organization that is responsible for validating the identity of entities trying to obtain credentials in a Public Key Infrastructure.
- Reference: Registration Authority
- Race Condition
-
A class of error in environments that are multi-threaded or otherwise multi-tasking, where an operation is falsely assumed to be atomic.
That is, if two operations overlap instead of being done sequentially, there is some risk of the resulting computation not being correct.
There are many cases where such a condition can be security critical.
- Reference: Race Condition
- Randomness
-
Randomness has both mathematical and colloquial definitions.
Mathematically speaking, random outcomes are independent and equally likely to occur.
Colloquially, random usually implies being unpredictable and/or unguessable.
Random data is often tested with statistical tests that search for evidence to disprove the assertion that the data is random (e.g., patterns, cycles, bias).
Data that is statistically random can be completely predictable.
Thus it is usually insufficient to refer to "random data".
- Reference: Randomness
- RC2 (Rivest Cipher)
- A block cipher with variable key sizes and 64-bit blocks.
- Reference: RC2
- RC4 (Rivest Cipher 4; 4-line Stream Cipher)
-
A widely used stream cipher that is relatively fast but with some significant problems.
One practical problem is that it has a weak key setup algorithm, though this problem can be mitigated with care.
Another more theoretical problem is that RC4’s output is easy to distinguish from a truly random stream of numbers.
This problem indicates that RC4 is probably not a good long-term choice for data security.
- Reference: RC4
- RC5 (Rivest Cipher 5)
- A block cipher that has several tunable parameters.
- Reference: RC5
- Recipient
-
A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients
The processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
- Reference: Recipient
- Regulation
- A binding legislative act that must be applied in its entirety across the European Union.
- Reference: General Data Protection Regulation
- Rekeying
- Changing a key in a cryptographic system.
- Reference: Rekeying
- Related Key Attack
- A class of cryptographic attack where one takes advantage of known relationships between keys to expose information about the keys or the messages those keys are protecting.
- Reference: Related Key Attack
- Relevant and Reasoned Objection
- An objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.
- Reference:
- Representative
- A natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation.
- Reference: Art. 27 GDPR Representatives of controllers or processors not established in the Union
- Restriction of Processing
- The marking of stored personal data with the aim of limiting their processing in the future.
- Reference: Article 18 GDPR - Right to restriction of processing
- Revocation
- In the context of Public Key Infrastructure, the act of voiding a digital certificate.
- Reference: Revocation
- Right to Access (Subject Access Right)
- Entitles the data subject to have access to and information about the personal data that a controller has concerning them.
- Reference: GDPR Right of Access
- Right to be Forgotten (Data Erasure)
- Entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data.
- Reference: GDPR Right to be Forgotten
- Risk
-
Risk is the possibility of a negative or undesirable occurance.
There are two independent parts of risk: Impact and Likelihood.
To reduce risk, one can reduce the impact, reduce the likelihood, or both.
Risk can also be accepted (meaning that the full impact of the negative outcome will be borne by the entity at risk).
The impact and likelihood of a risk are usually combined to create an estimate of its Severity.
- Reference: Cryptographic Risks
- RIPEMD-160
-
A cryptographic hash function that is well regarded.
It has a 160-bit output and is a bit slower than SHA1.
- Reference: RIPEMD-160 hashes
- RMAC (Randomized Matrix Arithmetic Coding)
-
A construction for making a Message Authentication Code out of a block cipher.
It is not generally secure in the way that OMAC is. .
It is generally considered not worth using due to the existence of better alternatives
- Reference: RMAC
- Rollback Attack
- An attack where one forces communicating parties to agree on an insecure protocol version.
- Reference: Rollback Attack
- Root Certificate
-
A certificate that is intrinsically trusted by entities in a Public Key Infrastructure and generally should be transported over a secure medium.
Root certificates belong to a Certification Authority and are used to sign other certificates that are deemed to be valid.
When a system tries to establish the validity of a certificate, one of the first things that should happen is that it should look for a chain of trust to a known, trusted root certificate.
That is, if the certificate to be validated is not signed by a root, one checks the certificate(s) used to sign it to determine if those were signed by a root cert.
- Reference: Root Certificate
- Round
-
In a block cipher, a group of operations applied as a unit that has an inverse that undoes the operation.
Most block ciphers define a round operation and then apply that round operation numerous times — though often applying a different key for each round, where the round key is somehow derived from the base key.
- Reference: Round
- RSA (Rivest–Shamir–Adleman)
-
A popular public key algorithm for encryption and digital signatures invented by Ron Rivest, Adi Shamir and Leonard Adleman.
It is believed that, if factoring large numbers is computationally unfeasible, then RSA can be used securely in practice.
- Reference: RSA
S
- S/Key
- A popular One-time password system.
- Reference: S/Key
- S/MIME
-
A protocol for secure electronic mail standardized by the IETF.
It relies on standard X.509-based Public Key Infrastructure.
- Reference: S/MIME
- SACL (System Access Control List)
- In Windows, the part of an ACL that determines audit logging policy.
- Reference: SACL
- SAKA (Secure Authentication and Key Agreement Protocol for GSM Networks)
-
SAKA's aim is to resolve security issues associated with the GSM Authentication Protocol, and can protect the GSM network from various attacks like:
Impersonation attack
Man-in-the-middle attack
Redirection attack
Replay attack
- Reference: SAKA Documentation
- Salt
- Data that can be public but is used to prevent against precomputation attacks.
- Reference: Salt
- SASL (Simple Authentication and Security Layer)
-
The Simple Authentication and Security Layer, which is a method for adding authentication services to network protocols somewhat generically.
It is also capable of providing key exchange in many circumstances.
- Reference: SASL
- Secret Key
- A secret key is the piece of information or parameter that is used to encrypt and decrypt messages in a symmetric, or secret-key, encryption.
- Reference: Secret Key
- Secure Socket Layer (SSL)
-
A popular Transport Layer protocol for establishing secure channels over a reliable transport, utilizing a standard X.509 Public Key Infrastructure for authenticating machines.
This protocol has evolved into the TLS protocol, but the term SSL is often used to generically refer to both.
- Reference: Secure Socket Layer
- SEED
-
SEED is a block cipher developed by the Korea Information Security Agency (KISA).
It is used broadly throughout South Korean industry, but seldom found elsewhere.
It gained popularity in Korea because 40-bit encryption was not considered strong enough, so the Korea Information Security Agency developed its own standard.
- Reference: SEED
- Seed (Random Seed)
- A value used to initialize a pseudo-random number generator.
- Reference: Random Seed
- Self-signed Certificate
-
A certificate signed by the private key associated with that certificate.
In an X.509 Public Key Infrastructure, all certificates need to be signed.
Since root certificates have no third-party signature to establish their authenticity, they are used to sign themselves.
In such a case, trust in the certificate must be established by some other means.
- Reference: Self-signed Certificate
- Serpent
-
A modern block cipher with 128-bit blocks and variable-sized keys.
A finalist in the AES competition, Serpent has a higher security margin by design than other candidates, and is a bit slower on typical 32-bit hardware as a result.
- Reference: Serpent
- Session Token/ID
-
A value that represents a user's identity during their session.
Typically the user provides some form of credentials (e.g., username, password, possibly a one-time token value from a second authentication factor) and the server returns a token value that represents the user's identity.
In web applications, this token is often returned in a cookie.
The client application includes the session token with each request, enabling the server to associate each request with the same user, role, and session.
- Reference: Session Token/ID
- Severity (Risk)
-
The severity of a risk combines its likelihood and impact into a single measure.
-
This combination often follows the guidance of NIST Special Publication 800-30, though some practitioners opt to use their own scale.
-
- Reference:
- SHA-1
- A fairly fast, well regarded hash function with 160-bit digests that has been standardized by the National Institute of Standards and Technology (NIST).
- Reference: SHA-1
- SHA-256
- A cryptographic hash function from NIST with 256-bit message digests.
- Reference: Description of SHA-256
- SHA-384
- SHA-512 with a truncated digest (as specified by NIST).
- Reference: Description of SHA-384
- SHA-512
- A cryptographic hash function from NIST with 512-bit message digests.
- Reference: Description of SHA-512
- Shared Secret
-
A value shared by parties that may wish to communicate, where the secrecy of that value is an important component of secure communications.
Typically, a shared secret is either an encryption key, a MAC key, or some value used to derive such keys.
- Reference: Shared Secret
- Shatter Attack
-
A class of attack on the Windows event system.
The Windows messaging system is fundamentally fragile from a security perspective because it allows for arbitrary processes to insert control events into the message queue without sufficient mechanisms for authentication.
Sometimes messages can be used to trick other applications to execute malicious code.
- Reference: Shatter Attack
- Single Sign-On
-
Single sign-on allows you to access all computing resources that you should be able to reach by using a single set of authentication credentials that are presented a single time per login session.
Single sign-on is a notion for improved usability of security systems that can often increase the security exposure of a system significantly.
- Reference: Single Sign-On
- Snooping Attacks
- Attacks where data is read off a network while in transit without modifying or destroying the data.
- Reference: Snooping Attacks
- SNOW
- A very fast stream cipher that is patent-free and seems to have a very high security margin.
- Reference: Snow Stream Cipher
- SQL Injection
-
SQL injection is a security vulnerability that occurs in the persistence/database layer of a web application.
This vulnerability is derived from the incorrect escaping of variables embedded in SQL statements.
It is in fact an instance of a more general class of vulnerabilities based on poor input validation and bad design that can occur whenever one programming or scripting language is embedded inside another.
- Reference: SQL Injection
- SSL (Secure Sockets Layer)
-
SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication.
The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.
- Reference: SSL
- Stack Smashing
-
Overwriting a return address on the program execution stack by exploiting a buffer overflow.
Generally, the implication is that the return address gets replaced with a pointer to malicious code.
- Reference: Stack Smashing
- Station-to-Station Protocol
-
A simple variant of the Diffie-Hellman key exchange protocol that provides key agreement and authenticates each party to the other.
This is done by adding digital signatures (which must be done carefully).
- Reference: Station-to-Station Protocol
- Stream Cipher
-
A pseudo-random number generator that is believed to be cryptographically strong and always produces the same stream of output given the same initial seed (i.e., key).
Encrypting with a stream cipher consists of combining the plaintext with the keystream, usually via XOR (Exclusive OR gate).
- Reference: Stream Cipher
- Strong Collision Resistance
- Strong collision resistance is a property that a hash function may have (and a good cryptographic hash function will have), characterized by it being computationally unfeasible to find two arbitrary inputs that yield the same output.
- Reference: Collision Resistance
- Supervisory Authority
- An independent public authority which is established by a Member State pursuant to Article 51.
- Reference: Art. 51 GDPR Supervisory authority
- Supervisory Authority Concerned
-
A supervisory authority which is concerned by the processing of personal data because:
The controller or processor is established on the territory of the Member State of that supervisory authority.
Data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing.
A complaint has been lodged with that supervisory authority.
- Reference: Art. 60 GDPR Cooperation between the lead supervisory authority and the other supervisory authorities concerned
- Surreptitious Forwarding
- An attack on some public key cryptosystems where a malicious user decrypts a digitally signed message and then encrypts the message using someone else’s public key: giving the end receiver the impression that the message was originally destined for them.
- Reference: Surreptitious Forwarding
- Symmetric Cryptography
- Cryptography that makes use of shared secrets as opposed to public keys.
- Reference: Symmetric Cryptography
- Symmetric Key
-
In symmetric-key encryption, each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to another computer.
Symmetric-key requires that you know which computers will be talking to each other so you can install the key on each one.
Symmetric-key encryption is essentially the same as a secret code that each of the two computers must know in order to decode the information.
The code provides the key to decoding the message.
- Reference: Symmetric Key
T
- Tag (Message Authentication Code)
- The result of applying a keyed message authentication code to a message.
- Reference: Tag (Message Authentication Code)
- Tamper-Proofing
-
When software has been made tamper-proof, it is protected against reverse engineering and modifications.
Tamper-proofing is a combination of many techniques.
- Reference: Tamper-Proofing
- Third Party
- A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- Reference: Third Party
- Threat Model
-
A representation of the system threats that are expected to be reasonable.
This includes denoting what kind of resources an attacker is expected to have, in addition to what kinds of things the attacker may be willing to try to do.
Sometimes it is called an architectural security assessment.
- Reference: Threat Model
- TMAC
- A two-keyed variant of the CBC-MAC that overcomes the fundamental limitation of that MAC.
- Reference: TMAC
- TOCTOU Problem
-
Time-of-check, time-of-use race condition.
A type of race condition between multiple processes on a file system.
Generally what happens is that a single program checks some sort of property on a file, and then in subsequent instructions tries to use the resource if the check succeeded.
The problem is that — even if the use comes immediately after the check — there is often some significant chance that a second process can invalidate the check in a malicious way.
For example, a privileged program might check write privileges on a valid file, and the attacker can then replace that file with a symbolic link to the system password file.
- Reference: TOCTOU Problem
- Transport Layer Security (TLS)
-
The successor to SSL, a protocol for establishing secure channels over a reliable transport, using a standard X.509 Public Key Infrastructure for authenticating machines.
The protocol is standardized by the IETF.
- Reference: Transport Layer Security (TLS)
- Trilogues
- Informal negotiations between the European Commission, the European Parliament, and the Council of the European Union usually held following the first readings of proposed legislation in order to more quickly agree to a compromise text to be adopted.
- Reference: GDPR Trilogue
- Triple DES
-
A variant of the original Data Encryption Standard that doubles the effective security.
Often abbreviated to 3DES.
The security level of 3DES is still considered to be very high, but there are faster block ciphers that provide comparable levels of security — such as AES.
- Reference: Triple DES
- Trojan (Horse Program)
-
In computing, a Trojan horse is a program that appears harmless, but is, in fact, malicious.
Unexpected changes to computer settings and unusual activity, even when the computer should be idle, are strong indications that a Trojan is residing on a computer.
- Reference: Trojan
- Trusted Third Party
- An entity in a system to whom entities must extend some implicit trust. For example, in a typical Public Key Infrastructure, the Certification Authority constitutes a trusted third party.
- Reference: Trusted Third Party
- Twofish
-
A modern block cipher with 128-bit blocks and variable-sized keys.
A finalist in the AES competition; it is an evolution of the Blowfish cipher.
- Reference: Twofish
U
- UMAC (Universal Hashing Message Authentication Code)
- A secure MAC based on a set of universal hash functions that is extremely fast in software but so complex that there has never been a validated implementation.
- Reference: UMAC
- Universal Hash Function
-
A keyed hash function that has ideal hash properties.
In practice, the only practical functions of this nature are really "almost universal" hash functions, meaning they come very close to being ideal.
Universal and near-universal hash functions are not cryptographically secure when used naively for message authentication but can be adapted to be secure for this purpose easily.
- Reference: Universal Hash Function
V
- Validation
-
The act of determining that data is sound.
In security, generally used in the context of validating input.
- Reference: Data Validation
- VMAC
- A variant of UMAC optimized for 64-bit architectures.
- Reference: VMAC
W
- Weak Collision Resistance
- A property that a hash function may have (and a good cryptographic hash function will have), characterized by it being unfeasible to find a second input that produces the same output as a known input.
- Reference: Collision Resistance
- Whitelist
-
When performing input validation, the set of items that, if matched, results in the input being accepted as valid.
If there is no match to the whitelist, then the input is considered invalid.
That is, a whitelist uses a "default deny" policy.
- Reference: Whitelist
- Window of Vulnerability
- The period of time in which a vulnerability can possibly be exploited.
- Reference: Window of Vulnerability
X Y Z
- X.509 Certificate
- A digital certificate that complies with the X.509 standard (produced by ANSI).
- Reference: X.509 Certificate
- XCBC-MAC
- A three-key variant of the CBC-MAC that overcomes the fundamental limitation of that MAC.
- Reference: XCBC-MAC
- XMACC
- A patented parallelizable Message Authentication Code.
- Reference: XMACC
- XSS (Cross Site Scripting)
-
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites.
XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.
- Reference: XSS