Security Glossary
Overview
- Access
- Physical Access. The process of obtaining use of a computer system, development tools, or direct access to a system and its components. Examples are sitting down at a keyboard, being able to enter specific area(s) of the organization where the main computer systems are located, or accessing system level hardware or in some cases even board-level components.
- Logical Access. The process of being able to enter, modify, delete, or inspect records, designs, schematics, source code, and other data held on a computer system or device by means of providing an ID and password (if required). The view that restricting physical access relieves the need for logical access restrictions is erroneous. Any organization, systems, or devices within a system with communications links to the outside world has a logical access security risk.
- Access Control
- Access control refers to the rules and deployment of mechanisms that control logical access to information systems and physical access to premises and systems. The entire subject of Information Security is based upon Access Control, without which Information Security cannot, by definition, exist.
- Access Rights
- Access rights are the powers granted to users to create, change, delete, or simply view data and files within a system, according to a set of rules defined by IT and business management. It is not necessarily true that the more senior a person, the more power granted. For example, most logic design activity is performed at a relatively junior level, and it is not uncommon for senior management to not even have access rights to view schematic level data. There are very good Internal Control and Audit reasons for adopting this approach.
- Accidental Damage
- In relation to System and Device level Security, accidental damage refers to damage or loss that is caused as a result of a genuine error or misfortune. However, despite the genuine nature of the accident, such incidents can and should be prevented by awareness, alertness, and action.
- Advanced Encryption Standard (AES)
- AES is a 128-bit block cipher with a choice of a 128-bit, 192-bit, or 256-bit key.
AES is based on a state of the art algorithm originally called Rijndael chosen in an international competition and standardized (with selected key sizes) by the United States National Institute of Standards and Technology on October 2, 2000 as FIPS-197. Although selected, it was not officially "approved" by the US Secretary of Commerce until Q2 2001.
- AES
- See Advanced Encryption Standard.
- ANSI
- American National Standards Institute is one of the main organizations responsible for furthering technology standards within the USA. ANSI is also a key player with the International Standards Organization (ISO).
- Analysis
- In the context of cryptology, analysis is a technique used for breaking the security of cryptographic systems. It can refer to either a mathematical attack or a physical attack on the system.
See also the entries for Side-Channel Analysis, Fault Analysis, Invasive Attack, and Semi-Invasive Attack.
- Antifuse FPGA
- An antifuse FPGA is based on a technology that utilizes amorphous silicon to make the interconnect. Antifuse FPGAs are one-time-programmable, live at power-up, and relatively secure, since the design is loaded only once in a trusted location and because physical determination of the configuration bits from a programmed device is thought to be a very difficult problem.
- ASIC
- An application-specific integrated circuit is typically a custom solution constructed to order for a specific application and function. It is associated with significant barriers to entry that limit participation to high volume applications that can benefit from economies of scale.
- Asymmetric Cryptography
- See Public Key Cryptography.
- Auditor
- An auditor is a person employed to independently verify the quality and integrity of the work that has been undertaken within a particular area, with reference to accepted procedures.
- Authentication
- Authentication refers to the verification of the authenticity of either a person or of data. An example is a message authenticated as originating from its claimed source. Authentication techniques usually form the basis for all forms of access control to systems and data.
- Authorization
- Authorization is the process whereby a person approves a specific event or action. In companies with access rights hierarchies, it is important that audit trails identify both the creator and the authorizer of new or amended data. It is an unacceptably high risk situation for one to have the power to create new entries and then to authorize those same entries oneself.
- Backup
- Backup is the process whereby copies of computer or design files are taken in order to allow recreation of the original, should the need arise. A backup is a spare copy of a file, file system, design, schematic, or other resource for use in the event of failure or loss of the original.
Ideally the backup copies should be kept at a different site or in a fire safe. Although hardware may be insured against fire, the data on it is almost certainly neither insured nor easily replaced. Consequential loss policies to insure against data loss can be expensive, but are well worth considering.
- Biometric Access Controls
- Security Access control systems which authenticate (verify the identity of) users by means of physical characteristics, such as face, fingerprints, voice, or retina pattern, are biometric access controls.
- Birthday Paradox
- The so-called birthday paradox is based upon the non-intuitive result that for samples taken from a population of N (where N is large), by drawing only approximately √N randomly selected samples a collision will be found, that is, some sample will be drawn twice, by chance.
It is called the birthday paradox because with a small group of people it is surprisingly likely that two will have the same birthday. In fact, for groups greater than 23 people, the probability is over ½. It is called a paradox because many people guess that the probability is much lower for such a small group, given there are 365 possible birthdays to choose from.
The birthday paradox is why the collision resistance of a hash is always, at best, half the size of the digest output size. The birthday paradox also is used in some efficient attacks on cryptographic algorithms.
- Block Cipher
- A block cipher is a type of cipher that works on a block of data. For example, the DES block cipher works on a block size of 64 bits and the AES block cipher works on a block size of 128 bits.
Most block ciphers operate by alternately performing a reversible ("affine") non-linear transformation on groups of bits in the block (often using a small carefully designed look-up table), then permuting bits or small groups of bits and then mixing in key information all in a series of "rounds" which are repeated a number of times with different parts of the key or with sub-keys derived from the key.
See also the entry for Stream Cipher.
- Block Cipher Modes of Operation
- Since block ciphers only work on relatively small blocks of data, such as 64 or 128 bits, some form of unambiguous padding is required for messages that are not exact multiples of the block size, and a scheme for handling multiple blocks is needed.
One way to pad is to add a one to the end of the message, and then fill with zeroes until the next block boundary.
The simplest mode for handling multiple blocks of data is just to encrypt each block individually using the same secret key. This is called Electronic Codebook (ECB) mode, since it is equivalent to using a hypothetical (albeit humongous) code book with 2128 input-output pairs recorded in it (for the case of a 128-bit block cipher like AES). Though this efficiently scrambles the contents of each block, it is unsuitable for use in most cases because repeated message blocks are encrypted exactly the same way; a situation that is all too common in real messages.
Popular modes of operation that overcome this problem include Cipher Block Chaining (CBC) mode. In this mode, the output ciphertext of each block is used to randomize the input to the next block using a bit-wise XOR operation. Counter (CTR) mode increments and then encrypts an ever increasing count value, and then uses the result as keying material that is XORed with the plaintext, as in a stream cipher.
The NIST recommended block cipher modes are documented in Special Publication (SP) 800-38 parts A, B, C, D, and E:
- SP 800-38A — Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter(CTR) modes
- SP 800-38B — A block cipher-based Message Authentication Code (CMAC)
- SP 800-38C — Counter with Cipher Block Chaining Message Authentication Code (CCM) mode
- SP 800-38D — Galois/Counter Mode (GCM) and Galois Message Authentication Code (GMAC)
- SP 800-38E — XEX Tweakable Block Cipher with Ciphertext Stealing (XTS) mode, for use with storage devices
- Boeing Syndrome
- The Boeing Syndrome is the ultimate disaster scenario for contingency planning purposes. The name allegedly comes from a conference in which IT specialists, administrators, and planners were asked first to imagine that a Boeing 747 Jumbo fell out of the air onto their computer center (with the resulting complete loss of systems), and then asked to prepare a contingency/disaster recovery plan to keep their organization going in such circumstances. This is a very useful exercise for all companies, as not all realize just how important their computer systems are to their continued existence as a viable business. The Boeing Syndrome is also useful for worst case scenario security planning; for example, considering what would happen if the code from a core component was posted in the public domain.
- Boot-up
- Boot-up is a slang term for the act of initializing a system or configuring an FPGA. It is typically associated with a time delay until the system is functional. This is the time when an SRAM-based FPGA is most vulnerable to having its contents captured.
See also the entry for Configuration.
- BS 7799
- BS 7799 is the British Standard for Information Security which was re-issued in 1999 in two parts. Part 1 is the Code of Practice for Information Security Management and Part 2 specifies the requirements for implementing Information Security in compliance with the Code of Practice. In October 2000, BS 7799 was elevated to become an ISO standard, ISO 17799.
- Business Assets
- The term business assets, as it relates to information security, refers to any information upon which the organization places a measurable value. By implication, the information is not in the public domain and would result in loss, damage, or even business collapse, were the information to be lost, stolen, corrupted, or in any way compromised.
By identifying and valuing the business assets in an organization, and the systems that store and process them, an appropriate emphasis may be placed upon safeguarding those assets which are of higher value than those that are considered easily replaceable, such as information in the public domain.
- Cache Timing Attack
- Cache timing attacks are one variant of timing analysis. In this attack, the timing difference, as measured by changes in the computer response time or by another process running on the same system or by using power analysis, are used to extract the secret key. Because the attack is statistical in nature, generally the same key must be used on a fairly large volume of data in order for it to be extracted.
See also the entry on Timing Analysis.
- CERT
- The Computer Emergency Response Team is recognized as the Internet's official emergency team. It was established in the USA by the Defense Advanced Research Projects Agency (DARPA) in 1988 following the Morris computer Worm incident, which crippled approximately 10% of all computers connected to the Internet.
CERT is located at the Software Engineering Institute, a US government funded research and development center operated by Carnegie Mellon University, and focuses on security breaches, denial-of-service incidents, providing alerts, and establishing incident-handling and avoidance guidelines. CERT also covers hardware and component security deficiencies that may compromise existing systems.
CERT is the publisher of Information Security alerts, training, and awareness campaigns. CERT website is www.cert.org.
- Change Control
- Change control is an internal control procedure by which only authorized amendments are made to the organization's software, hardware, network access privileges, or business process. This method usually involves the need to perform an analysis of the problem and append the results to a formal request prepared and signed by the senior representative of the area concerned. This proposal should be reviewed by management (or committee) prior to being authorized. Implementation should be monitored to ensure security requirements are not breached or diluted.
- Checksum
- Checksum is a technique whereby the individual binary values of a string of storage locations on your computer are totaled, and the total retained for future reference. On subsequent accesses, the summing procedure is repeated, and the total compared to the one derived previously. A difference indicates that an element of the data has changed during the intervening period. Agreement provides a high degree of assurance (but not total assurance) that the data has not changed during the intervening period.
A checksum is also used to verify that a network transmission has been successful. If the counts agree, it is assumed that the transmission was completed correctly.
A checksum also refers to the unique number that results from adding up every element of a pattern in a programmable logic design. Typically either a four or eight digit hex number, it is a quick way to identify a pattern, since it is very unlikely any two randomly selected patterns will ever have the same checksum. Because they are linear functions, checksums are virtually useless in the face of a malicious adversary who can easily find two messages with the same checksum.
See also the entries for Cyclic Redundancy Check (CRC), Hash Function, and Message Digest.
- Cipher
- A cipher is the generic term used to describe a means of encrypting data. In addition, the term cipher can refer to the encrypted text itself (ciphertext, as opposed to the unencrypted plaintext). Encryption ciphers will use an algorithm, which is a complex mathematical calculation required to scramble the text, and a key. Knowledge of the key allows the encrypted data to be decrypted.
Ciphers scramble bits or digits or characters or blocks of bits, whereas codes replace natural language words or phrases with another word or symbol. Modern block ciphers like AES use alternating non-linear substitutions and permutations repeated for a number of "rounds" to encrypt the data. AES, for example, does byte-wide operations on the contents of a 16-byte data block for 10, 12, or 14 rounds, depending upon the key size chosen. Modern ciphers such as AES can be very resistant to mathematical cryptanalysis, requiring an infeasible number of messages encrypted under the same key and a practically infinite amount of computing power to break them.
- Clear Desk Policy
- Clear Desk Policy is a policy of the organization that directs all personnel to clear their desks at the end of each working day and file everything appropriately. Desks should be cleared of all documents and papers, including the contents of the in and out trays! The purpose of the Clear Desk Policy is not simply to give the cleaners a chance to do their job, but to ensure that sensitive papers and documents are not exposed to unauthorized persons outside of working hours.
- Clear Screen Policy
- Clear Screen Policy is a policy of the organization that directs all users of screens or terminals to ensure that the contents of the screen are protected from prying eyes and other opportunistic breaches of confidentially. The easiest means of compliance is typically a screen saver that will engage on request or after a specified time.
- Clipper Chip
- A clipper chip is a tamper-resistant VLSI chip designed by NSA for encrypting voice communications. It conforms to the Escrow Encryption Standard (EES) and implements the Skipjack encryption algorithm.
- Code
- Codes are a technique for encrypting data, usually in a natural language such as English, by substituting each word or phrase with a secret word or symbol. Because codes require the cumbersome distribution of large code books (essentially a dictionary-like look-up table) to all the participants they are seldom used. Ciphers are used instead; they work at the alphabet or binary level and require only a relatively short (256-bit) key to be shared by the users.
Codes can be broken through the use of word frequency analysis, and by correctly guessing plaintext words from the message. For example, it may be known that a weather report is sent at a certain time each day, and by examining several of these messages from known locations the code for "rain" can be guessed.
- Cloning
- Cloning is the act of copying a design without making any changes. No understanding of the design or the ability to modify the design is required.
- Cold-Boot Attack
- Cold-boot attack based upon the fact that most volatile memory such as SRAM and DRAM will remember the last state they were holding, even after power is removed and reapplied. The effect is greatly enhanced by lowering the temperature of the memory; the effect can last many minutes for memories that have been chilled.
For example, a PC might store a secret key in its SDRAM memory while running a program or during its boot process. The attacker cools down the memory, removes it from the PC and quickly places it in another SDRAM reader (another PC, for example) where the "frozen" secret data is simply read out.
- Common Criteria
- Common Criteriais an international standard that defines criteria for evaluating security systems in seven Evaluation Assurance Levels (EAL1 through EAL7). The emphasis is on process and a wide latitude is given the evaluators in what they test and approve based upon the particular security objectives, threats identified, countermeasures deployed, etc., the approval level having more to do with the methodology and formality of the design and assurance process.
See also the entry for Security Requirements for Cryptographic Modules (FIPS 140).
- Communications Line
- Within a communications network, a communications line is the route by which data is conveyed from one point to another. Recently the term has begun to be replaced by "Communications Link" to reflect the fact that a growing number of small networks, even within the same building, are using radio (wireless) communications rather than fixed cables.
- Communications Network
- A communications network is a system of communications equipment and communication links (by line, radio, satellite, etc.) that enables computers to be separated geographically while remaining connected to each other.
- Computer Virus
- Computer viruses are pieces of programming code that have been purposely written to inflict an unexpected result upon an innocent victim.
Viruses are transmitted within other (seemingly) legitimate files or programs, the opening or execution of which causes the virus to run and to replicate itself within the computer system, as well as performing some sort of action. Such actions can be as harmless as causing characters to fall off the screen (early DOS-based virus in the 1980s), to the most malicious viruses, which destroy data files and replicate themselves to everyone in your email directory.
The term "virus" includes all sorts of variations on a theme, including variants of macro-viruses, Trojans, and Worms, but for convenience all such programs are classed simply as viruses.
Researchers are now looking at another possible virus that targets computer systems also using a reconfigurable FPGA. In this scenario, a hostile party could replace a valid bitstream in the FPGA's external boot memory with random bits that would likely result in internal electrical conflicts that may destroy the FPGA device when it boots up. This is one reason why strong authentication of bitstream data by the FPGA using a (nonvolatile) stored key is recommended.
Viruses are a very real problem for both organizations and individual computer users. At the present time there are very few viruses that affect large computers, primarily because the operating systems that those systems use are not the same as those used to run virus code. Viruses, therefore, are a problem primarily for users of PCs and servers, though with other types of devices (especially cell phones) increasingly using the Internet, new types of viruses are emerging.
As of January 2001, there were over 48,000 known viruses, and this number reportedly surpassed one million in 2008. Virus checking software traditionally blacklisted executable files containing suspected virus signatures, but with the explosion of viruses and the problem of keeping signature files up to date, some newer virus protection systems rely on white-listing trusted applications instead; especially in constrained execution environments such as (non-PC) Internet-connected devices.
See also the entries for Worm and Trojan Horse.
- Confidentiality
- Confidentiality is assurance that information is shared only among authorized persons or organizations. Breaches of confidentiality can occur when data is not handled in a manner adequate to safeguard the confidentiality of the information concerned. Such disclosure can take place by word of mouth, by printing, copying, emailing or creating documents and other data. The classification of the information should determine its confidentiality and hence the appropriate safeguards.
- Configuration
- The act of programming an FPGA. For SRAM-based FPGAs this must be done at each system power-up to make it functional. Configuration of SRAM FPGAs require the use of an external configuration device, which is typically a PROM (see the entry for PROM) or other type of nonvolatile memory which must be present in the system.
Since they are nonvolatile, flash and antifuse based FPGAs only require configuring once, usually during the system assembly process. Flash FPGAs have the option of being reconfigured but antifuse FPGAs are intrinsically one-time programmable.
- Contingency Planning
- Contingency planning prepares for the unexpected or for the possibility of circumstances changing. Contingency plans are individual plans associated with individual projects or programs.
There is no expectation of executing a contingency plan. If attention to detail and budget allocation are clearly inadequate, failure is guaranteed should the plan ever need to be executed.
As with any plan, it is essential to agree on the trigger(s) that will result in the plan coming into force and the subsequent chain of command that will take over during that period.
- Corrupt Data
- Corrupt data is data that has been received, stored, or changed, so that it cannot be read or used by the program that originally created the data.
- Counterfeit Silicon
- Unscrupulous sellers of semiconductor devices can change the external markings on devices in order to sell them, fraudulently, as more expensive products. Alternately, used devices may be recovered from e-waste and sold as new devices, also fraudulently. In the most egregious cases the package may even be empty or contain a completely different class of device.
- CPLD
- A complex programmable logic device is usually a simple low density programmable logic solution. It typically contains macrocells that are interconnected through a central global routing pool. This type of architecture provides moderate speed and predictable performance. CPLDs are traditionally targeted towards low end consumer products.
- Cracker
- A cracker is either a piece of software (program) or hardware whose purpose is to crack the code to a password, encryption key, or configuration bitstream. Cracker also refers to a person who attempts to gain unauthorized access to a computer system, hardware, or board-level components. Such persons are usually ill intentioned and perform malicious acts of crime and vandalism.
- Code breaking software. A piece of software designed to decipher a code, but used most often to crack a system. Given sufficient time and sufficient computer power, ANY password can be broken—even one of 64 case-sensitive characters. Breaking well-chosen, long passwords (randomly chosen, for example) may be computationally infeasible.
- Illegal entry into a computer system. Individuals who enter computer systems illegally often have malicious intent and can have multiple tools for breaking into a system. The term "cracker" was adopted circa 1985 by hackers in defense against journalistic misuse of "hacker".
- CRC
- See Cyclic Redundancy Check
- Cryptanalysis
- Cryptanalysis is the breaking of cryptographic services such as those providing data privacy, integrity, and authentication services. The techniques used span a wide range from mathematical-only attacks where the ciphertext and perhaps some part of the plaintext is known or can be guessed, to side-channel attacks where additional information on intermediate (internal) computational results may be measured, to invasive attacks such as probing internal nodes of an integrated circuit directly.
- Cryptography
- The subject of cryptography is primarily concerned with maintaining the privacy of communications and modern methods use a number of techniques to achieve this. Encryption is the transformation of data into another usually unrecognizable form. The only means to read the data is to decrypt the data using a secret key. Other common cryptographic services include ensuring data integrity, authentication of data sources, and digital signatures.
- Cryptology
- The making (cryptography) and breaking (cryptanalysis) of codes and ciphers used to protect the privacy of communications. Other cryptographical services include ensuring the integrity of data (ensuring the data has not been manipulated), authentication (the data came from the claimed source), digital signatures (authentication and non-repudiation), etc.
- Cybercrime
- Cybercrime is any criminal activity that uses network access to commit a criminal act. With the exponential growth of Internet connections, the opportunities for the exploitation of any weaknesses in Information Security are multiplying.
Cybercrime may be internal or external, with the former easier to perpetrate.
The term has evolved over the past few years since the adoption of Internet connection on a global scale with hundreds of millions of users. Cybercrime refers to the act of performing a criminal act using cyberspace (the Internet), as the communications vehicle. Some would argue that a cybercrime is not a crime as it is a crime against software and not against a person's person or property. However, while the legal systems around the world scramble to introduce laws to combat cybercriminals, two types of attack are prevalent:
- Techno-crime.Techno-crime. A pre-meditated act against a system or systems, with the express intent to copy, steal, prevent access, corrupt, or otherwise deface or damage parts or all of a computer system. The 24x7 connection to the Internet makes this type of cybercrime a real possibility to engineer from anywhere in the world; leaving few if any, "prints."
- Techno-vandalism.These acts of "brainless" defacement of websites, and/or other activities such as copying files and publicizing their contents, are usually opportunistic in nature. Tight internal security, allied to strong technical safeguards, should prevent the vast majority of such incidents.
- Cyclic Redundancy Check (CRC)
- A class of algorithms for computing a short digest value from an arbitrarily long message, similar to a checksum or hash. CRC may also refer to the resulting digest value itself. The "cyclic" in CRC refers to the underlying cyclic codes describing the mathematics of the algorithm. More precisely, CRC algorithms use linear operations in a Galois Field (usually a binary extension field) which are similar to polynomial division using a generator polynomial.
Common CRC algorithms and their generator polynomials have been standardized for many uses, such as detection of bit errors in data transmission. CRC codes are efficient in detecting large bursts of errors, which matches well to some types of storage media or transmission channels. Examples of some standardized CRC algorithms are CRC-16-CCITT, which is used by Bluetooth (personal area wireless network), CRC-32-IEEE, which is used in 802.3 (wired Ethernet), and MPEG-2 (video).
Because they are linear operations, they are unsuitable for use in the presence of malicious attacks. An attacker can easily create messages with arbitrary CRC digest values. Cryptographic hash functions should be used instead of a CRC in applications such as digital signatures, data integrity, and authentication where there might be non-random errors (malicious attacks).
See also the entry for Hash Function.
- Data Encryption
- Data encryption is a means of scrambling the data so that it can only be read by the person(s) holding the key—a password of some sort. Without the key, the cipher cannot be broken and the data remains secure. Using the key, the cipher is decrypted and the data is returned to its original value or state.
Using the DES cipher, a key from approximately 72,000,000,000,000,000 possible key variations is randomly generated and is used to encrypt the data. The same key must be made known to the receiver so the data can be decrypted at the receiving end.
See also the entries for Private Key Cryptography and Public Key Cryptography.
- Data Encryption Standard (DES)
- An unclassified cryptographic algorithm adopted by the U.S. National Bureau of Standards (NBS, now called the National Institute of Standards and Technology, NIST) for public and government use as Federal Information Processing Standard (FIPS) 46. It is a 64-bit block cipher with a 56-bit effective key length.
DES is a data encryption standard for the scrambling of data to protect its confidentiality. It was developed by IBM in cooperation with the United States National Security Agency (NSA) and published in 1974 by NIST. It has become extremely popular and, because at the time it was thought to be so difficult to break, with approximately 72,000,000,000,000,000 possible key variations, was banned from export from the USA. However, restrictions by the US Government on the export of encryption technology were lifted in 2000 to the countries of Europe and a number of other countries.
DES was cracked by researchers in 96 days in 1997 by the DESSHALL project and again in 41 days by distributed.net, both projects using thousands of distributed personal computers, where they showed that DES was susceptible to brute force attacks. One of the final blows to the short 56-bit key length of DES was in 1998 when the Electronic Frontier Foundation (EFF) and Cryptography Research, Inc. (CRI) discovered several DES keys, first in 56 hours and then later in only 22 hours, using a custom-designed computer called DES Cracker. The industry then turned to Triple DES, which uses DES three times, as a short term standard to secure transactions. Generally sluggish performance caused an outcry that resulted in a new standard. The NIST has since standardized the Advanced Encryption Standard (AES), based on the Rijndael algorithm, as recommended for all new block cipher applications.
- Decryption
- The process by which encrypted data is restored to its original form in order to be understood/usable by another computer or person.
- Denial of Service
- Denial of service (DoS) attacks deny service to valid users trying to access a site. Consistently ranked as the single greatest security problem for IT professionals, DoS attack is an Internet attack against a website whereby a client is denied the level of service expected. In a mild case, the impact can be unexpectedly poor performance. In the worst case, the server can become so overloaded as to cause a crash of the system.
DoS attacks do not usually have theft or corruption of data as their primary motive and will often be executed by persons who have a grudge against the organization concerned. The following are the main types of DoS attack:
- Buffer Overflow Attackswhereby data is sent to the server at a rate and volume that exceeds the capacity of the system, causing errors.
- SYN Attack. This takes places when connection requests to the server are not properly responded to, causing a delay in connection. Although these failed connections will eventually time out, they can result in denial of access to other legitimate requests for access should they occur in volume.
- Teardrop Attack. The exploitation of features of the TCP/IP protocol whereby large packets of data are split into bite-sized chunks, with each fragment being identified to the next by an offset marker. Later the fragments are supposed to be reassembled by the receiving system. In the teardrop attack, the attacker enters a confusing offset value in the second (or later) fragment, which can crash the recipient's system.
- Ping Attack. This is where an illegitimate attention request or Ping is sent to a system, with the return address being that of the target host (to be attacked). The intermediate system responds to the Ping request but responds to the unsuspecting victim system. If the receipt of such responses becomes excessive, the target system will be unable to distinguish between legitimate and illegitimate traffic.
- Viruses. Viruses are not usually targeted but where the host server becomes infected, it can cause a DoS.
- Physical Attacks. A physical attack may be little more than cutting the power supply, or perhaps the removal of a network cable.
- DES
- See Data Encryption Standard.
- Differential Fault Analysis (DFA)
- Differential fault analysis is an analysis technique that compares the results of a corrupted calculation to that of a normal uncorrupted result using the same data and key. The corrupted result is obtained by an attacker by intentionally injecting a fault into the calculation being done by a cryptographic device via a power supply voltage glitch, high intensity white or laser light, shortening of the clock cycle, or any other means available.
Attacks based upon differential fault analysis have been reported against most major cryptosystems—RSA and AES, for example. In most cases, only one or two fault pairs, along with a brute force search over a limited number of remaining possibilities, are required to reveal the secret key.
- Differential Power Analysis (DPA)
- An analysis technique that relies upon multiple measurements of a security device's instantaneous power consumption in order to recreate a secret being manipulated inside the device. Simple and Differential Power Analysis was first reportedby Paul Kocher et al in 1990. Generally this class of techniques uses statistical methods to amplify the effects of small unintentional leakages of the secret information in power consumption measurements, buried in large amounts of noise.
For example, if the same secret key is used to process multiple independent blocks of data, a DPA attack might be mounted to determine the secret key using anywhere from a handful of power consumption traces to over a million, depending upon the magnitude of the leak, the amount of noise which may be obscuring the secret data, and what countermeasures are being used. Systems that handle large amounts of data using the same key, or which can be repeatedly be given random or chosen input data which is then processed using the secret key, are especially vulnerable to DPA.
See Microsemi's side-channel analysis page for more information about DPA, including links to further information.
- Diffie-Hellman Key Exchange
- The Diffie-Hellman key exchange algorithm, named after Whitfield Diffie and Martin Hellman, was the first public key algorithm ever published, in 1976. The third inventor was Ralph Merkle. With it, they revolutionized the field of cryptology, and made secure communication over the Internet feasible.
It is based upon the difference in difficulty of a particular function and its inverse, namely the ease of exponentiation and the difficulty of computing the discrete logarithm (both) in a finite field. When the numbers involved are large ( over one thousand bits) the difference in difficulty is approximately 30 orders of magnitude, and grows with the size of the numbers.
The Diffie-Hellman protocol allows two entities (computers or people) who do not have nor have ever had a secure channel between them to compute a common secret using public information they send to each other. Anyone eavesdropping on the conversation would find it computationally infeasible to learn the shared secret, even though they see all the messages. This is because each of the parties to the computation holds one secret they do not transmit, but use in the exponentiation formula to compute a value that is practically impossible to reverse; and this is the value that is sent over the insecure channel.
Prior to this invention, secret communications always involved having a shared secret key. This shared key had to be transmitted securely between the parties by a trusted courier or some similar means before encrypted communication over an insecure medium such as radio or telegraph could be done using the shared secret key. Since each possible pair of entities might need a unique shared key, the system did not scale well to large groups where the number of combinations can be exceedingly large.
See also the entries for RSA, Elgamal, Private Key Cryptography, Public Key Cryptography, and Hybrid Cryptosystem.
- Digital Signatures
- With the advent of public key cryptography a number of new cryptographic services were born, with digital signatures perhaps being the most important.
The concept of digital signatures is that the signer performs a computation using a secret key that only the signer knows, but which can be confirmed by anyone having the matching public key. Using the RSA cryptosystem, this is done by interchanging the usual role of the private and public keys: In "normal" encryption, any sender encrypts the message using the recipient's public key and the recipient decrypts it using the private key that only the recipient knows. In the RSA digital signature algorithm, the signer "encrypts" the message using the private key that only the signer knows, and any verifier can "decrypt" the signature and verify it is the same as the message using the freely available public key.
Since only the signer has a copy of the private key, it is difficult for the signer to repudiate any valid signatures. This is different from symmetric (shared key) systems where at least two parties must be in possession of a key for it to have any use.
In practice, the whole message is not signed. Because of computational efficiency, and to reduce the size of the signature that has to be transmitted along with the message, a hybrid scheme is used. The message is first hashed; that is, a short digest is computed from the message, and it is this digest that is signed using the private key. The verifier also hashes the received message, and verifies the signature matches the hash using the public key.
There are variations of this hybrid signature scheme using Elgamal and elliptic curve cryptosystems.
- Disable
- Disabling is the process by which hardware or software is deliberately prevented from functioning in some way. For hardware, it may be as simple as switching off a piece of equipment, or disconnecting a cable. It is more commonly associated with software, particularly shareware or promotional software, which has been supplied to a user at little or no cost, to try before paying the full purchase or registration fee. Such software may be described as "crippled", in that certain functions, such as saving or printing files, are not permitted. Some in-house development staff may well disable parts of a new program, so that the user can try out the parts that have been developed, while work continues on the disabled functions.
Disabling is also often used as a security measure. For example, the risk of virus infection through the use of infected floppy diskettes can be greatly reduced by disconnecting a cable within the PC, thereby disabling the floppy drive. Even greater protection is achieved by removing the drive altogether, thereby creating a diskless PC.
- Dongle
- A mechanical device used by software developers to prevent unlicensed use of their product. Typically, a dongle is a small connector plug, supplied with the original software package, which fits into a socket on a PC—usually a parallel port, also known generally as the LPT1 printer port. Without the dongle present, the software will not run. Some older dongles act as a terminator, effectively blocking the port for any other use, but later versions have a pass-through function, allowing a printer to be connected at the same time. Even though the PC can still communicate with the printer, there have been problems with more recent printers, which use active two-way communications with the PC to notify the user of printing status, ink levels, etc.
- Electromagnetic Analysis (EMA)
- A form of side-channel analysis where the unintentional information leakage from the cryptographic system is via electromagnetic (EM) emissions. Electromagnetic emissions have been a well known source of leakage, prompting the US government to specify EM requirements for secure applications in what are called TEMPEST requirements. In one example of EM leakage, the van Eck radiation of a display terminal is read from a distance of hundreds of meters using simple equipment.
Many power analysis (PA) classifications have an EMA analog where a similar attack can be performed using essentially the same method for EMA as for PA. For instance, differential electromagnetic analysis (DEMA) is the analog of differential power analysis (DPA), and can be used to extract the AES key, for example, from an unprotected device using an RF antenna and amplifier instead of a current monitor. One important difference is that in EMA the useable signal is often more strongly modulated on harmonics of the fundamental frequencies due to the better propagation properties of higher frequencies; therefore demodulation is often used to bring these harmonic-related signals back to baseband before completing the analysis.
- Elgamal
- Elgamal is the public key encryption scheme invented by Taher Elgamal. It is closely related to the Diffie-Hellman key exchange protocol, and has roughly the same features as the RSA system. For example, it can be used both for encryption and for digital signatures. The key sizes are also similar to RSA key sizes for similar security strength.
See also the entries for RSA, Diffie-Hellman Key Exchange, and Public Key Cryptography.
- Elliptic Curve Cryptography
- Elliptic curve cryptography is a public key cryptographic system defined using elliptic curve polynomials in finite fields. The important principle is related to the Diffie-Hellman problem of finding discrete logarithms in finite fields, but instead of exponentiation the group operator is scalar point multiplication. Since some of the most efficient algorithms available for finding discrete logarithms do not work on elliptic curves, the key sizes required for elliptic curves can be much shorter than for the Diffie-Hellman (or RSA) cryptosystems for a roughly equivalent security strength.
- Encryption
- The process by which data is temporarily rearranged into an unreadable or unintelligible form for confidentiality, transmission, or other security purposes.
- Entropy
- In information theory, entropy is a measure of the uncertainty of a system. For example, if all the bits of an n-bit binary number are unbiased (equal probability of a one or zero) and independent (not correlated with any other bits) and are unknown, then the number "contains" n bits of entropy and is said to have full entropy.
In this case, there would be no better method of guessing the number than a brute force search attempting every possible value (2n values), with an expected match after about one half the values had been tried. However, if the bits were known to be biased (e.g., 1/3 were randomly selected as zero, and 2/3 as one), then the entropy would be less than n bits and a more efficient search could be performed that started by guessing more ones than zeroes, with an expected match much earlier than in the unbiased case.
In cryptographic applications it is usually critically important that random numbers, such as those used for secret keys, have full entropy.
There is a beautiful and unexpected relationship between entropy as used in information theory and entropy as used in the physical sciences (such as thermodynamics), but in most practical applications the two uses are distinct.
- Energetic Bear
- The name of an aggressive group of attackers. Reports from various security agencies state that they believe Energetic Bear was behind a campaign to infect energy and industrial firms around the world with malicious software known as the Havex Trojan. A recent article is available Here
- Fallback Procedures
- Fallback procedures are particular business procedures and measures, undertaken when events have triggered the execution of either a Business Continuity Plan or a Contingency Plan.
- Fault Analysis
- Fault analysis is a type of attack where faults are intentionally injected into the operation of a cryptographic device so the attacker can potentially bypass some security mechanism such as a passcode check, or determine a secret such as a secret key. Faults may be injected using power supply voltage glitches, intense white or laser light, manipulating the length of a clock period, or any number of other methods. While faults have long been known—since at least World War II—as an avenue for breaking cryptosystems, the first modern publication of induced fault analysiswas made by Dan Boneh et al in 1997.
See also the entry on Differential Fault Analysis.
- Firmware
- Firmware is a sort of halfway house between hardware and software. Firmware often takes the form of a device that is attached to or built into a computer—such as a ROM chip—which performs some software function but is not a program in the sense of being installed and run from the computer's storage media.
- Flame
- The Flame cyber-espionage malware makes use of a previously unknown cryptographic attack variant that according to some reports, required world-class cryptanalysis to develop. The cryptographic attack, known as an MD5 chosen prefix collision, was used by Flame's creators to generate a rogue Microsoft digital code-signing certificate that allowed them to distribute the malware to Windows computers as an update from Microsoft. Read more about Flame Here.
- Flash FPGA
- A flash FPGA is an FPGAthat is based on flash memory technology for controlling the switching of the interconnect and the operation of the logic elements. Flash-based FPGAs are nonvolatile, live on power-up, reprogrammable, and relatively secure from reverse engineering or cloning since the programming bitstream is only required to be loaded once, during the initial configuration, and this can be performed in a trusted location.
Most flash FPGAs also allow for secure field upgrades using encrypted bitstream files and a decryption key which was loaded in nonvolatile memory during the initial configuration process. The discovery of the possibly millions of configuration bit values stored in the internal nonvolatile flash memory cells is considered a very difficult problem, thus contributing to the security of flash FPGAs.
- FPGA
- A field programmable gate array is a very complex programmable logic device (PLD). The FPGA usually has an architecture that comprises a large number of simple logic blocks, a number of input/output pads, and a method to make the desired connections between the elements. The largest programmable logic devices have gate counts running into the millions, and modern devices often have many ancillary hardware blocks such as microprocessor units (MPUs), phase-locked loops (PLLs), static random access memory (SRAM), specialized digital signal processing (DSP) elements, embedded nonvolatile memory (eNVM), etc.
These devices are user customizable and programmable on an individual device basis. They are valued for their flexibility by designers.
- Ghost
- A ghost is an identity that does not relate to a real person. It is not unknown for staff with the necessary IT skills to create a fictitious user with a password that allows that user to access the system with impunity, knowing that an audit trail will lead nowhere. Ghosts may also appear on the payroll, courtesy of a user who has the power to create new files in the personnel and payroll systems.
The creation of user profiles and the granting of logical access rights is a high security function and must be strictly monitored, preferably with dual controls for creation and authorization.
- Hacker
- A hacker is an individual whose primary aim in life is to penetrate the security defenses of large, sophisticated, computer systems. A truly skilled hacker can penetrate a system right to the core and withdraw again without leaving a trace of the activity. Hackers are a threat to all computer systems that allow access from outside the organization's premises, and the fact that most hacking is just an intellectual challenge should not allow it to be dismissed as a prank. Clumsy hacking can do extensive damage to systems even when such damage was not intentional.
Statistics suggest that the world's primary hacker target, the Pentagon, is attacked, on average, once every three minutes. How many of those attacks are from hackers and how many from Government Agencies, criminals, and terrorists, around the world is another question entirely.
- Hash Function
- A cryptographic hash, also called a message digest, is a publicly-known function that takes as its input a message of (almost) any length and compresses it into a random-like short message called a digest or fingerprint. "Hash" may refer to either the function or the output digest value itself. Commonly used digest output lengths are from 160 to 512 bits. Hash functions are important components of integrity, authentication, and digital signature schemes, amongst other uses.
A good cryptographic hash is required to have several properties: 1) pre-image resistance: it should be infeasible to determine any part of the input message from the output digest; 2) second pre-image resistance: it should be infeasible to generate any input message with a given an output digest; 3) collision resistance: it should be infeasible to find any two input messages with the same output digest. These imply a strong one-way-ness property for cryptographic hash functions. For a good hash function, if even one bit of the input message is changed, roughly one-half of the output bits will change.
Commonly used hash functions are MD5, SHA-1, and the SHA-2 family of hashes, including SHA-256, SHA-384, and SHA-512. Though still in widespread use, MD5 is considered broken, and SHA-1 has some serious weaknesses. The US government agency NIST is currently running a competition, scheduled to complete in 2012, for a new family of hash functions called SHA-3 that should have better security than the current standard hash functions.
Cryptographic hashes are related to, but not the same as hashes used in computer science for creating tables for looking up data by value. Those hash functions do not have the three security properties (above) required for a cryptographic hash and thus should never be used in a cryptographic (adversarial) setting.
See also the entries for Cyclic Redundancy Check, Birthday Paradox, and Security Strength.
- HEX / Hexadecimal
- Hexadecimal, or hex, is a numbering system using base 16 (as opposed to the usual base 10). Hex is a useful way to express binary computer numbers. A byte is normally expressed as having 8 bits. Two hex characters represent eight binary digits, also known as a byte.
- Hybrid Cryptosystem
- Public Key cryptosystems such as Diffie-Hellman, Elgamal, and RSA provide a means for two entities who do not have a secure channel over which to transmit shared keys to be able to communicate securely with one another. However, the computational requirements for the public key methods are many times greater than for private key (symmetric) algorithms. Therefore, in practice, most public key algorithms are used only to establish or transport a shared key between all the parties, and then the bulk of the data is transferred using private key algorithms such as AES. This is called a hybrid system, since both public and private key methods are used.
See also the entries for Diffie-Hellman Key Exchange, Elgamal, RSA, Private Key Cryptography, and Public Key Cryptography.
- IAP
- See In-Application Programming
- Identity Hacking
- Identity hacking is posting on the Internet or Bulletin Board(s) anonymously, pseudonymously, or giving a completely false name/address/telephone with intent to deceive. This is a controversial activity, generating much discussion amongst those who maintain the internet sites. There are two cases in which problems can be caused for organizations:
- A member of staff engages in such practices and is found out by internet users, thereby associating the organization name with the activity.
- A posting by an unrelated third party, pretends to be the organization, or a representative.
In either case, if such posts are abusive, or otherwise intended to stir up an argument, the likely result is a Flame Attack, or Mail Bombing.
- Impact Analysis
- As part of an Information Security Risk Assessment, you should identify the threats to your Business Assets and the impact such threats could have, if the threat resulted in a genuine incident.
Such analysis should quantify the value of the Business Assets being protected to decide on the appropriate level of safeguards.
- In-Application Programming (IAP)
- IAP is the ability of a microcontroller to run an application that reconfigures (reprograms) its own nonvolatile program code storage. Some flash FPGAs having a built-in microcontroller natively support both IAP and ISP.
See also the entries for In-System Programming.
- In-System Programming (ISP)
- ISP is the ability to program and reprogram an FPGA that is mounted on a circuit as part of a functional system. Flash and SRAM-based FPGA technologies support ISP.
- Incursion
- Incursion is a penetration of the system by an unauthorized source. Similar to an intrusion, the primary difference is that incursions are classed as hostile.
- Information Asset
- An Information Asset is a definable piece of information, stored in any manner, which is recognized as valuable to the organization. The information that comprises an Information Asset may be little more than a prospect name and address file; or it may be the plans for the release of the latest in a range of products to compete with competitors. Regardless of the nature of the information assets themselves, they all have one or more of the following characteristics:
- They are recognized to be of value to the organization.
- They are not easily replaceable without cost, skill, time, resources, or a combination.
- They form a part of the organization's corporate identity, without which the organization may be threatened.
- Their data classification would normally be Proprietary, Highly Confidential, or even Top Secret.
It is the purpose of Information Security to identify the threats against, the risks and the associated potential damage to, and the safeguarding of Information Assets.
- Information Warfare / Infowar
- Infowar, also known as cyberwar and netwar, is the use of information and information systems as weapons in a conflict in which the information and information systems themselves are the targets. Infowar has been divided into three classes:
- Individual privacy
- Industrial and economic espionage
- Global information warfare (nation state versus nation state)
As more "things" (other than traditional computers) such as cell phones, electric meters, and industrial automation controllers and sensors get connected to the Internet, the potential scope for cyber warfare increases.
- Intellectual Property (IP)
- Intellectual property is defined as creative, technical, and intellectual products, often associated with custom circuit designs implemented in ASIC or programmable logic architectures.
- Intrusion
- Intrusion is the technology equivalent of trespassing. It is an uninvited and unwelcome entry into a system by an unauthorized source. While Incursions are always seen as hostile, intrusions may well be innocent, having occurred in error.
Strong verification and security systems can minimize intrusions.
- Invasive Attack
- Invasive attack is an attack on a semiconductor to determine its functionality and requires physical entry to the part. Typical methods include probing, etching, and FIB (focused ion beam) intrusion.
See also the entries for Noninvasive Attack and Semi-invasive Attack.
- ISP
- See In-System Programming.
- Malicious Code
- Malicious code includes all and any programs (including macros and scripts) that are deliberately coded in order to cause an unexpected (and usually unwanted) event on a PC or other system. However, whereas antivirus definitions (vaccines) are released weekly or monthly, they operate retrospectively. In other words, someone's PC has to become infected with the virus before the antivirus definition can be developed. In May 2000, when the Love Bug was discovered, although the antivirus vendors worked around the clock, the virus had already infected tens of thousands of organizations around the world, before the vaccine became available.
See also the entries for Virus, Worm, and Trojan Horse.
- Message Authentication Code
- A Message Authentication Code (MAC) is similar to a hash function in that it computes a random-like output digest from any size input message, but unlike a hash, which is a public function that anyone can compute, a MAC uses a secret key so that only those in possession of the secret can correctly create or verify it.
- Message Digest
- See Hash Function.
- Mission Critical
- Derived from military usage, the term mission critical is used to describe activities, processing, etc. that are deemed vital to the organization's business success and, possibly, its very existence.
Some major applications are described as being mission critical in the sense that, if the application fails, crashes, or is otherwise unavailable to the organization, it will have a significant negative impact upon the business. Although the definition will vary from organization to organization, such applications include accounts/billing, customer balances, computer controlled machinery and production lines, JIT ordering, and delivery scheduling.
- Modes of Operation
- See Block Cipher Modes of Operation.
- National Institute of Standards and Technology (NIST)
- NIST was formerly the National Bureau of Standards (NBS). NIST is the government agency that sets weights and measures for the United States. It is an agency of the Commerce Department. In security and cryptography, NIST works closely with the National Security Agency (NSA), a part of the Defense Department, to set government standards and make recommendations for private sector use.
Of special interest are the Federal Information Processing Standards (FIPS) and the Special Publications 800 series (SP 800), which define many of the most commonly used cryptographic algorithms and protocols.
See also the entry for Security Requirements for Cryptographic Modules (FIPS 140).
- Nonce
- A number used only once. Nonces are an important element of many protocols because they help protect against replay attacks. By incorporating a unique nonce in the protocol the attacker cannot replay data from an earlier run of the protocol that, by definition, used a different nonce. Nonces are also often required for initialization vectors such as those used with some block cipher modes of operation, or stream ciphers. If the same initialization vector is used with the same key on more than one message, the security of the cipher mode can be very seriously compromised.
Common ways of generating nonces are by counting, using a time stamp, or using a sufficiently large random number whose chance of repeating is vanishingly small. The best choice depends upon the circumstances, because each of these has its own difficulties and advantages. For instance, in many systems it is very difficult to be sure of a secure time source. With a counter, the issue is to make sure that it is never reset or a count value used twice, even if the power supply is tampered with. In other systems there may not be a good source of entropy with which to create sufficiently large random numbers.
- Nondisclosure Agreement - NDA
- A nondisclosure agreement (NDA) is a legally binding document that protects the confidentiality of ideas, designs, plans, concepts or other commercial material. Most often, NDAs are signed by vendors, contractors, consultants, and other non-employees who may come into contact with such material.
- Noninvasive Attack
- A noninvasive attack is an attack on a semiconductor to determine its functionality that does not require physical entry to the part. Types of attacks include varying voltage levels to gain access, and side-channel analysis.
See also the entries for Invasive Attack, Semi-Invasive Attack, Fault Analysis and Side-Channel Analysis.
- Non-Repudiation
- For e-commerce and other electronic transactions, including ATMs (cash machines), all parties to a transaction must be confident that the transaction is secure, that the parties are who they say they are (authentication), and that the transaction is verified as final. Systems must ensure that a party cannot subsequently repudiate (reject) a transaction. To protect and ensure digital trust, the parties to such systems may employ digital signatures, which will not only validate the sender, but may also time stamp the transaction. Digital signatures use asymmetric cryptography where usually only one entity (person) holds the private signing key, preventing subsequent claims that the transaction was not authorized or not valid as might be the case if a key were known to more than one person making it difficult to prove who generated the signature.
- Nonvolatile
- A device is nonvolatile if it does not lose its contents when its power is removed. Nonvolatile memory is useful in microcomputer circuits because it can provide instructions for a CPU as soon as the power is applied, before secondary devices, such as disk, can be accessed. Nonvolatile memories include metal-mask read-only memory (ROM), fusible-link programmable ROM (PROM), ultra-voilet-erasable electrictrically-programmable ROM (UV-EPROM), and electrically-erasable PROM (EEPROM) including "flash" memory, a special type of EEPROM where the memory is erased in large blocks rather than by individual bytes or words, making it much faster and also less expensive.
- One-Time Pad
- The only provably secure cipher is the one-time pad. Keying material (k) of the same length as the message is exclusive-ORed (⊕) with the plaintext message (m) to obtain t he ciphertext. Decryption uses the same operation ( m ⊕ k ⊕ k = m ). Each bit of the keying material must be chosen completely at random, rather than calculated from a shorter key. The one-time pad can be generalized to work with non-binary alphabets, but with the advent of computers and integrated circuits, the binary representation is used almost universally.
Any cipher which uses a key shorter than the message can theoretically be broken by a brute force search, (although this may be computationally infeasible). Only the correct key will result in a semantically correct message and all wrong keys will decrypt to gibberish. If a brute force search is attempted against a message encrypted with a one-time pad, every possible message of the same length will be generated, including many semantically correct ones, and the attacker will not know which one to pick.
As in all stream ciphers, it is important to use the same keying material for only one message. If an attacker gets two messages encrypted using the same keying material, it is almost trivial for him to analyze them to recover both messages.
- Penetration
- Penetration is intrusion, trespassing, or unauthorized entry into a system. Merely contacting the system or using a keyboard to enter a password is not penetration, but gaining access to the contents of the data files by these or other means does constitute penetration.
Penetration testing, (sometimes shortened to pen-testing) is the execution of a testing plan, the sole purpose of which is to attempt to hack into a system using known tools and techniques.
- Physical Security
- Physical security consists of protection measures to safeguard the organization's systems. Physical security includes, but is not limited to, restrictions on entry to premises, restrictions on entry to computer department facilities, locking/disabling equipment, disconnection, fire-resistant and tamper-resistant storage facilities, anti-theft measures, and anti-vandal measures.
- Private Key Cryptography
- Private key cryptography is any cryptographic system where the parties to it share the same secret key. This includes all systems from ancient times until 1976 when public key cryptography was invented and publicly announced.
See also the entry for Public Key Cryptography.
- PKI (Public Key Infrastructure)
- Where encryption of data is required, perhaps between the organization's internal networks and between clients and representatives, a means of generating and managing the encryption keys is required.
PKI is the use and management of cryptographic keys—a public key and a private key—for secure transmission and authentication.
In a public key infrastructure some trusted agent called a Certificate Authority (CA) is charged with verifying that public keys are associated with the correct entity. Assuring this association is called binding. This is usually done with a public key certificate that is digitally signed by the trusted CA.
An example of a PKI is the system called TLS (or the older SSL) used by Internet browsers to set up an encrypted session with a website, to do online commerce, for example. Certificates signed by a CA trusted by the browser are presented by the website to the browser. In this way, the browser can trust that the website belongs to the purported company (your bank, for example) and not an imposter. From there, public key cryptography is used to generate a session key used to encrypt all traffic between the browser and the website.
- Power Analysis
- See Side-Channel Analysis (a super-set of power analysis), Simple Power Analysis, and Differential Power Analysis (both sub-types).
- PROM
-
Programmable read-only memory is a semiconductor's memory device that provides read access only to its memory content. Other versions include UV PROM (Ultraviolet), which can be erased with UV light and EEPROM (electronically erasable), which can be erased electrically. External PROMs are typically required to support an SRAM-based FPGA.
- Public Key Cryptography
- Public key cryptography is based upon the revolutionary principle that instead of using a shared secret key for two or more parties to communicate privately, as in all ciphers and codes before 1976, a key can have two parts: a public part and a secret part. The public part may be communicated to anyone and does not have to be kept secret. It can be used for encryption, thus allowing anyone in the world to encrypt a message intended for a given recipient. Only the recipient, namely the holder of the secret part of the key, can perform the decryption.
The first public key scheme, called the Diffie-Hellman key exchange algorithm, was published by Whitfield Diffie, Martin Hellman, and Ralph Merkle, in which they used mathematics based upon the difficulty of the discrete logarithm problem to generate a shared secret key between two parties that had no prior secret communication. This was later expanded into the Elgamal encryption system for enciphering messages. Shortly after, Ron Rivest, Adi Shamir, and Len Adleman published the now well known RSA encryption scheme named after them, based upon the difficulty of factoring large primes.
Besides greatly simplifying key distribution between anonymous parties, public key cryptography also introduced a new cryptographic service called digital signatures. The holder of the secret key "signs" a message with a message-dependent code only they can generate, and anyone in possession of the public key can verify the integrity of the data and the correctness of the signature. Since only one person holds the private key (unlike in symmetric key systems where at least two people have the key), it makes it much more difficult for the signer to later repudiate their signature.
Though attributed to the inventors mentioned above who were the first to publish their results, it is now known that public key cryptography had been invented a few years earlier by James Ellis, Clifford Cocks and Malcolm Williamson, employees of the General Communications Headquarters (GCHQ), a British government agency, which kept their results secret and largely failed to recognize the importance of the discoveries.
See also the entries on Private Key Cryptography, RSA, Elgamal, Diffie-Hellman Key Exchange, Hybrid Cryptosystem, and Digital Signatures.
- Random Numbers
- Random numbers are used extensively in cryptography, for generating secret keys and nonces, for example. In most implementations, they are binary numbers. The random numbers should be unknown and unpredictable to an adversary. An n-bit binary number which is completely unpredictable and unknown to an adversary is said to contain n bits of entropy; if the adversary has a better than 50%-50% chance of guessing some of the bits, the entropy is reduced.
True random numbers are derived from an unpredictable physical source, most often some form of electrical noise although radiation decay and some other physical processes are also sufficiently random though less practical. If each bit generated by the physical process is unbiased and uncorrelated with all the other bits then it has one bit of entropy. By gathering many such bits, one can accumulate a large amount of entropy.
Pseudo-random numbers are derived from a deterministic computational process. With good algorithms pseudo-random bits can be computationally indistinguishable from true random bits. However, no matter how many such bits are generated, the entropy content is limited by the lesser of the initial true random seed used to initialize the computation process and the number of bits of internal state storage. If an adversary were able to learn the internal state of a pseudo-random generator (by guessing or other means) he could predict all future values, and may even learn something about past values.
Important standards related to random numbers include:
- SP 800-90 — (NIST) Recommendation for Random Number Generation Using Deterministic Random Bit Generators
- FIPS 140-2 Annex C — (NIST) Approved Random Number Generators for FIPS PUB 140-2
- SP 800-22 — (NIST) A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
- Test Suite — (BSI) Random number Test Suite
- Resilience
- Resilience refers to the ability of a computer or system to withstand a range of load fluctuations and also remain stable under continuous and or adverse conditions. In cryptography, resilience also means the ability of hardware, software, or an algorithm to maintain some security properties (privacy of data, for example) in spite of natural or malicious faults.
- RSA
- RSA stands for (Ron) Rivest, (Adi) Shamir, and (Len) Adleman, who are the developers of the public-key encryption and digital signature algorithm named after them. This was the first full (complete) public key encryption algorithm. The RSA digital signature scheme was also the first of its type. They are also founders of RSA Data Security, which is now RSA Security.
The RSA public key cryptosystem is based upon the difficulty of factoring a number composed of two very large primes. This composite number is usually in the range of one thousand to eight thousand bits in length, with each of the two prime factors approximately half as long.
The capability to use RSA security is incorporated within all major Internet browsers, including Microsoft Internet Explorer and Mozilla Firefox, and other major corporate communication tools such as Lotus Domino® / Notes®.
The creation, use, and management of the public and private keys that are required for RSA security use a Public Key Infrastructure, or PKI.
The fundamental RSA patents have all expired.
- Reverse Engineering
- Reverse engineering is the act of examining a design to understand exactly how it works, with the intent to copy the design. The design is then altered to differentiate it from the original design for the purpose of improving upon it or to prevent legal action because of the theft.
- Security Breach
- A breach of security occurs when a stated organizational policy or legal requirement regarding information security has been contravened. However, every incident suggesting that the confidentiality, integrity and availability of the information has been inappropriately changed can be considered a security incident. Every security breach will always be initiated via a security incident. Only if confirmed does it become a security breach.
- Security Incident
- A security incident is an alert to the possibility that a breach of security may be taking place, or may have taken place.
- Security Requirements for Cryptographic Modules (FIPS 140)
- A NIST publication defining certification requirements for single-chip and multi-chip cryptographic modules. Currently at version 2 (i.e. FIPS 140-2) with four annexes: A , B , C , D with a draft circulating for public comment for version 3. Version 2 and the latest draft of version 3 define four levels of device security with increasing requirements for each level. The emphasis is on security features, such as tamper evidence and specific countermeasures.
See also the entry for Common Criteria and for the National Institute of Standards and Technology (NIST).
- Security Strength
- Security strength is a rough measure of the work effort, log base 2, required to attack a given cryptographic problem. For a well-designed block cipher, the best approach an attacker has is a brute force search over all the possible keys. In this case the security strength, measured in bits, is the same as the length of the key (in bits). For example, AES-128 (the version of AES using a 128-bit key) has an estimated security strength of 128 bits since the best known attack is a brute force search of all 2128keys.
For a well-designed hash function, the security strength varies depending upon which of the security properties is being depended upon in its usage (see the entry for Hash Function). For pre-image resistance and 2nd-pre-image resistance, the security strength is the same as the digest output size (in bits). For collisions, the security strength is very nearly half the number of bits in the output.
For public key algorithms, the security strength is a complicated function of the key size but also depends upon the most efficient attack algorithm known. Since the most efficient attacks on RSA or Elgamal do not work on elliptic curve algorithms, shorter keys can be used with elliptic curve cryptography for a given security strength. For elliptic curve algorithms, the keys must be roughly twice as long as for symmetric algorithms such as AES. RSA, Diffie-Hellman, and Elgamal all require comparable (to each other) but much longer keys. For example, a one-thousand bit RSA key is roughly equivalent in security strength to an 80-bit symmetric key and a 160-bit elliptic curve key.
Not all block ciphers and hash functions have the ideal security strength shown above. If some attacks are known that reduce the work factor to find the key (or pre-image, or collision, etc.) caused by a weakness in the algorithm, then the security strength is correspondingly downgraded. For instance, the MD5 hash algorithm design in 1994, which has a digest size of 128 bits, should have a collision resistance security factor of 64 bits (which in itself is marginal), but attacks had been found by 2006 that reduced the work factor to less than 224, (one trillion times easier) making it unsuitable for cryptographic applications since the latest/best attack algorithm known can find an MD5 collision in less than one minute on a standard notebook computer.
Security strength is often equated with the length of time the algorithm or secret data will be used. For short term (ephemeral) use, 80 bits may be enough for strong security, but for data that has to last a few years 100 bits or more is recommended, and for data that may have to keep secret for several decades, 128 bits is recommended. This is because attacks only get better, and computing equipment has been getting faster and cheaper due to Moore's Law.
- Semi-Invasive Attack
- A semi-invasive attack is an attack on a cryptographic device such as an integrated circuit which may involve removing all or part of the package, but does not require internal probing or cutting of circuit lines. Instead, the attack is carried out using optical observations or by injecting (temporary) faults optically, which do not require the active device to be touched. This family of attacks is generally less expensive to conduct than invasive attacks but more expensive than other types of fault attack or side-channel analysis.
See also the entries on Invasive Attack, Noninvasive Attack, Fault Analysis, Differential Fault Analysis, and Side-Channel Analysis.
- Shoulder Surfing
- Shoulder surfing is looking over a user's shoulder as they enter a password. This is one of the easiest ways of obtaining a password to breach system security. The practice is not restricted to office computers. It is used wherever passwords, PINs, or other ID codes are used.
- Side-Channel Analysis
- Side-channel analysis is a noninvasive (or occasionally a semi-invasive) analysis technique which attempts to break the security of a cryptographic system by observing information unintentionally leaked via side-channels. These side channels could be power consumption, electromagnetic emissions, optical emissions, thermal signatures, or timing of response times, for example. As all "real world" implementations of cryptographic systems have side channels, they represent a serious threat to the security provided by these systems.
See also the entries for Timing Analysis, Simple Power Analysis, Differential Power Analysis, Electromagnetic Analysis and also see Microsemi's side-channel analysis web page.
- Simple Power Analysis
- Simple power analysis is a side-channel analysis technique based upon one or just a few measurements of a security device's power consumption. Information about secrets being manipulated inside the device are unintentionally leaked out via the instantaneous power consumption of the device. In some cases, a secret key can be read more-or-less directly from simple observations of a single oscilloscope trace.
- Skipjack
- Skipjack is an NSA-developed encryption algorithm used by the Clipper Chip (a voice-encryption integrated circuit, circa 1993), which was designed to use a key escrow scheme so law enforcement agencies could gain access to encrypted conversations through a search warrant-like process. The details of the algorithm were originally unpublished, but the algorithm was declassified and published in 1998. Even so, poor popular opinion of the key escrow concept had already doomed the Clipper Chip.
- Smart Card
- Smart cards look and feel like credit cards, but have one important difference: they have a programmable microchip embedded. Their uses are extremely varied but, for information security, they are often used not only to authenticate the holder, but also to present the range of functions associated with that user's profile.
Smart Cards will often have an associated PIN number or password to provide a further safeguard. The main benefits of using Smart Cards is that their allocation can be strictly controlled, they are hard to forge, and are required to be physically inserted into a reader to initiate the authenticate process. Some newer smart cards, such as RFID cards and tags, use near-field RF communications both to power them and for communications, making their operation completely contactless.
- SRAM FPGA
- An SRAM FPGA is an FPGA that utilizes SRAM (Static Random Access Memory) technology to make the interconnect and to define the logic. SRAM FPGAs are reprogrammable, volatile, and require a boot-upprocess to initialize. SRAM FPGAs are generally considered less secure than flash or antifuse technology based FPGAs because the design configuration bitstream has to be loaded from an external component at each power-up cycle.
See also the entries for Differential Power Analysis and Cold-Boot Attack.
- Stream Cipher
- A stream cipher takes a stream of plaintext data, the message (m), and encrypts it by mixing it with a stream of keying material (k) of the same length to obtain the ciphertext. In almost all modern implementations, the mixing is performed using a binary exclusive-OR (XOR, ⊕) operation at the bit level. Decryption is then exactly the same as encryption, applying the keying material to the ciphertext using the XOR operation to obtain the plaintext ( m ⊕ k ⊕ k = m ). T he keying material is often derived from a fixed-size key much shorter than the message using building blocks such as linear feedback shift registers (LFSRs) and one or more non-linear operations such as starting and stopping the clock to some of the LFSRs, or look-up tables. Stream ciphers are often designed to be very efficient in hardware implementations, and are found in many communications systems such as cell phones. Many of the stream ciphers used in cell phones have been broken.
Some modes of block ciphers use a block cipher to create the stream of keying material by encrypting successive counter values, for instance. Like other stream ciphers, the keying material thus obtained is XORed with the plaintext data. These ciphers are as strong as the block cipher used to create them, which can be quite good, as is the case when AES is used in CTR, GCM, or OFB mode.
In all stream ciphers it is important to only use the same keying material for one message. If an attacker gets two messages encrypted using the same keying material, it is almost trivial for him to analyze them to recover both messages. In the case of a block cipher used in counter mode this means that the same key and initialization vector should never be used on more than one message.
See also the entries for Block Cipher Modes of Operation.
- Stuxnet
- Stuxnet is a 500-kilobyte computer worm that, according to reports, infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant. Although a computer virus relies on an unwitting victim to install it, a worm spreads on its own, often over a computer network. This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases. First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself. Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment, such as centrifuges. Finally, it compromised the programmable logic controllers. The worm’s authors could thus spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unbeknownst to the human operators at the plant. You can read more about StuxnetHere.
- Symmetric Cryptography
- See Private Key Cryptography.
- Tamper Detection
- Tamper detection is an alarm set off when any of a number of possible tamper detection sources is triggered. Common tamper detectors for high-end security integrated circuits include voltage, clock and temperature alarms, internal redundancy violations, physical tampering alarms such as a failure of a mesh covering important circuits, etc.
See also the entry on Zeroization, which is one possible response to a tamper detection alarm.
- Tamper Evidence
- Tamper evidence is some technique, analogous to wax seals on an envelope, that makes it obvious if a cryptographic device has been tampered with. It should be difficult to perform tampering without triggering the tamper evidence mechanism, and if triggered it should be difficult to cover up or hide the evidence of tampering after the fact.
The presence of a tamper evident mechanism is often enough to keep someone from tampering, especially if, like a contract manufacturer, they may stand to lose business if they are suspected of being the culprit.
- Tamper Resistant Packaging
- Often used in smart card systems, tamper resistant packaging is designed to render electronics inoperable if the product is physically (invasively) attacked.
See also the entries on Zeroization and Tamper Detection.
- Techno Crime
- Techno Crime is the term used by law enforcement agencies to denote criminal activity that uses (computer) technology, not as a tool to commit the crime, but as the subject of the crime itself. Techno Crime is usually pre-meditated and results in the deletion, corruption, alteration, theft, or copying of data on an organization's systems.
Techno Criminals will usually probe their prey system for weaknesses and will almost always leave an electronic "calling card" to ensure that their pseudonym identity is known.
- Techno Vandalism
- Techno vandalism is a term used to describe a hacker or cracker who breaks into a computer system with the sole intent of defacing and or destroying its contents. Techno vandals can deploy sniffers on the Internet to locate soft (insecure) targets and then execute a range of commands using a variety of protocols towards a range of ports. The best weapon against such attacks is a firewall which will hide and disguise your organization's presence on the Internet.
- Timing Analysis
- An analysis technique that uses secret-data-dependent timing variations to determine the secret. The timing information may be leaked out of the device doing cryptographic computations via its response time to external events, or by measurements of its power consumption, or via other side channels. Timing analysiswas first published by Paul Kocher et al in 1996. Naive implementations of public key algorithms seem to be especially vulnerable to timing analysis.
See also the entry on Cache Timing Attack.
- Trojan Horse
- Named after the gift horse in the Greek legend, it is malicious hardware or a software program disguised as a useful device or program. By operating it, the unsuspecting user may cause damage to their system, cause the Trojan Horse to spread itself, or open a hidden back-door into privileged data. One objective of the U.S. Trusted IC program is to prevent hardware Trojan Horses in integrated circuits.
- Virus
- See Computer Virus
- Volatile
- As applied to memory technology, volatile memory loses its data when power is removed. SRAM and DRAM technologies are volatile, while flash, EEPROM, and fuse-type memories are nonvolatile. The inability of an SRAM-based FPGA to maintain its configuration when power is removed is a function of the volatile memory technology upon which it is based. Thus, SRAM-based FPGAs require additional external nonvolatile memory components, and the sensitive data must be securely transported from the external device to the FPGA at each power-up cycle.
- Zeroization
- Active zeroization is used to erase critical information, followed by verification that the erase operation was successful. It can be used as one of many possible responses to a tamper detection alarm.
See also the entry for Tamper Detection.
Passive zeroization is erasure of nonvolatile memory by removal of the power source. Verification may be infeasible in this case.
See also the entry for Cold-Boot Attack.