[转载]Internet Security Glossary (RFC 2828)
信息来源:[url]ftp://ftp.isi.edu/in-notes/rfc2828.txt[/url]Network Working Group R. Shirey
Request for Comments: 2828 GTE / BBN Technologies
FYI: 36 May 2000
Category: Informational
Internet Security Glossary
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This Glossary (191 pages of definitions and 13 pages of references)
provides abbreviations, explanations, and recommendations for use of
information system security terminology. The intent is to improve the
comprehensibility of writing that deals with Internet security,
particularly Internet Standards documents (ISDs). To avoid confusion,
ISDs should use the same term or definition whenever the same concept
is mentioned. To improve international understanding, ISDs should use
terms in their plainest, dictionary sense. ISDs should use terms
established in standards documents and other well-founded
publications and should avoid substituting private or newly made-up
terms. ISDs should avoid terms that are proprietary or otherwise
favor a particular vendor, or that create a bias toward a particular
security technology or mechanism versus other, competing techniques
that already exist or might be developed in the future.
Shirey Informational [Page 1]
RFC 2828 Internet Security Glossary May 2000
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Explanation of Paragraph Markings . . . . . . . . . . . . . . 4
2.1 Recommended Terms with an Internet Basis ("I") . . . . . . 4
2.2 Recommended Terms with a Non-Internet Basis ("N") . . . . 5
2.3 Other Definitions ("O") . . . . . . . . . . . . . . . . . 5
2.4 Deprecated Terms, Definitions, and Uses ("D") . . . . . . 6
2.5 Commentary and Additional Guidance ("C") . . . . . . . . . 6
3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6
4. References . . . . . . . . . . . . . . . . . . . . . . . . . . 197
5. Security Considerations . . . . . . . . . . . . . . . . . . . 211
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 211
7. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 211
8. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 212
1. Introduction
This Glossary provides an internally consistent, complementary set of
abbreviations, definitions, explanations, and recommendations for use
of terminology related to information system security. The intent of
this Glossary is to improve the comprehensibility of Internet
Standards documents (ISDs)--i.e., RFCs, Internet-Drafts, and other
material produced as part of the Internet Standards Process [R2026]--
and of all other Internet material, too. Some non-security terms are
included to make the Glossary self-contained, but more complete lists
of networking terms are available elsewhere [R1208, R1983].
Some glossaries (e.g., [Raym]) list terms that are not listed here
but could be applied to Internet security. However, those terms have
not been included in this Glossary because they are not appropriate
for ISDs.
This Glossary marks terms and definitions as being either endorsed or
deprecated for use in ISDs, but this Glossary is not an Internet
standard. The key words "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" are intended to be interpreted the same way as in an
Internet Standard [R2119], but this guidance represents only the
recommendations of this author. However, this Glossary includes
reasons for the recommendations--particularly for the SHOULD NOTs--so
that readers can judge for themselves whether to follow the
recommendations.
Shirey Informational [Page 2]
RFC 2828 Internet Security Glossary May 2000
This Glossary supports the goals of the Internet Standards Process:
o Clear, Concise, and Easily Understood Documentation
This Glossary seeks to improve comprehensibility of security-
related content of ISDs. That requires wording to be clear and
understandable, and requires the set of security-related terms and
definitions to be consistent and self-supporting. Also, the
terminology needs to be uniform across all ISDs; i.e., the same
term or definition needs to be used whenever and wherever the same
concept is mentioned. Harmonization of existing ISDs need not be
done immediately, but it is desirable to correct and standardize
the terminology when new versions are issued in the normal course
of standards development and evolution.
o Technical Excellence
Just as Internet Standard (STD) protocols should operate
effectively, ISDs should use terminology accurately, precisely,
and unambiguously to enable Internet Standards to be implemented
correctly.
o Prior Implementation and Testing
Just as STD protocols require demonstrated experience and
stability before adoption, ISDs need to use well-established
language. Using terms in their plainest, dictionary sense (when
appropriate) helps to ensure international understanding. ISDs
need to avoid using private, made-up terms in place of generally-
accepted terms from standards and other publications. ISDs need to
avoid substituting new definitions that conflict with established
ones. ISDs need to avoid using "cute" synonyms (e.g., see: Green
Book); no matter how popular a nickname may be in one community,
it is likely to cause confusion in another.
o Openness, Fairness, and Timeliness
ISDs need to avoid terms that are proprietary or otherwise favor a
particular vendor, or that create a bias toward a particular
security technology or mechanism over other, competing techniques
that already exist or might be developed in the future. The set of
terminology used across the set of ISDs needs to be flexible and
adaptable as the state of Internet security art evolves.
Shirey Informational [Page 3]
RFC 2828 Internet Security Glossary May 2000
2. Explanation of Paragraph Markings
Section 3 marks terms and definitions as follows:
o Capitalization: Only terms that are proper nouns are capitalized.
o Paragraph Marking: Definitions and explanations are stated in
paragraphs that are marked as follows:
- "I" identifies a RECOMMENDED Internet definition.
- "N" identifies a RECOMMENDED non-Internet definition.
- "O" identifies a definition that is not recommended as the first
choice for Internet documents but is something that authors of
Internet documents need to know.
- "D" identifies a term or definition that SHOULD NOT be used in
Internet documents.
- "C" identifies commentary or additional usage guidance.
The rest of Section 2 further explains these five markings.
2.1 Recommended Terms with an Internet Basis ("I")
The paragraph marking "I" (as opposed to "O") indicates a definition
that SHOULD be the first choice for use in ISDs. Most terms and
definitions of this type MAY be used in ISDs; however, some "I"
definitions are accompanied by a "D" paragraph that recommends
against using the term. Also, some "I" definitions are preceded by an
indication of a contextual usage limitation (e.g., see:
certification), and ISDs should not the term and definition outside
that context
An "I" (as opposed to an "N") also indicates that the definition has
an Internet basis. That is, either the Internet Standards Process is
authoritative for the term, or the term is sufficiently generic that
this Glossary can freely state a definition without contradicting a
non-Internet authority (e.g., see: attack).
Many terms with "I" definitions are proper nouns (e.g., see:
Internet Protocol). For such terms, the "I" definition is intended
only to provide basic information; the authoritative definition is
found elsewhere.
For a proper noun identified as an "Internet protocol", please refer
to the current edition of "Internet Official Protocol Standards" (STD
1) for the standardization state and status of the protocol.
Shirey Informational [Page 4]
RFC 2828 Internet Security Glossary May 2000
2.2 Recommended Terms with a Non-Internet Basis ("N")
The paragraph marking "N" (as opposed to "O") indicates a definition
that SHOULD be the first choice for the term, if the term is used at
all in Internet documents. Terms and definitions of this type MAY be
used in Internet documents (e.g., see: X.509 public-key certificate).
However, an "N" (as opposed to an "I") also indicates a definition
that has a non-Internet basis or origin. Many such definitions are
preceded by an indication of a contextual usage limitation, and this
Glossary's endorsement does not apply outside that context. Also,
some contexts are rarely if ever expected to occur in a Internet
document (e.g., see: baggage). In those cases, the listing exists to
make Internet authors aware of the non-Internet usage so that they
can avoid conflicts with non-Internet documents.
Many terms with "N" definitions are proper nouns (e.g., see:
Computer Security Objects Register). For such terms, the "N"
definition is intended only to provide basic information; the
authoritative definition is found elsewhere.
2.3 Other Definitions ("O")
The paragraph marking "O" indicates a definition that has a non-
Internet basis, but indicates that the definition SHOULD NOT be used
in ISDs *except* in cases where the term is specifically identified
as non-Internet.
For example, an ISD might mention "BCA" (see: brand certification
authority) or "baggage" as an example to illustrate some concept; in
that case, the document should specifically say "SET(trademark) BCA"
or "SET(trademark) baggage" and include the definition of the term.
For some terms that have a definition published by a non-Internet
authority--government (see: object reuse), industry (see: Secure Data
Exchange), national (see: Data Encryption Standard), or international
(see: data confidentiality)--this Glossary marks the definition "N",
recommending its use in Internet documents. In other cases, the non-
Internet definition of a term is inadequate or inappropriate for
ISDs. For example, it may be narrow or outdated, or it may need
clarification by substituting more careful or more explanatory
wording using other terms that are defined in this Glossary. In those
cases, this Glossary marks the tern "O" and provides an "I"
definition (or sometimes a different "N" definition), which precedes
and supersedes the definition marked "O".
Shirey Informational [Page 5]
RFC 2828 Internet Security Glossary May 2000
In most of the cases where this Glossary provides a definition to
supersede one from a non-Internet standard, the substitute is
intended to subsume the meaning of the superseded "O" definition and
not conflict with it. For the term "security service", for example,
the "O" definition deals narrowly with only communication services
provided by layers in the OSI model and is inadequate for the full
range of ISD usage; the "I" definition can be used in more situations
and for more kinds of service. However, the "O" definition is also
provided here so that ISD authors will be aware of the context in
which the term is used more narrowly.
When making substitutions, this Glossary attempts to use
understandable English that does not contradict any non-Internet
authority. Still, terminology differs between the standards of the
American Bar Association, OSI, SET, the U.S. Department of Defense,
and other authorities, and this Glossary probably is not exactly
aligned with all of them.
2.4 Deprecated Terms, Definitions, and Uses ("D")
If this Glossary recommends that a term or definition SHOULD NOT be
used in ISDs, then either the definition has the paragraph marking
"D", or the restriction is stated in a "D" paragraph that immediately
follows the term or definition.
2.5 Commentary and Additional Guidance ("C")
The paragraph marking "C" identifies text that is advisory or
tutorial. This text MAY be reused in other Internet documents. This
text is not intended to be authoritative, but is provided to clarify
the definitions and to enhance this Glossary so that Internet
security novices can use it as a tutorial.
3. Definitions
Note: Each acronym or other abbreviation (except items of common
English usage, such as "e.g.", "etc.", "i.e.", "vol.", "pp.", "U.S.")
that is used in this Glossary, either in a definition or as a subpart
of a defined term, is also defined in this Glossary.
$ 3DES
See: triple DES.
$ *-property
(N) (Pronounced "star property".) See: "confinement property"
under Bell-LaPadula Model.
Shirey Informational [Page 6]
RFC 2828 Internet Security Glossary May 2000
$ ABA Guidelines
(N) "American Bar Association (ABA) Digital Signature Guidelines"
[ABA], a framework of legal principles for using digital
signatures and digital certificates in electronic commerce.
$ Abstract Syntax Notation One (ASN.1)
(N) A standard for describing data objects. [X680]
(C) OSI standards use ASN.1 to specify data formats for protocols.
OSI defines functionality in layers. Information objects at higher
layers are abstractly defined to be implemented with objects at
lower layers. A higher layer may define transfers of abstract
objects between computers, and a lower layer may define transfers
concretely as strings of bits. Syntax is needed to define abstract
objects, and encoding rules are needed to transform between
abstract objects and bit strings. (See: Basic Encoding Rules.)
(C) In ASN.1, formal names are written without spaces, and
separate words in a name are indicated by capitalizing the first
letter of each word except the first word. For example, the name
of a CRL is "certificateRevocationList".
$ ACC
See: access control center.
$ access
(I) The ability and means to communicate with or otherwise
interact with a system in order to use system resources to either
handle information or gain knowledge of the information the system
contains.
(O) "A specific type of interaction between a subject and an
object that results in the flow of information from one to the
other." [NCS04]
(C) In this Glossary, "access" is intended to cover any ability to
communicate with a system, including one-way communication in
either direction. In actual practice, however, entities outside a
security perimeter that can receive output from the system but
cannot provide input or otherwise directly interact with the
system, might be treated as not having "access" and, therefore, be
exempt from security policy requirements, such as the need for a
security clearance.
$ access control
(I) Protection of system resources against unauthorized access; a
process by which use of system resources is regulated according to
a security policy and is permitted by only authorized entities
Shirey Informational [Page 7]
RFC 2828 Internet Security Glossary May 2000
(users, programs, processes, or other systems) according to that
policy. (See: access, access control service.)
(O) "The prevention of unauthorized use of a resource, including
the prevention of use of a resource in an unauthorized manner."
[I7498 Part 2]
$ access control center (ACC)
(I) A computer containing a database with entries that define a
security policy for an access control service.
(C) An ACC is sometimes used in conjunction with a key center to
implement access control in a key distribution system for
symmetric cryptography.
$ access control list (ACL)
(I) A mechanism that implements access control for a system
resource by enumerating the identities of the system entities that
are permitted to access the resource. (See: capability.)
$ access control service
(I) A security service that protects against a system entity using
a system resource in a way not authorized by the system's security
policy; in short, protection of system resources against
unauthorized access. (See: access control, discretionary access
control, identity-based security policy, mandatory access control,
rule-based security policy.)
(C) This service includes protecting against use of a resource in
an unauthorized manner by an entity that is authorized to use the
resource in some other manner. The two basic mechanisms for
implementing this service are ACLs and tickets.
$ access mode
(I) A distinct type of data processing operation--e.g., read,
write, append, or execute--that a subject can potentially perform
on an object in a computer system.
$ accountability
(I) The property of a system (including all of its system
resources) that ensures that the actions of a system entity may be
traced uniquely to that entity, which can be held responsible for
its actions. (See: audit service.)
(C) Accountability permits detection and subsequent investigation
of security breaches.
Shirey Informational [Page 8]
RFC 2828 Internet Security Glossary May 2000
$ accredit
$ accreditation
(I) An administrative declaration by a designated authority that
an information system is approved to operate in a particular
security configuration with a prescribed set of safeguards.
[FP102] (See: certification.)
(C) An accreditation is usually based on a technical certification
of the system's security mechanisms. The terms "certification" and
"accreditation" are used more in the U.S. Department of Defense
and other government agencies than in commercial organizations.
However, the concepts apply any place where managers are required
to deal with and accept responsibility for security risks. The
American Bar Association is developing accreditation criteria for
CAs.
$ ACL
See: access control list.
$ acquirer
(N) SET usage: "The financial institution that establishes an
account with a merchant and processes payment card authorizations
and payments." [SET1]
(O) "The institution (or its agent) that acquires from the card
acceptor the financial data relating to the transaction and
initiates that data into an interchange system." [SET2]
$ active attack
See: (secondary definition under) attack.
$ active wiretapping
See: (secondary definition under) wiretapping.
$ add-on security
(I) "The retrofitting of protection mechanisms, implemented by
hardware or software, after the [automatic data processing] system
has become operational." [FP039]
$ administrative security
(I) Management procedures and constraints to prevent unauthorized
access to a system. (See: security architecture.)
(O) "The management constraints, operational procedures,
accountability procedures, and supplemental controls established
to provide an acceptable level of protection for sensitive data."
[FP039]
Shirey Informational [Page 9]
RFC 2828 Internet Security Glossary May 2000
(C) Examples include clear delineation and separation of duties,
and configuration control.
$ Advanced Encryption Standard (AES)
(N) A future FIPS publication being developed by NIST to succeed
DES. Intended to specify an unclassified, publicly-disclosed,
symmetric encryption algorithm, available royalty-free worldwide.
$ adversary
(I) An entity that attacks, or is a threat to, a system.
$ aggregation
(I) A circumstance in which a collection of information items is
required to be classified at a higher security level than any of
the individual items that comprise it.
$ AH
See: Authentication Header
$ algorithm
(I) A finite set of step-by-step instructions for a problem-
solving or computation procedure, especially one that can be
implemented by a computer. (See: cryptographic algorithm.)
$ alias
(I) A name that an entity uses in place of its real name, usually
for the purpose of either anonymity or deception.
$ American National Standards Institute (ANSI)
(N) A private, not-for-profit association of users, manufacturers,
and other organizations, that administers U.S. private sector
voluntary standards.
(C) ANSI is the sole U.S. representative to the two major non-
treaty international standards organizations, ISO and, via the
U.S. National Committee (USNC), the International Electrotechnical
Commission (IEC).
$ anonymous
(I) The condition of having a name that is unknown or concealed.
(See: anonymous login.)
(C) An application may require security services that maintain
anonymity of users or other system entities, perhaps to preserve
their privacy or hide them from attack. To hide an entity's real
name, an alias may be used. For example, a financial institution
may assign an account number. Parties to a transaction can thus
remain relatively anonymous, but can also accept the transaction
Shirey Informational [Page 10]
RFC 2828 Internet Security Glossary May 2000
as legitimate. Real names of the parties cannot be easily
determined by observers of the transaction, but an authorized
third party may be able to map an alias to a real name, such as by
presenting the institution with a court order. In other
applications, anonymous entities may be completely untraceable.
$ anonymous login
(I) An access control feature (or, rather, an access control
weakness) in many Internet hosts that enables users to gain access
to general-purpose or public services and resources on a host
(such as allowing any user to transfer data using File Transfer
Protocol) without having a pre-established, user-specific account
(i.e., user name and secret password).
(C) This feature exposes a system to more threats than when all
the users are known, pre-registered entities that are individually
accountable for their actions. A user logs in using a special,
publicly known user name (e.g., "anonymous", "guest", or "ftp").
To use the public login name, the user is not required to know a
secret password and may not be required to input anything at all
except the name. In other cases, to complete the normal sequence
of steps in a login protocol, the system may require the user to
input a matching, publicly known password (such as "anonymous") or
may ask the user for an e-mail address or some other arbitrary
character string.
$ APOP
See: POP3 APOP.
$ archive
(I) (1.) Noun: A collection of data that is stored for a
relatively long period of time for historical and other purposes,
such as to support audit service, availability service, or system
integrity service. (See: backup.) (2.) Verb: To store data in such
a way. (See: back up.)
(C) A digital signature may need to be verified many years after
the signing occurs. The CA--the one that issued the certificate
containing the public key needed to verify that signature--may not
stay in operation that long. So every CA needs to provide for
long-term storage of the information needed to verify the
signatures of those to whom it issues certificates.
$ ARPANET
(N) Advanced Research Projects Agency Network, a pioneer packet-
switched network that was built in the early 1970s under contract
to the U.S. Government, led to the development of today's
Internet, and was decommissioned in June 1990.
Shirey Informational [Page 11]
RFC 2828 Internet Security Glossary May 2000
$ ASN.1
See: Abstract Syntax Notation One.
$ association
(I) A cooperative relationship between system entities, usually
for the purpose of transferring information between them. (See:
security association.)
$ assurance
(I) (1.) An attribute of an information system that provides
grounds for having confidence that the system operates such that
the system security policy is enforced. (2.) A procedure that
ensures a system is developed and operated as intended by the
system's security policy.
$ assurance level
(I) Evaluation usage: A specific level on a hierarchical scale
representing successively increased confidence that a target of
evaluation adequately fulfills the requirements. (E.g., see:
TCSEC.)
$ asymmetric cryptography
(I) A modern branch of cryptography (popularly known as "public-
key cryptography") in which the algorithms employ a pair of keys
(a public key and a private key) and use a different component of
the pair for different steps of the algorithm. (See: key pair.)
(C) Asymmetric algorithms have key management advantages over
equivalently strong symmetric ones. First, one key of the pair
does not need to be known by anyone but its owner; so it can more
easily be kept secret. Second, although the other key of the pair
is shared by all entities that use the algorithm, that key does
not need to be kept secret from other, non-using entities; so the
key distribution part of key management can be done more easily.
(C) For encryption: In an asymmetric encryption algorithm (e.g.,
see: RSA), when Alice wants to ensure confidentiality for data she
sends to Bob, she encrypts the data with a public key provided by
Bob. Only Bob has the matching private key that is needed to
decrypt the data.
(C) For signature: In an asymmetric digital signature algorithm
(e.g., see: DSA), when Alice wants to ensure data integrity or
provide authentication for data she sends to Bob, she uses her
private key to sign the data (i.e., create a digital signature
based on the data). To verify the signature, Bob uses the matching
public key that Alice has provided.
Shirey Informational [Page 12]
RFC 2828 Internet Security Glossary May 2000
(C) For key agreement: In an asymmetric key agreement algorithm
(e.g., see: Diffie-Hellman), Alice and Bob each send their own
public key to the other person. Then each uses their own private
key and the other's public key to compute the new key value.
$ attack
(I) An assault on system security that derives from an intelligent
threat, i.e., an intelligent act that is a deliberate attempt
(especially in the sense of a method or technique) to evade
security services and violate the security policy of a system.
(See: penetration, violation, vulnerability.)
- Active vs. passive: An "active attack" attempts to alter system
resources or affect their operation. A "passive attack"
attempts to learn or make use of information from the system
but does not affect system resources. (E.g., see: wiretapping.)
- Insider vs. outsider: An "inside attack" is an attack initiated
by an entity inside the security perimeter (an "insider"),
i.e., an entity that is authorized to access system resources
but uses them in a way not approved by those who granted the
authorization. An "outside attack" is initiated from outside
the perimeter, by an unauthorized or illegitimate user of the
system (an "outsider"). In the Internet, potential outside
attackers range from amateur pranksters to organized criminals,
international terrorists, and hostile governments.
(C) The term "attack" relates to some other basic security terms
as shown in the following diagram:
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
| An Attack: | |Counter- | | A System Resource: |
| i.e., A Threat Action | | measure | | Target of the Attack |
| +----------+ | | | | +-----------------+ |
| | Attacker |<==================||<========= | |
| | i.e., | Passive | | | | | Vulnerability | |
| | A Threat |<=================>||<========> | |
| | Agent | or Active | | | | +-------|||-------+ |
| +----------+ Attack | | | | VVV |
| | | | | Threat Consequences |
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
$ attribute authority
(I) A CA that issues attribute certificates.
(O) "An authority, trusted by the verifier to delegate privilege,
which issues attribute certificates." [FPDAM]
Shirey Informational [Page 13]
RFC 2828 Internet Security Glossary May 2000
$ attribute certificate
(I) A digital certificate that binds a set of descriptive data
items, other than a public key, either directly to a subject name
or to the identifier of another certificate that is a public-key
certificate. [X509]
(O) "A set of attributes of a user together with some other
information, rendered unforgeable by the digital signature created
using the private key of the CA which issued it." [X509]
(O) "A data structure that includes some attribute values and
identification information about the owner of the attribute
certificate, all digitally signed by an Attribute Authority. This
authority's signature serves as the guarantee of the binding
between the attributes and their owner." [FPDAM]
(C) A public-key certificate binds a subject name to a public key
value, along with information needed to perform certain
cryptographic functions. Other attributes of a subject, such as a
security clearance, may be certified in a separate kind of digital
certificate, called an attribute certificate. A subject may have
multiple attribute certificates associated with its name or with
each of its public-key certificates.
(C) An attribute certificate might be issued to a subject in the
following situations:
- Different lifetimes: When the lifetime of an attribute binding
is shorter than that of the related public-key certificate, or
when it is desirable not to need to revoke a subject's public
key just to revoke an attribute.
- Different authorities: When the authority responsible for the
attributes is different than the one that issues the public-key
certificate for the subject. (There is no requirement that an
attribute certificate be issued by the same CA that issued the
associated public-key certificate.)
$ audit service
(I) A security service that records information needed to
establish accountability for system events and for the actions of
system entities that cause them. (See: security audit.)
$ audit trail
See: security audit trail.
Shirey Informational [Page 14]
RFC 2828 Internet Security Glossary May 2000
$ AUTH
See: POP3 AUTH.
$ authentic signature
(I) A signature (particularly a digital signature) that can be
trusted because it can be verified. (See: validate vs. verify.)
$ authenticate
(I) Verify (i.e., establish the truth of) an identity claimed by
or for a system entity. (See: authentication.)
(D) In general English usage, this term usually means "to prove
genuine" (e.g., an art expert authenticates a Michelangelo
painting). But the recommended definition carries a much narrower
meaning. For example, to be precise, an ISD SHOULD NOT say "the
host authenticates each received datagram". Instead, the ISD
SHOULD say "the host authenticates the origin of each received
datagram". In most cases, we also can say "and verifies the
datagram's integrity", because that is usually implied. (See:
("relationship between data integrity service and authentication
services" under) data integrity service.)
(D) ISDs SHOULD NOT talk about authenticating a digital signature
or digital certificate. Instead, we "sign" and then "verify"
digital signatures, and we "issue" and then "validate" digital
certificates. (See: validate vs. verify.)
$ authentication
(I) The process of verifying an identity claimed by or for a
system entity. (See: authenticate, authentication exchange,
authentication information, credential, data origin
authentication, peer entity authentication.)
(C) An authentication process consists of two steps:
1. Identification step: Presenting an identifier to the security
system. (Identifiers should be assigned carefully, because
authenticated identities are the basis for other security
services, such as access control service.)
2. Verification step: Presenting or generating authentication
information that corroborates the binding between the entity
and the identifier. (See: verification.)
(C) See: ("relationship between data integrity service and
authentication services" under) data integrity service.
Shirey Informational [Page 15]
RFC 2828 Internet Security Glossary May 2000
$ authentication code
(D) ISDs SHOULD NOT use this term as a synonym for any form of
checksum, whether cryptographic or not. The word "authentication"
is misleading because the mechanism involved usually serves a data
integrity function rather than an authentication function, and the
word "code" is misleading because it implies that either encoding
or encryption is involved or that the term refers to computer
software. (See: message authentication code.)
$ authentication exchange
(I) A mechanism to verify the identity of an entity by means of
information exchange.
(O) "A mechanism intended to ensure the identity of an entity by
means of information exchange." [I7498 Part 2]
$ Authentication Header (AH)
(I) An Internet IPsec protocol [R2402] designed to provide
connectionless data integrity service and data origin
authentication service for IP datagrams, and (optionally) to
provide protection against replay attacks.
(C) Replay protection may be selected by the receiver when a
security association is established. AH authenticates upper-layer
protocol data units and as much of the IP header as possible.
However, some IP header fields may change in transit, and the
value of these fields, when the packet arrives at the receiver,
may not be predictable by the sender. Thus, the values of such
fields cannot be protected end-to-end by AH; protection of the IP
header by AH is only partial when such fields are present.
(C) AH may be used alone, or in combination with the IPsec ESP
protocol, or in a nested fashion with tunneling. Security services
can be provided between a pair of communicating hosts, between a
pair of communicating security gateways, or between a host and a
gateway. ESP can provide the same security services as AH, and ESP
can also provide data confidentiality service. The main difference
between authentication services provided by ESP and AH is the
extent of the coverage; ESP does not protect IP header fields
unless they are encapsulated by AH.
$ authentication information
(I) Information used to verify an identity claimed by or for an
entity. (See: authentication, credential.)
(C) Authentication information may exist as, or be derived from,
one of the following:
Shirey Informational [Page 16]
RFC 2828 Internet Security Glossary May 2000
- Something the entity knows. (See: password).
- Something the entity possesses. (See: token.)
- Something the entity is. (See: biometric authentication.)
$ authentication service
(I) A security service that verifies an identity claimed by or for
an entity. (See: authentication.)
(C) In a network, there are two general forms of authentication
service: data origin authentication service and peer entity
authentication service.
$ authenticity
(I) The property of being genuine and able to be verified and be
trusted. (See: authenticate, authentication, validate vs. verify)
$ authority
(D) "An entity, responsible for the issuance of certificates."
[FPDAM]
(C) ISDs SHOULD NOT use this term as a synonym for AA, CA, RA,
ORA, or similar terms, because it may cause confusion. Instead,
use the full term at the first instance of usage and then, if it
is necessary to shorten text, use the style of abbreviation
defined in this Glossary.
(C) ISDs SHOULD NOT use this definition for any PKI entity,
because the definition is ambiguous with regard to whether the
entity actually issues certificates (e.g., attribute authority or
certification authority) or just has accountability for processes
that precede or follow signing (e.g., registration authority).
(See: issue.)
$ authority certificate
(D) "A certificate issued to an authority (e.g. either to a
certification authority or to an attribute authority)." [FPDAM]
(See: authority.)
(C) ISDs SHOULD NOT use this term or definition because they are
ambiguous with regard to which specific types of PKI entities they
address.
$ authority revocation list (ARL)
(I) A data structure that enumerates digital certificates that
were issued to CAs but have been invalidated by their issuer prior
to when they were scheduled to expire. (See: certificate
expiration, X.509 authority revocation list.)
Shirey Informational [Page 17]
RFC 2828 Internet Security Glossary May 2000
(O) "A revocation list containing a list of public-key
certificates issued to authorities, which are no longer considered
valid by the certificate issuer." [FPDAM]
$ authorization
$ authorize
(I) (1.) An "authorization" is a right or a permission that is
granted to a system entity to access a system resource. (2.) An
"authorization process" is a procedure for granting such rights.
(3.) To "authorize" means to grant such a right or permission.
(See: privilege.)
(O) SET usage: "The process by which a properly appointed person
or persons grants permission to perform some action on behalf of
an organization. This process assesses transaction risk, confirms
that a given transaction does not raise the account holder's debt
above the account's credit limit, and reserves the specified
amount of credit. (When a merchant obtains authorization, payment
for the authorized amount is guaranteed--provided, of course, that
the merchant followed the rules associated with the authorization
process.)" [SET2]
$ automated information system
(I) An organized assembly of resources and procedures--i.e.,
computing and communications equipment and services, with their
supporting facilities and personnel--that collect, record,
process, store, transport, retrieve, or display information to
accomplish a specified set of functions.
$ availability
(I) The property of a system or a system resource being accessible
and usable upon demand by an authorized system entity, according
to performance specifications for the system; i.e., a system is
available if it provides services according to the system design
whenever users request them. (See: critical, denial of service,
reliability, survivability.)
(O) "The property of being accessible and usable upon demand by an
authorized entity." [I7498 Part 2]
$ availability service
(I) A security service that protects a system to ensure its
availability.
(C) This service addresses the security concerns raised by denial-
of-service attacks. It depends on proper management and control of
system resources, and thus depends on access control service and
other security services.
Shirey Informational [Page 18]
RFC 2828 Internet Security Glossary May 2000
$ back door
(I) A hardware or software mechanism that (a) provides access to a
system and its resources by other than the usual procedure, (b)
was deliberately left in place by the system's designers or
maintainers, and (c) usually is not publicly known. (See: trap
door.)
(C) For example, a way to access a computer other than through a
normal login. Such access paths do not necessarily have malicious
intent; e.g., operating systems sometimes are shipped by the
manufacturer with privileged accounts intended for use by field
service technicians or the vendor's maintenance programmers. (See:
trap door.)
$ back up vs. backup
(I) Verb "back up": To store data for the purpose of creating a
backup copy. (See: archive.)
(I) Noun/adjective "backup": (1.) A reserve copy of data that is
stored separately from the original, for use if the original
becomes lost or damaged. (See: archive.) (2.) Alternate means to
permit performance of system functions despite a disaster to
system resources. (See: contingency plan.)
$ baggage
(D) ISDs SHOULD NOT use this term to describe a data element
except when stated as "SET(trademark) baggage" with the following
meaning:
(O) SET usage: An "opaque encrypted tuple, which is included in a
SET message but appended as external data to the PKCS encapsulated
data. This avoids superencryption of the previously encrypted
tuple, but guarantees linkage with the PKCS portion of the
message." [SET2]
$ bandwidth
(I) Commonly used to mean the capacity of a communication channel
to pass data through the channel in a given amount of time.
Usually expressed in bits per second.
$ bank identification number (BIN)
(N) The digits of a credit card number that identify the issuing
bank. (See: primary account number.)
(O) SET usage: The first six digits of a primary account number.
Shirey Informational [Page 19]
RFC 2828 Internet Security Glossary May 2000
$ Basic Encoding Rules (BER)
(I) A standard for representing ASN.1 data types as strings of
octets. [X690] (See: Distinguished Encoding Rules.)
$ bastion host
(I) A strongly protected computer that is in a network protected
by a firewall (or is part of a firewall) and is the only host (or
one of only a few hosts) in the network that can be directly
accessed from networks on the other side of the firewall.
(C) Filtering routers in a firewall typically restrict traffic
from the outside network to reaching just one host, the bastion
host, which usually is part of the firewall. Since only this one
host can be directly attacked, only this one host needs to be very
strongly protected, so security can be maintained more easily and
less expensively. However, to allow legitimate internal and
external users to access application resources through the
firewall, higher layer protocols and services need to be relayed
and forwarded by the bastion host. Some services (e.g., DNS and
SMTP) have forwarding built in; other services (e.g., TELNET and
FTP) require a proxy server on the bastion host.
$ BCA
See: brand certification authority.
$ BCI
See: brand CRL identifier.
$ Bell-LaPadula Model
(N) A formal, mathematical, state-transition model of security
policy for multilevel-secure computer systems. [Bell]
(C) The model separates computer system elements into a set of
subjects and a set of objects. To determine whether or not a
subject is authorized for a particular access mode on an object,
the clearance of the subject is compared to the classification of
the object. The model defines the notion of a "secure state", in
which the only permitted access modes of subjects to objects are
in accordance with a specified security policy. It is proven that
each state transition preserves security by moving from secure
state to secure state, thereby proving that the system is secure.
(C) In this model, a multilevel-secure system satisfies several
rules, including the following:
Shirey Informational [Page 20]
RFC 2828 Internet Security Glossary May 2000
- "Confinement property" (also called "*-property", pronounced
"star property"): A subject has write access to an object only
if classification of the object dominates the clearance of the
subject.
- "Simple security property": A subject has read access to an
object only if the clearance of the subject dominates the
classification of the object.
- "Tranquillity property": The classification of an object does
not change while the object is being processed by the system.
$ BER
See: Basic Encoding Rules.
$ beyond A1
(O) (1.) Formally, a level of security assurance that is beyond
the highest level of criteria specified by the TCSEC. (2.)
Informally, a level of trust so high that it cannot be provided or
verified by currently available assurance methods, and
particularly not by currently available formal methods.
$ BIN
See: bank identification number.
$ bind
(I) To inseparably associate by applying some mechanism, such as
when a CA uses a digital signature to bind together a subject and
a public key in a public-key certificate.
$ biometric authentication
(I) A method of generating authentication information for a person
by digitizing measurements of a physical characteristic, such as a
fingerprint, a hand shape, a retina pattern, a speech pattern
(voiceprint), or handwriting.
$ bit
(I) The smallest unit of information storage; a contraction of the
term "binary digit"; one of two symbols--"0" (zero) and "1" (one)
--that are used to represent binary numbers.
$ BLACK
(I) Designation for information system equipment or facilities
that handle (and for data that contains) only ciphertext (or,
depending on the context, only unclassified information), and for
such data itself. This term derives from U.S. Government COMSEC
terminology. (See: RED, RED/BLACK separation.)
Shirey Informational [Page 21]
RFC 2828 Internet Security Glossary May 2000
$ block cipher
(I) An encryption algorithm that breaks plaintext into fixed-size
segments and uses the same key to transform each plaintext segment
into a fixed-size segment of ciphertext. (See: mode, stream
cipher.)
(C) For example, Blowfish, DEA, IDEA, RC2, and SKIPJACK. However,
a block cipher can be adapted to have a different external
interface, such as that of a stream cipher, by using a mode of
operation to "package" the basic algorithm.
$ Blowfish
(N) A symmetric block cipher with variable-length key (32 to 448
bits) designed in 1993 by Bruce Schneier as an unpatented,
license-free, royalty-free replacement for DES or IDEA. [Schn]
$ brand
(I) A distinctive mark or name that identifies a product or
business entity.
(O) SET usage: The name of a payment card. Financial institutions
and other companies have founded payment card brands, protect and
advertise the brands, establish and enforce rules for use and
acceptance of their payment cards, and provide networks to
interconnect the financial institutions. These brands combine the
roles of issuer and acquirer in interactions with cardholders and
merchants. [SET1]
$ brand certification authority (BCA)
(O) SET usage: A CA owned by a payment card brand, such as
MasterCard, Visa, or American Express. [SET2] (See: certification
hierarchy, SET.)
$ brand CRL identifier (BCI)
(O) SET usage: A digitally signed list, issued by a BCA, of the
names of CAs for which CRLs need to be processed when verifying
signatures in SET messages. [SET2]
$ break
(I) Cryptographic usage: To successfully perform cryptanalysis and
thus succeed in decrypting data or performing some other
cryptographic function, without initially having knowledge of the
key that the function requires. (This term applies to encrypted
data or, more generally, to a cryptographic algorithm or
cryptographic system.)
Shirey Informational [Page 22]
RFC 2828 Internet Security Glossary May 2000
$ bridge
(I) A computer that is a gateway between two networks (usually two
LANs) at OSI layer 2. (See: router.)
$ British Standard 7799
(N) Part 1 is a standard code of practice and provides guidance on
how to secure an information system. Part 2 specifies the
management framework, objectives, and control requirements for
information security management systems [B7799]. The certification
scheme works like ISO 9000. It is in use in the UK, the
Netherlands, Australia, and New Zealand and might be proposed as
an ISO standard or adapted to be part of the Common Criteria.
$ browser
(I) An client computer program that can retrieve and display
information from servers on the World Wide Web.
(C) For example, Netscape's Navigator and Communicator, and
Microsoft's Explorer.
$ brute force
(I) A cryptanalysis technique or other kind of attack method
involving an exhaustive procedure that tries all possibilities,
one-by-one.
(C) For example, for ciphertext where the analyst already knows
the decryption algorithm, a brute force technique to finding the
original plaintext is to decrypt the message with every possible
key.
$ BS7799
See: British Standard 7799.
$ byte
(I) A fundamental unit of computer storage; the smallest
addressable unit in a computer's architecture. Usually holds one
character of information and, today, usually means eight bits.
(See: octet.)
(C) Larger than a "bit", but smaller than a "word". Although
"byte" almost always means "octet" today, bytes had other sizes
(e.g., six bits, nine bits) in earlier computer architectures.
$ CA
See: certification authority.
Shirey Informational [Page 23]
RFC 2828 Internet Security Glossary May 2000
$ CA certificate
(I) "A [digital] certificate for one CA issued by another CA."
[X509]
(C) That is, a digital certificate whose holder is able to issue
digital certificates. A v3 X.509 public-key certificate may have a
"basicConstraints" extension containing a "cA" value that
specifically "indicates whether or not the public key may be used
to verify certificate signatures."
$ call back
(I) An authentication technique for terminals that remotely access
a computer via telephone lines. The host system disconnects the
caller and then calls back on a telephone number that was
previously authorized for that terminal.
$ capability
(I) A token, usually an unforgeable data value (sometimes called a
"ticket") that gives the bearer or holder the right to access a
system resource. Possession of the token is accepted by a system
as proof that the holder has been authorized to access the
resource named or indicated by the token. (See: access control
list, credential, digital certificate.)
(C) This concept can be implemented as a digital certificate.
(See: attribute certificate.)
$ CAPI
See: cryptographic application programming interface.
$ CAPSTONE chip
(N) An integrated circuit (the Mykotronx, Inc. MYK-82) with a Type
II cryptographic processor that implements SKIPJACK, KEA, DSA,
SHA, and basic mathematical functions to support asymmetric
cryptography, and includes the key escrow feature of the CLIPPER
chip. (See: FORTEZZA card.)
$ card
See: cryptographic card, FORTEZZA card, payment card, PC card,
smart card, token.
$ card backup
See: token backup.
$ card copy
See: token copy.
Shirey Informational [Page 24]
RFC 2828 Internet Security Glossary May 2000
$ card restore
See: token restore.
$ cardholder
(I) An entity that has been issued a card.
(O) SET usage: "The holder of a valid payment card account and
user of software supporting electronic commerce." [SET2] A
cardholder is issued a payment card by an issuer. SET ensures that
in the cardholder's interactions with merchants, the payment card
account information remains confidential. [SET1]
$ cardholder certificate
(O) SET usage: A digital certificate that is issued to a
cardholder upon approval of the cardholder's issuing financial
institution and that is transmitted to merchants with purchase
requests and encrypted payment instructions, carrying assurance
that the account number has been validated by the issuing
financial institution and cannot be altered by a third party.
[SET1]
$ cardholder certification authority (CCA)
(O) SET usage: A CA responsible for issuing digital certificates
to cardholders and operated on behalf of a payment card brand, an
issuer, or another party according to brand rules. A CCA maintains
relationships with card issuers to allow for the verification of
cardholder accounts. A CCA does not issue a CRL but does
distribute CRLs issued by root CAs, brand CAs, geopolitical CAs,
and payment gateway CAs. [SET2]
$ CAST
(N) A design procedure for symmetric encryption algorithms, and a
resulting family of algorithms, invented by C.A. (Carlisle Adams)
and S.T. (Stafford Tavares). [R2144, R2612]
$ category
(I) A grouping of sensitive information items to which a non-
hierarchical restrictive security label is applied to increase
protection of the data. (See: compartment.)
$ CAW
See: certification authority workstation.
$ CBC
See: cipher block chaining.
$ CCA
See: cardholder certification authority.
Shirey Informational [Page 25]
RFC 2828 Internet Security Glossary May 2000
$ CCITT
(N) Acronym for French translation of International Telephone and
Telegraph Consultative Committee. Now renamed ITU-T.
$ CERT
See: computer emergency response team.
$ certificate
(I) General English usage: A document that attests to the truth of
something or the ownership of something.
(C) Security usage: See: capability, digital certificate.
(C) PKI usage: See: attribute certificate, public-key certificate.
$ certificate authority
(D) ISDs SHOULD NOT use this term because it looks like sloppy use
of "certification authority", which is the term standardized by
X.509.
$ certificate chain
(D) ISDs SHOULD NOT use this term because it duplicates the
meaning of a standardized term. Instead, use "certification path".
$ certificate chain validation
(D) ISDs SHOULD NOT use this term because it duplicates the
meaning of standardized terms and mixes concepts in a potentially
misleading way. Instead, use "certificate validation" or "path
validation", depending on what is meant. (See: validate vs.
verify.)
$ certificate creation
(I) The act or process by which a CA sets the values of a digital
certificate's data fields and signs it. (See: issue.)
$ certificate expiration
(I) The event that occurs when a certificate ceases to be valid
because its assigned lifetime has been exceeded. (See: certificate
revocation, validity period.)
$ certificate extension
See: extension.
Shirey Informational [Page 26]
RFC 2828 Internet Security Glossary May 2000
$ certificate holder
(D) ISDs SHOULD NOT use this term as a synonym for the subject of
a digital certificate because the term is potentially ambiguous.
For example, the term could also refer to a system entity, such as
a repository, that simply has possession of a copy of the
certificate. (See: certificate owner.)
$ certificate management
(I) The functions that a CA may perform during the life cycle of a
digital certificate, including the following:
- Acquire and verify data items to bind into the certificate.
- Encode and sign the certificate.
- Store the certificate in a directory or repository.
- Renew, rekey, and update the certificate.
- Revoke the certificate and issue a CRL.
(See: archive management, certificate management, key management,
security architecture, token management.)
$ certificate owner
(D) ISDs SHOULD NOT use this term as a synonym for the subject of
a digital certificate because the term is potentially ambiguous.
For example, the term could also refer to a system entity, such as
a corporation, that has acquired a certificate to operate some
other entity, such as a Web server. (See: certificate holder.)
$ certificate policy
(I) "A named set of rules that indicates the applicability of a
certificate to a particular community and/or class of application
with common security requirements." [X509] (See: certification
practice statement.)
(C) A certificate policy can help a certificate user decide
whether a certificate should be trusted in a particular
application. "For example, a particular certificate policy might
indicate applicability of a type of certificate for the
authentication of electronic data interchange transactions for the
trading goods within a given price range." [R2527]
(C) A v3 X.509 public-key certificate may have a
"certificatePolicies" extension that lists certificate policies,
recognized by the issuing CA, that apply to the certificate and
govern its use. Each policy is denoted by an object identifier and
may optionally have certificate policy qualifiers.
Shirey Informational [Page 27]
RFC 2828 Internet Security Glossary May 2000
(C) SET usage: Every SET certificate specifies at least one
certificate policy, that of the SET root CA. SET uses certificate
policy qualifiers to point to the actual policy statement and to
add qualifying policies to the root policy. (See: SET qualifier.)
$ certificate policy qualifier
(I) Information that pertains to a certificate policy and is
included in a "certificatePolicies" extension in a v3 X.509
public-key certificate.
$ certificate reactivation
(I) The act or process by which a digital certificate, which a CA
has designated for revocation but not yet listed on a CRL, is
returned to the valid state.
$ certificate rekey
(I) The act or process by which an existing public-key certificate
has its public key value changed by issuing a new certificate with
a different (usually new) public key. (See: certificate renewal,
certificate update, rekey.)
(C) For an X.509 public-key certificate, the essence of rekey is
that the subject stays the same and a new public key is bound to
that subject. Other changes are made, and the old certificate is
revoked, only as required by the PKI and CPS in support of the
rekey. If changes go beyond that, the process is a "certificate
update".
(O) MISSI usage: To rekey a MISSI X.509 public-key certificate
means that the issuing authority creates a new certificate that is
identical to the old one, except the new one has a new, different
KEA key; or a new, different DSS key; or new, different KEA and
DSS keys. The new certificate also has a different serial number
and may have a different validity period. A new key creation date
and maximum key lifetime period are assigned to each newly
generated key. If a new KEA key is generated, that key is assigned
a new KMID. The old certificate remains valid until it expires,
but may not be further renewed, rekeyed, or updated.
$ certificate renewal
(I) The act or process by which the validity of the data binding
asserted by an existing public-key certificate is extended in time
by issuing a new certificate. (See: certificate rekey, certificate
update.)
(C) For an X.509 public-key certificate, this term means that the
validity period is extended (and, of course, a new serial number
is assigned) but the binding of the public key to the subject and
Shirey Informational [Page 28]
RFC 2828 Internet Security Glossary May 2000
to other data items stays the same. The other data items are
changed, and the old certificate is revoked, only as required by
the PKI and CPS to support the renewal. If changes go beyond that,
the process is a "certificate rekey" or "certificate update".
$ certificate request
(D) ISDs SHOULD NOT use this term because it looks like imprecise
use of a term standardized by PKCS #10 and used in PKIX. Instead,
use the standard term, "certification request".
$ certificate revocation
(I) The event that occurs when a CA declares that a previously
valid digital certificate issued by that CA has become invalid;
usually stated with a revocation date.
(C) In X.509, a revocation is announced to potential certificate
users by issuing a CRL that mentions the certificate. Revocation
and listing on a CRL is only necessary before certificate
expiration.
$ certificate revocation list (CRL)
(I) A data structure that enumerates digital certificates that
have been invalidated by their issuer prior to when they were
scheduled to expire. (See: certificate expiration, X.509
certificate revocation list.)
(O) "A signed list indicating a set of certificates that are no
longer considered valid by the certificate issuer. After a
certificate appears on a CRL, it is deleted from a subsequent CRL
after the certificate's expiry. CRLs may be used to identify
revoked public-key certificates or attribute certificates and may
represent revocation of certificates issued to authorities or to
users. The term CRL is also commonly used as a generic term
applying to all the different types of revocation lists, including
CRLs, ARLs, ACRLs, etc." [FPDAM]
$ certificate revocation tree
(I) A mechanism for distributing notice of certificate
revocations; uses a tree of hash results that is signed by the
tree's issuer. Offers an alternative to issuing a CRL, but is not
supported in X.509. (See: certificate status responder.)
$ certificate serial number
(I) An integer value that (a) is associated with, and may be
carried in, a digital certificate; (b) is assigned to the
certificate by the certificate's issuer; and (c) is unique among
all the certificates produced by that issuer.
Shirey Informational [Page 29]
RFC 2828 Internet Security Glossary May 2000
(O) "An integer value, unique within the issuing CA, which is
unambiguously associated with a certificate issued by that CA."
[X509]
$ certificate status responder
(N) FPKI usage: A trusted on-line server that acts for a CA to
provide authenticated certificate status information to
certificate users. [FPKI] Offers an alternative to issuing a CRL,
but is not supported in X.509. (See: certificate revocation tree.)
$ certificate update
(I) The act or process by which non-key data items bound in an
existing public-key certificate, especially authorizations granted
to the subject, are changed by issuing a new certificate. (See:
certificate rekey, certificate renewal.)
(C) For an X.509 public-key certificate, the essence of this
process is that fundamental changes are made in the data that is
bound to the public key, such that it is necessary to revoke the
old certificate. (Otherwise, the process is only a "certificate
rekey" or "certificate renewal".)
$ certificate user
(I) A system entity that depends on the validity of information
(such as another entity's public key value) provided by a digital
certificate. (See: relying party.)
(O) "An entity that needs to know, with certainty, the public key
of another entity." [X509]
(C) The system entity may be a human being or an organization, or
a device or process under the control of a human or an
organization.
(D) ISDs SHOULD NOT use this term as a synonym for the "subject"
of a certificate.
$ certificate validation
(I) An act or process by which a certificate user establishes that
the assertions made by a digital certificate can be trusted. (See:
valid certificate, validate vs. verify.)
(O) "The process of ensuring that a certificate is valid including
possibly the construction and processing of a certification path,
and ensuring that all certificates in that path have not expired
or been revoked." [FPDAM]
Shirey Informational [Page 30]
RFC 2828 Internet Security Glossary May 2000
(C) To validate a certificate, a certificate user checks that the
certificate is properly formed and signed and currently in force:
- Checks the signature: Employs the issuer's public key to verify
the digital signature of the CA who issued the certificate in
question. If the verifier obtains the issuer's public key from
the issuer's own public-key certificate, that certificate
should be validated, too. That validation may lead to yet
another certificate to be validated, and so on. Thus, in
general, certificate validation involves discovering and
validating a certification path.
- Checks the syntax and semantics: Parses the certificate's
syntax and interprets its semantics, applying rules specified
for and by its data fields, such as for critical extensions in
an X.509 certificate.
- Checks currency and revocation: Verifies that the certificate
is currently in force by checking that the current date and
time are within the validity period (if that is specified in
the certificate) and that the certificate is not listed on a
CRL or otherwise announced as invalid. (CRLs themselves require
a similar validation process.)
$ certification
(I) Information system usage: Technical evaluation (usually made
in support of an accreditation action) of an information system's
security features and other safeguards to establish the extent to
which the system's design and implementation meet specified
security requirements. [FP102] (See: accreditation.)
(I) Digital certificate usage: The act or process of vouching for
the truth and accuracy of the binding between data items in a
certificate. (See: certify.)
(I) Public key usage: The act or process of vouching for the
ownership of a public key by issuing a public-key certificate that
binds the key to the name of the entity that possesses the
matching private key. In addition to binding a key to a name, a
public-key certificate may bind those items to other restrictive
or explanatory data items. (See: X.509 public-key certificate.)
(O) SET usage: "The process of ascertaining that a set of
requirements or criteria has been fulfilled and attesting to that
fact to others, usually with some written instrument. A system
that has been inspected and evaluated as fully compliant with the
SET protocol by duly authorized parties and process would be said
to have been certified compliant." [SET2]
Shirey Informational [Page 31]
RFC 2828 Internet Security Glossary May 2000
$ certification authority (CA)
(I) An entity that issues digital certificates (especially X.509
certificates) and vouches for the binding between the data items
in a certificate.
(O) "An authority trusted by one or more users to create and
assign certificates. Optionally, the certification authority may
create the user's keys." [X509]
(C) Certificate users depend on the validity of information
provided by a certificate. Thus, a CA should be someone that
certificate users trust, and usually holds an official position
created and granted power by a government, a corporation, or some
other organization. A CA is responsible for managing the life
cycle of certificates (see: certificate management) and, depending
on the type of certificate and the CPS that applies, may be
responsible for the life cycle of key pairs associated with the
certificates (see: key management).
$ certification authority workstation (CAW)
(I) A computer system that enables a CA to issue digital
certificates and supports other certificate management functions
as required.
$ certification hierarchy
(I) A tree-structured (loop-free) topology of relationships among
CAs and the entities to whom the CAs issue public-key
certificates. (See: hierarchical PKI.)
(C) In this structure, one CA is the top CA, the highest level of
the hierarchy. (See: root, top CA.) The top CA may issue public-
key certificates to one or more additional CAs that form the
second highest level. Each of these CAs may issue certificates to
more CAs at the third highest level, and so on. The CAs at the
second-lowest of the hierarchy issue certificates only to non-CA
entities, called "end entities" that form the lowest level. (See:
end entity.) Thus, all certification paths begin at the top CA and
descend through zero or more levels of other CAs. All certificate
users base path validations on the top CA's public key.
(O) MISSI usage: A MISSI certification hierarchy has three or four
levels of CAs:
- A CA at the highest level, the top CA, is a "policy approving
authority".
- A CA at the second-highest level is a "policy creation
authority".
Shirey Informational [Page 32]
RFC 2828 Internet Security Glossary May 2000
- A CA at the third-highest level is a local authority called a
"certification authority".
- A CA at the fourth-highest (optional) level is a "subordinate
certification authority".
(O) PEM usage: A PEM certification hierarchy has three levels of
CAs [R1422]:
- The highest level is the "Internet Policy Registration
Authority".
- A CA at the second-highest level is a "policy certification
authority".
- A CA at the third-highest level is a "certification authority".
(O) SET usage: A SET certification hierarchy has three or four
levels of CAs:
- The highest level is a "SET root CA".
- A CA at the second-highest level is a "brand certification
authority".
- A CA at the third-highest (optional) level is a "geopolitical
certification authority".
- A CA at the fourth-highest level is a "cardholder CA", a
"merchant CA", or a "payment gateway CA".
$ certification path
(I) An ordered sequence of public-key certificates (or a sequence
of public-key certificates followed by one attribute certificate)
that enables a certificate user to verify the signature on the
last certificate in the path, and thus enables the user to obtain
a certified public key (or certified attributes) of the entity
that is the subject of that last certificate. (See: certificate
validation, valid certificate.)
(O) "An ordered sequence of certificates of objects in the [X.500
Directory Information Tree] which, together with the public key of
the initial object in the path, can be processed to obtain that of
the final object in the path." [X509, R2527]
(C) The path is the "list of certificates needed to allow a
particular user to obtain the public key of another." [X509] The
list is "linked" in the sense that the digital signature of each
certificate (except the first) is verified by the public key
contained in the preceding certificate; i.e., the private key used
to sign a certificate and the public key contained in the
preceding certificate form a key pair owned by the entity that
signed.
Shirey Informational [Page 33]
RFC 2828 Internet Security Glossary May 2000
(C) In the X.509 quotation in the previous "C" paragraph, the word
"particular" points out that a certification path that can be
validated by one certificate user might not be able to be
validated by another. That is because either the first certificate
should be a trusted certificate (it might be a root certificate)
or the signature on the first certificate should be verified by a
trusted key (it might be a root key), but such trust is defined
relative to each user, not absolutely for all users.
$ certification policy
(D) ISDs SHOULD NOT use this term. Instead, use either
"certificate policy" or "certification practice statement",
depending on what is meant.
$ certification practice statement (CPS)
(I) "A statement of the practices which a certification authority
employs in issuing certificates." [ABA96, R2527] (See: certificate
policy.)
(C) A CPS is a published security policy that can help a
certificate user to decide whether a certificate issued by a
particular CA can be trusted enough to use in a particular
application. A CPS may be (a) a declaration by a CA of the details
of the system and practices it employs in its certificate
management operations, (b) part of a contract between the CA and
an entity to whom a certificate is issued, (c) a statute or
regulation applicable to the CA, or (d) a combination of these
types involving multiple documents. [ABA]
(C) A CPS is usually more detailed and procedurally oriented than
a certificate policy. A CPS applies to a particular CA or CA
community, while a certificate policy applies across CAs or
communities. A CA with a single CPS may support multiple
certificate policies, which may be used for different application
purposes or by different user communities. Multiple CAs, each with
a different CPS, may support the same certificate policy. [R2527]
$ certification request
(I) A algorithm-independent transaction format, defined by PCKS
#10 and used in PKIX, that contains a DN, a public key, and
optionally a set of attributes, collectively signed by the entity
requesting certification, and sent to a CA, which transforms the
request to an X.509 public-key certificate or another type of
certificate.
Shirey Informational [Page 34]
RFC 2828 Internet Security Glossary May 2000
$ certify
1. (I) Issue a digital certificate and thus vouch for the truth,
accuracy, and binding between data items in the certificate (e.g.,
see: X.509 public key certificate), such as the identity of the
certificate's subject and the ownership of a public key. (See:
certification.)
(C) To "certify a public key" means to issue a public-key
certificate that vouches for the binding between the certificate's
subject and the key.
2. (I) The act by which a CA employs measures to verify the truth,
accuracy, and binding between data items in a digital certificate.
(C) A description of the measures used for verification should be
included in the CA's CPS.
$ CFB
See: cipher feedback.
$ Challenge Handshake Authentication Protocol (CHAP)
(I) A peer entity authentication method for PPP, using a randomly-
generated challenge and requiring a matching response that depends
on a cryptographic hash of the challenge and a secret key. [R1994]
(See: challenge-response, PAP.)
$ challenge-response
(I) An authentication process that verifies an identity by
requiring correct authentication information to be provided in
response to a challenge. In a computer system, the authentication
information is usually a value that is required to be computed in
response to an unpredictable challenge value.
$ Challenge-Response Authentication Mechanism (CRAM)
(I) IMAP4 usage: A mechanism [R2195], intended for use with IMAP4
AUTHENTICATE, by which an IMAP4 client uses a keyed hash [R2104]
to authenticate itself to an IMAP4 server. (See: POP3 APOP.)
(C) The server includes a unique timestamp in its ready response
to the client. The client replies with the client's name and the
hash result of applying MD5 to a string formed from concatenating
the timestamp with a shared secret that is known only to the
client and the server.
$ channel
(I) An information transfer path within a system. (See: covert
channel.)
Shirey Informational [Page 35]
RFC 2828 Internet Security Glossary May 2000
$ CHAP
See: Challenge Handshake Authentication Protocol.
$ checksum
(I) A value that (a) is computed by a function that is dependent
on the contents of a data object and (b) is stored or transmitted
together with the object, for the purpose of detecting changes in
the data. (See: cyclic redundancy check, data integrity service,
error detection code, hash, keyed hash, protected checksum.)
(C) To gain confidence that a data object has not been changed, an
entity that later uses the data can compute a checksum and compare
it with the checksum that was stored or transmitted with the
object.
(C) Computer systems and networks employ checksums (and other
mechanisms) to detect accidental changes in data. However, active
wiretapping that changes data could also change an accompanying
checksum to match the changed data. Thus, some checksum functions
by themselves are not good countermeasures for active attacks. To
protect against active attacks, the checksum function needs to be
well-chosen (see: cryptographic hash), and the checksum result
needs to be cryptographically protected (see: digital signature,
keyed hash).
$ chosen-ciphertext attack
(I) A cryptanalysis technique in which the analyst tries to
determine the key from knowledge of plaintext that corresponds to
ciphertext selected (i.e., dictated) by the analyst.
$ chosen-plaintext attack
(I) A cryptanalysis technique in which the analyst tries to
determine the key from knowledge of ciphertext that corresponds to
plaintext selected (i.e., dictated) by the analyst.
$ CIAC
See: Computer Incident Advisory Capability.
$ CIK
See: cryptographic ignition key.
$ cipher
(I) A cryptographic algorithm for encryption and decryption.
$ cipher block chaining (CBC)
(I) An block cipher mode that enhances electronic codebook mode by
chaining together blocks of ciphertext it produces. [FP081] (See:
[R1829], [R2451].)
Shirey Informational [Page 36]
RFC 2828 Internet Security Glossary May 2000
(C) This mode operates by combining (exclusive OR-ing) the
algorithm's ciphertext output block with the next plaintext block
to form the next input block for the algorithm.
$ cipher feedback (CFB)
(I) An block cipher mode that enhances electronic code book mode
by chaining together the blocks of ciphertext it produces and
operating on plaintext segments of variable length less than or
equal to the block length. [FP081]
(C) This mode operates by using the previously generated
ciphertext segment as the algorithm's input (i.e., by "feeding
back" the ciphertext) to generate an output block, and then
combining (exclusive OR-ing) that output block with the next
plaintext segment (block length or less) to form the next
ciphertext segment.
$ ciphertext
(I) Data that has been transformed by encryption so that its
semantic information content (i.e., its meaning) is no longer
intelligible or directly available. (See: cleartext, plaintext.)
(O) "Data produced through the use of encipherment. The semantic
content of the resulting data is not available." [I7498 Part 2]
$ ciphertext-only attack
(I) A cryptanalysis technique in which the analyst tries to
determine the key solely from knowledge of intercepted ciphertext
(although the analyst may also know other clues, such as the
cryptographic algorithm, the language in which the plaintext was
written, the subject matter of the plaintext, and some probable
plaintext words.)
$ CIPSO
See: Common IP Security Option.
$ CKL
See: compromised key list.
$ class 2, 3, 4, or 5
(O) U.S. Department of Defense usage: Levels of PKI assurance
based on risk and value of information to be protected [DOD3]:
- Class 2: For handling low-value information (unclassified, not
mission-critical, or low monetary value) or protection of
system-high information in low- to medium-risk environment.
Shirey Informational [Page 37]
RFC 2828 Internet Security Glossary May 2000
- Class 3: For handling medium-value information in low- to
medium-risk environment. Typically requires identification of a
system entity as a legal person, rather than merely a member of
an organization.
- Class 4: For handling medium- to high-value information in any
environment. Typically requires identification of an entity as
a legal person, rather than merely a member of an organization,
and a cryptographic hardware token for protection of keying
material.
- Class 5: For handling high-value information in a high-risk
environment.
$ classification
$ classification level
(I) (1.) A grouping of classified information to which a
hierarchical, restrictive security label is applied to increase
protection of the data. (2.) The level of protection that is
required to be applied to that information. (See: security level.)
$ classified
(I) Refers to information (stored or conveyed, in any form) that
is formally required by a security policy to be given data
confidentiality service and to be marked with a security label
(which in some cases might be implicit) to indicate its protected
status. (See: unclassified.)
(C) The term is mainly used in government, especially in the
military, although the concept underlying the term also applies
outside government. In the U.S. Department of Defense, for
example, it means information that has been determined pursuant to
Executive Order 12958 ("Classified National Security Information",
20 April 1995) or any predecessor order to require protection
against unauthorized disclosure and is marked to indicate its
classified status when in documentary form.
$ clean system
(I) A computer system in which the operating system and
application system software and files have just been freshly
installed from trusted software distribution media.
(C) A clean system is not necessarily in a secure state.
$ clearance
See: security clearance.
Shirey Informational [Page 38]
RFC 2828 Internet Security Glossary May 2000
$ clearance level
(I) The security level of information to which a security
clearance authorizes a person to have access.
$ cleartext
(I) Data in which the semantic information content (i.e., the
meaning) is intelligible or is directly available. (See:
plaintext.)
(O) "Intelligible data, the semantic content of which is
available." [I7498 Part 2]
(D) ISDs SHOULD NOT use this term as a synonym for "plaintext",
the input to an encryption operation, because the plaintext input
to encryption may itself be ciphertext that was output from
another operation. (See: superencryption.)
$ client
(I) A system entity that requests and uses a service provided by
another system entity, called a "server". (See: server.)
(C) Usually, the requesting entity is a computer process, and it
makes the request on behalf of a human user. In some cases, the
server may itself be a client of some other server.
$ CLIPPER chip
(N) The Mykotronx, Inc. MYK-82, an integrated microcircuit with a
cryptographic processor that implements the SKIPJACK encryption
algorithm and supports key escrow. (See: CAPSTONE, Escrowed
Encryption Standard.)
(C) The key escrow scheme for a chip involves a SKIPJACK key
common to all chips that protects the unique serial number of the
chip, and a second SKIPJACK key unique to the chip that protects
all data encrypted by the chip. The second key is escrowed as
split key components held by NIST and the U.S. Treasury
Department.
$ closed security environment
(O) U.S. Department of Defense usage: A system environment that
meets both of the following conditions: (a) Application developers
(including maintainers) have sufficient clearances and
authorizations to provide an acceptable presumption that they have
not introduced malicious logic. (b) Configuration control provides
sufficient assurance that system applications and the equipment
they run on are protected against the introduction of malicious
logic prior to and during the operation of applications. [NCS04]
(See: open security environment.)
Shirey Informational [Page 39]
RFC 2828 Internet Security Glossary May 2000
$ code
(I) noun: A system of symbols used to represent information, which
might originally have some other representation. (See: encode.)
(D) ISDs SHOULD NOT use this term as synonym for the following:
(a) "cipher", "hash", or other words that mean "a cryptographic
algorithm"; (b) "ciphertext"; or (c) "encrypt", "hash", or other
words that refer to applying a cryptographic algorithm.
(D) ISDs SHOULD NOT this word as an abbreviation for the following
terms: country code, cyclic redundancy code, Data Authentication
Code, error detection code, Message Authentication Code, object
code, or source code. To avoid misunderstanding, use the fully
qualified term, at least at the point of first usage.
$ color change
(I) In a system that is being operated in periods processing mode,
the act of purging all information from one processing period and
then changing over to the next processing period.
$ Common Criteria
$ Common Criteria for Information Technology Security
(N) "The Common Criteria" is a standard for evaluating information
technology products and systems, such as operating systems,
computer networks, distributed systems, and applications. It
states requirements for security functions and for assurance
measures. [CCIB]
(C) Canada, France, Germany, the Netherlands, the United Kingdom,
and the United States (NIST and NSA) began developing this
standard in 1993, based on the European ITSEC, the Canadian
Trusted Computer Product Evaluation Criteria (CTCPEC), and the
U.S. "Federal Criteria for Information Technology Security" (FC)
and its precursor, the TCSEC. Work was done in cooperation with
ISO/IEC Joint Technical Committee 1 (Information Technology),