B Glossary ACCESS -- (to a system, to data, to a software process)(n.) in general, the right to enter or make use of. In a computer context, entry granted to a software path that establishes the right to use a system and its resources; to read, write, modify, or delete data; and/or to use software processes with various capabilities. (v.) to achieve the status of having access. ACCESS CONTROL -- the granting or denying to a subject of certain permissions to access a resource (e.g., to view a certain file, to run a certain program). ALGORITHM AND KEY LENGTH -- the combination of cryptographic algorithm and its key length(s) often used to establish the strength of an encryption process. ASSURANCE -- confidence that a system design meets its requirements, or that its implementation meets its specification, or that some specific property is satisfied. ASYMMETRIC CRYPTOGRAPHY (also public-key cryptography) -- cryptography based on algorithms that enable the use of one key (a public key) to encrypt a message and a second, different, but mathematically related, key (a private key) to decrypt a message. Asymmetric cryptography can also be used to perform digital signatures and key exchange. AUDITING -- the process of making and keeping the records necessary to support accountability. See audit trail. AUDIT TRAIL -- the results of monitoring each operation of subjects on objects; for example, an audit trail might be a record of all actions taken on a particularly sensitive file or a record of all users who viewed that file. AUTHENTICATION (OF IDENTITY) -- an adjunct step to identification that confirms an asserted identity with a specified, or understood, level of confidence. Authentication can be used to provide high assurance that the purported identity is, in fact, the correct identity associated with the entity that provides it. The authentication mechanism can be based on something that the entity knows, has, or is (e.g., a password, a smart card that uses some encryption or random number for a challenge-response scheme, or a fingerprint). AUTHENTICATION OF A MESSAGE (OR A FILE) -- the process of adding one or more additional data elements to communications traffic (or files) to ensure the integrity of the traffic (or files). Such additional elements are often called "message authenticator(s)" and would be an example of an integrity lock. AUTHENTICITY -- a security service that provides a user with a means of verifying the identity of the sender of a message, a file, a computer system, a software process, or even a database or individual software component. AUTHORIZATION -- determining whether a subject (a user or system) is trusted to act for a given purpose, for example, allowed to read a particular file. AVAILABILITY--the property that a given resource will be usable during a given time period, for example, that an encrypted file can be decrypted when necessary. BACK DOOR -- an aspect of a system's mechanism that can be exploited to circumvent the system's security. BINARY DIGIT -- one of the two symbols (0 and 1) that are commonly used to represent numerical entries in the binary number system. BIT -- a contraction of the term "binary digit." BIT STREAM (also digital stream) -- the running stream of binary symbols representing digitized information; the term is commonly used to refer to digital communications. CAPSTONE CHIP -- an integrated circuit chip that implements the Skipjack algorithm and also includes the Digital Signature Algorithm, the Secure Hash Standard, the classified Key Exchange Algorithm, circuitry for efficient exponentiation of large numbers, and a random number generator using a pure noise source. CAPSTONE/FORTEZZA INITIATIVE -- a government initiative to promote and support escrowed encryption for data storage and communications. CERTIFICATE AUTHORITY -- synonym for certification authority. CERTIFICATE MANAGEMENT -- the overall process of issuing, storing, verifying, and generally accepting responsibility for the accuracy of certifications and their secure delivery to appropriate consumers. CERTIFICATION -- the administrative act of approving a computer system or component for use in a particular application. CERTIFICATION AUTHORITY -- a specially established trusted organization or part of a larger organization that accepts the responsibilities of managing the certificate process by issuing, distributing, and verifying certificates. CIPHERTEXT -- literally, text material that has been encrypted, also used in a generic sense for the output of any encryption process, no matter what the original digitized input might have been (e.g., text, computer files, computer programs, or digitized graphical images). CLEARTEXT (also plaintext) -- the material entering into an encryption process or emerging from a decryption process. "Text" is used categorically for any digitized material. CLIPPER CHIP -- an escrowed encryption chip that implements the Skipjack algorithm to encrypt communications conducted over the public switched network (e.g., between telephones, modems, or facsimile equipment). CoCom -- Coordinating Committee for Multilateral Export Controls, began operations in 1950 to control export of strategic materials and technology to communist countries; participants include Australia, Belgium, Canada, Denmark, France, Germany, Greece, Italy, Japan, Luxembourg, the Netherlands, Norway, Portugal, Spain, Turkey, the United Kingdom, and the United States. COLLATERAL CRYPTOGRAPHY -- a collective term used in this report to include uses of encryption for other than confidentiality, it includes such services as authentication, integrity checks, authoritative date/time stamping, and digital signatures. COMPETITIVE ACCESS PROVIDERS -- telephone carriers that compete with local monopoly carriers. CONFIDENTIALITY (communications) -- the protection of communications traffic against interception or receipt by unauthorized third parties. CONFIDENTIALITY (data) -- an assertion about a body of data that is sensitive and must be protected against loss, misuse, destruction, unintended change, and unauthorized access or dissemination. COUNTERMEASURE -- a mechanism that reduces vulnerability to a threat. CRYPTANALYSIS -- the study and practice of various methods to penetrate ciphertext and deduce the contents of the original cleartext message. CRYPTOGRAPHIC ALGORITHM -- a mathematical procedure, used in conjunction with a closely guarded secret key, that transforms original input into a form that is unintelligible without special knowledge of the secret information and the algorithm. Such algorithms are also the basis for digital signatures and key exchange. CRYPTOGRAPHY -- originally, the science and technology of keeping information secret from unauthorized parties by using a code or a cipher. Today, cryptography can be used for many applications that do not involve confidentiality. DATA ENCRYPTION STANDARD (DES) -- a U.S. government standard (FIPS 46-1) describing a cryptographic algorithm to be used in a symmetric cryptographic application. DATE/TIME STAMP -- the date and time a transaction or document is initiated or submitted to a computer system, or the time at which a transaction is logged or archived. Often it is important that the stamp be certified by some authority to establish legal or other special status. Such a service can be provided by a cryptographic procedure. DECOMPILING -- a process through which object code consisting of ones and zeros can be converted into source code in a high-level computer language such as C or Fortran. DECRYPTION -- the cryptographic procedure of transforming ciphertext into the original message cleartext. DENIAL OF SERVICE -- reducing the availability of an object below the level needed to support critical processing or communication, as can happen, for example, in a system crash. DIGEST -- a much condensed version of a message produced by processing the message by a hash algorithm. Commonly, the digest has a fixed length and is not dependent on the length of the original message. DIGITAL SIGNATURE -- a digitized analog of a written signature, produced by a cryptographic procedure acting (commonly) on a digest of the message to be signed. DIGITAL SIGNATURE STANDARD (DSS) -- a U.S. government standard (FIPS 186) describing a cryptographic algorithm for producing a digital signature. DIGITAL TELEPHONY ACT OF 1995 -- a law requiring that the telephone industry make such technical changes to its installed equipment as are needed to comply with courtauthorized wiretap orders. DISASSEMBLY -- a process through which object code consisting of ones and zeros can be converted into its low-level assembly language representation. DISCLOSURE (of data) -- the act of making available; the instance of revealing. DUAL-USE SYSTEM -- a system with both military and civilian applications. ESCROWED ENCRYPTION INITIATIVE -- a voluntary program to improve the security of telephone communications while meeting the legitimate needs of law enforcement. ESCROWED ENCRYPTION STANDARD (EES) -- a voluntary U.S. government standard for key-escrowed encryption of voice, fax, or computer data transmitted over circuit-switched telephone systems. EVALUATION -- 1. the process of examining a computer product or system with respect to certain criteria. 2. the results of that process. EXCEPTIONAL ACCESS -- access to encrypted data granted to a recipient other than the originally intended recipient. FEDERAL INFORMATION PROCESSING STANDARD (FIPS) -- a categorical term for U.S. government standards applying to computer-based systems. FIRMWARE -- the programmable information used to control the low-level operations of hardware. Firmware is commonly stored in Read-Only Memory (ROM), which is initially installed in the factory and may be replaced in the field to fix mistakes or to improve system capabilities. FIRST PARTY -- the originator of a transaction (e.g., an electronic message or telephone call). FUNCTIONALITY -- the functional behavior of a system. Functionality requirements include, for example, confidentiality, integrity, availability, authentication, and safety. IDENTIFICATION -- the assertion by a person, process, or system wishing to communicate with another person, process, or system of the name by which it is known within the process(es) or system(s) in question. IDENTIFICATION KEY -- a key registered or issued to a specific user. IMPLEMENTATION -- the mechanism that (supposedly) realizes the specified design. INTEGRATED PRODUCT -- a product designed to provide the user a capability useful in its own right (e.g., word processing) and integrated with encryption capabilities that a user may or may not employ; a product in which the cryptographic capability is fully integrated with the other functionality of the product. INTEGRITY -- the property that an object meets an a priori established set of expectations. One example of integrity is that changes must be accomplished in a specified and authorized manner. Data integrity, program integrity, system integrity, and network integrity are all relevant to consideration of computer and system security. INTEGRITY CHECK -- a quantity derived algorithmically from the running digital stream of a message and appended to it for transmission, or from the entire contents of a stored data file and appended to it. Some integrity checks are not cryptographically based, e.g., cyclic redundancy checks, but others are. INTERCEPTOR -- a party eavesdropping on communications. ITAR -- International Traffic in Arms Regulations. KEY -- a sequence of easily changed symbols that, used with a cryptographic algorithm, provides a cryptographic process. KEY DISTRIBUTION -- a secure method for two distant parties to exchange keys or to receive keys from a central authoritative source. KEY ESCROW ENCRYPTION (also escrowed encryption) -- an encryption system that enables exceptional access to encrypted data through special data recovery keys held by a trusted party. KEY MANAGEMENT -- the overall process of generating and distributing cryptographic keys to authorized recipients in a secure manner. MONITORING -- recording of relevant information about each operation by a subject on an object, maintained in an audit trail for subsequent analysis. NODE -- a computer system that is connected to a communications network and participates in the routing of messages within that network. Networks are usually described as a collection of nodes that are connected by communications links. NONREPUDIATION (of a signed digital message, data, or software) -- the status achieved by employing a digital-signature procedure to affirm the identity of the signer of a digital message with extremely high confidence and, hence, to protect against a subsequent attempt to deny authenticity, whether or not there had been an initial authentication. OBJECT CODE -- the "executable" code of ones and zeros that provides a computer with instructions on what steps to perform. Contrast to source code. OBJECT LINKING AND EMBEDDING (OLE) -- Microsoft's object-oriented software technology. ONE-WAY HASH FUNCTION -- a function that produces a message digest that cannot be reversed to obtain the original. OPERATING SYSTEM -- a program that runs on a computer whose purpose is to provide basic services that can be used by applications running on that computer. Such functions might include screen displays, file handling, and encryption. MS-DOS and Windows 95 are examples of operating systems that run on Intel microprocessors. PASSWORD -- a sequence of characters or words that a subject presents to a system for purposes of validation or verification. See authentication. PCMCIA CARD -- the industry-standard Personal Computer Memory Card Industry Association card and associated electrical interface for various computer components (e.g., memory, hard disks, and cryptographic processes). Also known as a PC card. PEN REGISTER -- a device that records numbers dialed from a telephone. PIN (personal identification number) -- a (generally numeric) quantity that has to be keyed into some device or process to authenticate an individual. A common example is the 4-digit PIN associated with the use of automated teller machines; another, the 4-digit PIN associated with a telephone calling card. PLAINTEXT -- a synonym for cleartext. PRIVATE KEY -- the private (secret) key associated with a given person's public key for a public-key cryptographic system. PUBLIC KEY -- the publicly known key associated with a given person's use of a public-key cryptographic system. PUBLIC-KEY CERTIFICATE -- a statement, possibly on paper but more often transmitted electronically over an information network, that establishes the relationship between a named individual (or organization) and a specified public key. In principle, it could (but need not) include collateral information such as mailing address, organizational affiliation, and telephone number. RC2/RC4 ALGORITHMS -- two variable-key-length cryptographic algorithms designed by Ronald Rivest of the Massachusetts Institute of Technology. Both are symmetric algorithms. RELIABILITY -- the ability of a computer or an information or telecommunications system to perform consistently and precisely according to its specifications and design requirements and to do so with high confidence. REMAILER -- a computer-based process that automatically redistributes electronic mail, often to multiple recipients. Remailers can be anonymous (i.e., they can be configured to strip off information identifying the sender of a message, while still enabling a return "path" so that recipients can reply to messages). REVERSE ENGINEERING -- the generic name for methods by which parties attempt to uncover technical details of a microelectronic chip or of software. RISK -- the likelihood that a vulnerability may be exploited, or that a threat may become harrnful. RSA ALGORITHM -- the Rivest-Shamir-Adelman public-key encryption algorithm. SAFETY -- the property indicating that a computer system or software, when embedded in its operational environment, does not cause any actions or events that create unintended potentially or actually dangerous situations for itself or for the environment in which it is emhedded. SECOND PARTY -- the recipient of a transaction (e.g., an electronic message or telephone call). SECRET-KEY CRYPTOSYSTEM -- a symmetric cryptographic process that uses the same secret key (which both parties have and keep secret) to encrypt and decrypt messages. SECURE HASH FUNCTION -- a one-way hash function for which the likelihood that two messages will yield the same digest is satisfactorily small. SECURE HASH STANDARD -- a U.S. government standard (FIPS 180-1) for a secure hash function. SECURITY -- the collection of safeguards that ensures the confidentiality of information, protects the system(s) or network(s) used to process it, and controls access to it. Hence, security safeguards impose appropriate access rules for computer information. SECURITY-SPECIFIC (OR STAND-ALONE) CRYPTOGRAPHY PRODUCT -- an add-on product specifically designed to provide cryptographic capabilities for one or more other software or hardware capabilities. SHAREWARE -- software offered publicly and shared rather than sold. SKIPJACK -- a classified symmetric key encryption algorithrn that uses 80-bit keys; developed by the National Security Agency. SOURCE CODE -- the textual form in which a program is entered into a computer (e.g., FORTRAN). SPECIFICATION -- a technical description of the desired behavior of a system, as derived from its requirements. A specification is used to develop and test an implementation of a system. SPOOFING -- illicitly masquerading as a legitimate company, party, or individual. STU-III -- a U.S. government secure telephone system using end-to-end encryption. SYMMETRIC CRYPTOGRAPHY, CRYPTOSYSTEM -- a cryptographic system that uses the same key to encrypt and decrypt messages. SYSTEM -- an interdependent collection of components that can be considered as a unified whole; for example, a networked collection of computer systems, a distributed system, an editor, a memory unit, and so on. THIRD-PARTY ACCESS -- eavesdropping on or entry to data communications, telephony, or stored computer data by an unauthorized party. THREAT -- the potential for exploitation of a vulnerability. TOKEN -- when used in the context of authentication, a (usually) physical device necessary for user identification. TRAP AND TRACE -- a device that identifies the telephone numbers from which calls have been placed to a target telephone number. TROJAN HORSE -- a computer program whose execution would result in undesired side effects, generally unanticipated by the user. A Trojan horse program may otherwise give the appearance of providing normal functionality. TRUST -- the concept that a system will provide its intended functionality with a stated level of confidence. The term is also used for other entities; e.g., trusted software, trusted network, trusted individual. Sometimes the confidence--also called the assurance -- can be measured but sometimes it is inferred on the basis of testing and other information. TRUSTWORTHINESS -- assurance that a system deserves to be trusted. VULNERABILITY -- a weakness in a system that can be exploited to violate the system's intended behavior. There may be security, integrity, availability, and other vulnerabilities. The act of exploiting a vulnerability represents a threat, which has an associated risk of being exploited. WORK FACTOR -- a measure of the difficulty of undertaking a brute-force test of all possible keys against a given ciphertext and known algorithm. _______________________________________________________________ [End Appendix B]