National Academies Press: OpenBook
« Previous: A - Contributors to the NRC Project on National Cryptographic Policy
Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 353

B Glossary

A

ACCESS (to a system, to data, to a software process)—(n.) in general, the right to enter or make use of. In a computer context, entry granted to a software path that establishes the right to use a system and its resources; to read, write, modify, or delete data; and/or to use software processes with various capabilities. (v.) to achieve the status of having access.

ACCESS CONTROL—the granting or denying to a subject of certain permissions to access a resource (e.g., to view a certain file, to run a certain program).

ALGORITHM AND KEY LENGTH—the combination of cryptographic algorithm and its key length(s) often used to establish the strength of an encryption process.

ASSURANCE—confidence that a system design meets its requirements, or that its implementation meets its specification, or that some specific property is satisfied.

ASYMMETRIC CRYPTOGRAPHY (also public-key cryptography)— cryptography based on algorithms that enable the use of one key (a public key) to encrypt a message and a second, different, but mathematically related, key (a private key) to decrypt a message. Asymmetric cryptography can also be used to perform digital signatures and key exchange.

Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 354

AUDITING—the process of making and keeping the records necessary to support accountability. See audit trail.

AUDIT TRAIL—the results of monitoring each operation of subjects on objects; for example, an audit trail might be a record of all actions taken on a particularly sensitive file or a record of all users who viewed that file.

AUTHENTICATION (OF IDENTITY)—an adjunct step to identification that confirms an asserted identity with a specified, or understood, level of confidence. Authentication can be used to provide high assurance that the purported identity is, in fact, the correct identity associated with the entity that provides it. The authentication mechanism can be based on something that the entity knows, has, or is (e.g., a password, a smart card that uses some encryption or random number for a challenge-response scheme, or a fingerprint).

AUTHENTICATION OF A MESSAGE (OR A FILE)—the process of adding one or more additional data elements to communications traffic (or files) to ensure the integrity of the traffic (or files). Such additional elements are often called ''message authenticator(s)" and would be an example of an integrity lock.

AUTHENTICITY—a security service that provides a user with a means of verifying the identity of the sender of a message, a file, a computer system, a software process, or even a database or individual software component.

AUTHORIZATION—determining whether a subject (a user or system) is trusted to act for a given purpose, for example, allowed to read a particular file.

AVAILABILITY—the property that a given resource will be usable during a given time period, for example, that an encrypted file can be decrypted when necessary.

B

BACK DOOR—an aspect of a system's mechanism that can be exploited to circumvent the system's security.

BINARY DIGIT—one of the two symbols (0 and 1) that are commonly used to represent numerical entries in the binary number system.

BIT—a contraction of the term "binary digit."

Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 355

BIT STREAM (also digital stream)—the running stream of binary symbols representing digitized information; the term is commonly used to refer to digital communications.

C

CAPSTONE CHIP—an integrated circuit chip that implements the Skipjack algorithm and also includes the Digital Signature Algorithm, the Secure Hash Standard, the classified Key Exchange Algorithm, circuitry for efficient exponentiation of large numbers, and a random number generator using a pure noise source.

CAPSTONE/FORTEZZA INITIATIVE—a government initiative to promote and support escrowed encryption for data storage and communications.

CERTIFICATE AUTHORITY—synonym for certification authority.

CERTIFICATE MANAGEMENT—the overall process of issuing, storing, verifying, and generally accepting responsibility for the accuracy of certifications and their secure delivery to appropriate consumers.

CERTIFICATION—the administrative act of approving a computer system or component for use in a particular application.

CERTIFICATION AUTHORITY—a specially established trusted organization or part of a larger organization that accepts the responsibilities of managing the certificate process by issuing, distributing, and verifying certificates.

CIPHERTEXT—literally, text material that has been encrypted; also used in a generic sense for the output of any encryption process, no matter what the original digitized input might have been (e.g., text, computer files, computer programs, or digitized graphical images).

CLEARTEXT (also plaintext)—the material entering into an encryption process or emerging from a decryption process. "Text" is used categorically for any digitized material.

CLIPPER CHIP—an escrowed encryption chip that implements the Skipjack algorithm to encrypt communications conducted over the public switched network (e.g., between telephones, modems, or facsimile equipment).

Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 356

CLIPPER INITIATIVE —a voluntary program to improve the security of telephone communications while meeting the legitimate needs of law enforcement.

CoCom—Coordinating Committee for Multilateral Export Controls, began operations in 1950 to control export of strategic materials and technology to communist countries; participants include Australia, Belgium, Canada, Denmark, France, Germany, Greece, Italy, Japan, Luxembourg, the Netherlands, Norway, Portugal, Spain, Turkey, the United Kingdom, and the United States.

COLLATERAL CRYPTOGRAPHY—a collective term used in this report to include uses of encryption for other than confidentiality; it includes such services as authentication, integrity checks, authoritative date/time stamping, and digital signatures.

COMPETITIVE ACCESS PROVIDERS—telephone carriers that compete with local monopoly carriers.

CONFIDENTIALITY (communications)—the protection of communications traffic against interception or receipt by unauthorized third parties.

CONFIDENTIALITY (data)—an assertion about a body of data that is sensitive and must be protected against loss, misuse, destruction, unintended change, and unauthorized access or dissemination.

COUNTERMEASURE—a mechanism that reduces vulnerability to a threat.

CRYPTANALYSIS—the study and practice of various methods to penetrate ciphertext and deduce the contents of the original cleartext message.

CRYPTOGRAPHIC ALGORITHM—a mathematical procedure, used in conjunction with a closely guarded secret key, that transforms original input into a form that is unintelligible without special knowledge of the secret information and the algorithm. Such algorithms are also the basis for digital signatures and key exchange.

CRYPTOGRAPHY—originally, the science and technology of keeping information secret from unauthorized parties by using a code or a cipher. Today, cryptography can be used for many applications that do not involve confidentiality.

Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 357

D

DATA ENCRYPTION STANDARD (DES)—a U.S. government standard (FIPS 46-1) describing a cryptographic algorithm to be used in a symmetric cryptographic application.

DATE/TIME STAMP—the date and time a transaction or document is initiated or submitted to a computer system, or the time at which a transaction is logged or archived. Often it is important that the stamp be certified by some authority to establish legal or other special status. Such a service can be provided by a cryptographic procedure.

DECOMPILING—a process through which object code consisting of ones and zeros can be converted into source code in a high-level computer language such as C or Pascal.

DECRYPTION—the cryptographic procedure of transforming ciphertext into the original message cleartext.

DENIAL OF SERVICE—reducing the availability of an object below the level needed to support critical processing or communication, as can happen, for example, in a system crash.

DIGEST—a much condensed version of a message produced by processing the message by a hash algorithm. Commonly, the digest has a fixed length and is not dependent on the length of the original message.

DIGITAL SIGNATURE—a digitized analog of a written signature, produced by a cryptographic procedure acting (commonly) on a digest of the message to be signed.

DIGITAL SIGNATURE STANDARD (DSS)—a U.S. government standard (FIPS 186) describing a cryptographic algorithm for producing a digital signature.

DIGITAL TELEPHONY ACT OF 1995—a law requiring that the telephone industry make such technical changes to its installed equipment as are needed to comply with court-authorized wiretap orders.

DISASSEMBLY—a process through which object code consisting of ones and zeros can be converted into its low-level assembly language representation.

DISCLOSURE (of data)—the act of making available; the instance of revealing.

Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 358

DUAL-USE SYSTEM—a system with both military and civilian applications.

E

ESCROWED ENCRYPTION STANDARD (EES)—a voluntary U.S. government standard for key-escrowed encryption of voice, fax, or computer data transmitted over circuit-switched telephone systems.

EVALUATION—(1) the process of examining a computer product or system with respect to certain criteria; (2) the results of that process.

EXCEPTIONAL ACCESS—access to encrypted data granted to a recipient other than the originally intended recipient.

F

FEDERAL INFORMATION PROCESSING STANDARD (FIPS)—a categorical term for U.S. government standards applying to computer-based systems.

FIRMWARE—the programmable information used to control the low-level operations of hardware. Firmware is commonly stored in read only memory (ROM), which is initially installed in the factory and may be replaced in the field to fix mistakes or to improve system capabilities.

FIRST PARTY—the originator of a transaction (e.g., an electronic message or telephone call).

FUNCTIONALITY—the functional behavior of a system. Functionality requirements include, for example, confidentiality, integrity, availability, authentication, and safety.

I

IDENTIFICATION—the assertion by a person, process, or system wishing to communicate with another person, process, or system of the name by which it is known within the process(es) or system(s) in question.

IDENTIFICATION KEY—a key registered or issued to a specific user.

IMPLEMENTATION—the mechanism that (supposedly) realizes the specified design.

INTEGRATED PRODUCT—a product designed to provide the user a capability useful in its own right (e.g., word processing) and integrated with encryption capabilities that a user may or may not employ; a product in which the cryptographic capability is fully integrated with the other capabilities of the product.

Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 359

INTEGRITY—the property that an object meets an a priori established set of expectations. One example of integrity is that changes must be accomplished in a specified and authorized manner. Data integrity, program integrity, system integrity, and network integrity are all relevant to consideration of computer and system security.

INTEGRITY CHECK—a quantity derived algorithmically from the running digital stream of a message and appended to it for transmission, or from the entire contents of a stored data file and appended to it. Some integrity checks are not cryptographically based (e.g., cyclic redundancy checks), but others are.

INTERCEPTOR—a party eavesdropping on communications.

ITAR—International Traffic in Arms Regulations.

K

KEY—a sequence of easily changed symbols that, used with a cryptographic algorithm, provides a cryptographic process.

KEY DISTRIBUTION—a secure method for two distant parties to exchange keys or to receive keys from a central authoritative source.

KEY ESCROW ENCRYPTION (also escrowed encryption)—an encryption system that enables exceptional access to encrypted data through special data recovery keys held by a trusted party.

KEY MANAGEMENT—the overall process of generating and distributing cryptographic keys to authorized recipients in a secure manner.

M

MONITORING—recording of relevant information about each operation by a subject on an object, maintained in an audit trail for subsequent analysis.

N

NODE—a computer system that is connected to a communications network and participates in the routing of messages within that network. Networks are usually described as a collection of nodes that are connected by communications links.

NONREPUDIATION (of a signed digital message, data, or software)— the status achieved by employing a digital-signature procedure to affirm the identity of the signer of a digital message with extremely high confidence and, hence, to protect against a subsequent attempt to deny authenticity, whether or not there had been an initial authentication.

Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 360

O

OBJECT CODE—the "executable" code of ones and zeros that provides a computer with instructions on what steps to perform. Contrast with source code.

OBJECT LINKING AND EMBEDDING (OLE)—Microsoft's object-oriented software technology.

ONE-WAY HASH FUNCTION—a function that produces a message digest that cannot be reversed to obtain the original.

OPERATING SYSTEM—a program that runs on a computer whose purpose is to provide basic services that can be used by applications running on that computer. Such functions might include screen displays, file handling, and encryption. MS-DOS and Windows '95 are examples of operating systems that run on Intel microprocessors.

P

PASSWORD—a sequence of characters or words that a subject presents to a system for purposes of validation or verification. See authentication.

PCMCIA CARD—the industry-standard Personal Computer Memory Card Industry Association card and associated electrical interface for various computer components (e.g., memory, hard disks, and cryptographic processes). Also known as a PC card.

PEN REGISTER—a device that records numbers dialed from a telephone.

PIN (personal identification number)—a (generally numeric) quantity that has to be keyed into some device or process to authenticate an individual. A common example is the 4-digit PIN associated with the use of automated teller machines; another, the 4-digit PIN associated with a telephone calling card.

PLAINTEXT—a synonym for cleartext.

PRIVATE KEY—the private (secret) key associated with a given person's public key for a public-key cryptographic system.

PUBLIC KEY—the publicly known key associated with a given person's use of a public-key cryptographic system.

PUBLIC-KEY CERTIFICATE—a statement, possibly on paper but more often transmitted electronically over an information network, that establishes the relationship between a named individual (or organization) and

Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 361

a specified public key. In principle, it could (but need not) include collateral information such as mailing address, organizational affiliation, and telephone number.

R

RC2/RC4 ALGORITHMS—two variable-key-length cryptographic algorithms designed by Ronald Rivest of the Massachusetts Institute of Technology. Both are symmetric algorithms.

RELIABILITY—the ability of a computer or an information or telecommunications system to perform consistently and precisely according to its specifications and design requirements and to do so with high confidence.

REMAILER—a computer-based process that automatically redistributes electronic mail, often to multiple recipients. Remailers can be anonymous (i.e., they can be configured to strip off information identifying the sender of a message, while still enabling a return "path" so that recipients can reply to messages).

REVERSE ENGINEERING—the generic name for methods by which parties attempt to uncover technical details of a microelectronic chip or of software.

RISK—the likelihood that a vulnerability may be exploited, or that a threat may become harmful.

RSA ALGORITHM—the Rivest-Shamir-Adelman public-key encryption algorithm.

S

SAFETY—the property indicating that a computer system or software, when embedded in its operational environment, does not cause any actions or events that create unintended potentially or actually dangerous situations for itself or for the environment in which it is embedded.

SECOND PARTY—the recipient of a transaction (e.g., an electronic message or telephone call).

SECRET-KEY CRYPTOSYSTEM—a symmetric cryptographic process that uses the same secret key (which both parties have and keep secret) to encrypt and decrypt messages.

SECURE HASH FUNCTION—a one-way hash function for which the

Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 362

likelihood that two messages will yield the same digest is satisfactorily small.

SECURE HASH STANDARD—a U.S. government standard (FIPS 180-1) for a secure hash function.

SECURITY—the collection of safeguards that ensures the confidentiality of information, protects the system(s) or network(s) used to process it, and controls access to it. Hence, security safeguards impose appropriate access rules for computer information.

SECURITY-SPECIFIC  (OR  STAND-ALONE) CRYPTOGRAPHY PRODUCT—an add-on product specifically designed to provide cryptographic capabilities for one or more other software or hardware capabilities.

SHAREWARE—software offered publicly and shared rather than sold.

SKIPJACK—a classified symmetric key encryption algorithm that uses 80-bit keys; developed by the National Security Agency.

SOURCE CODE—the textual form in which a program is entered into a computer (e.g., Pascal).

SPECIFICATION—a technical description of the desired behavior of a system, as derived from its requirements. A specification is used to develop and test an implementation of a system.

SPOOFING—illicitly masquerading as a legitimate company, party, or individual.

STU-III—a U.S. government secure telephone system using end-to-end encryption.

SYMMETRIC CRYPTOGRAPHY, CRYPTOSYSTEM—a cryptographic system that uses the same key to encrypt and decrypt messages.

SYSTEM—an interdependent collection of components that can be considered as a unified whole; for example, a networked collection of computer systems, a distributed system, an editor, a memory unit, and so on.

T

THIRD-PARTY ACCESS—eavesdropping on or entry to data communi-

Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 363

cations, telephony, or stored computer data by an unauthorized party. See exceptional access.

THREAT—the potential for exploitation of a vulnerability.

TOKEN—when used in the context of authentication, a (usually) physical device necessary for user identification.

TRAP AND TRACE—a device that identifies the telephone numbers from which calls have been placed to a target telephone number.

TROJAN HORSE—a computer program whose execution would result in undesired side effects, generally unanticipated by the user. A Trojan horse program may otherwise give the appearance of providing normal functionality.

TRUST—the concept that a system will provide its intended functionality with a stated level of confidence. The term is also used for other entities, e.g., trusted software, trusted network, trusted individual. Sometimes the confidence—also called the assurance—can be measured, but sometimes it is inferred on the basis of testing and other information.

TRUSTWORTHINESS—assurance that a system deserves to be trusted.

V

VULNERABILITY—a weakness in a system that can be exploited to violate the system's intended behavior. There may be vulnerabilities in security, integrity, availability, and other aspects. The act of exploiting a vulnerability represents a threat, which has an associated risk of being exploited.

W

WORK FACTOR—a measure of the difficulty of undertaking a brute-force test of all possible keys against a given ciphertext and known algorithm.

Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 353
Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 354
Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 355
Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 356
Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 357
Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 358
Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 359
Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 360
Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 361
Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 362
Suggested Citation:"B - Glossary." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 363
Next: C - A Brief Primer on Cryptography »
Cryptography's Role in Securing the Information Society Get This Book
×
Buy Hardback | $80.00 Buy Ebook | $64.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

For every opportunity presented by the information age, there is an opening to invade the privacy and threaten the security of the nation, U.S. businesses, and citizens in their private lives. The more information that is transmitted in computer-readable form, the more vulnerable we become to automated spying. It's been estimated that some 10 billion words of computer-readable data can be searched for as little as $1. Rival companies can glean proprietary secrets . . . anti-U.S. terrorists can research targets . . . network hackers can do anything from charging purchases on someone else's credit card to accessing military installations. With patience and persistence, numerous pieces of data can be assembled into a revealing mosaic. Cryptography's Role in Securing the Information Society addresses the urgent need for a strong national policy on cryptography that promotes and encourages the widespread use of this powerful tool for protecting of the information interests of individuals, businesses, and the nation as a whole, while respecting legitimate national needs of law enforcement and intelligence for national security and foreign policy purposes. This book presents a comprehensive examination of cryptography--the representation of messages in code--and its transformation from a national security tool to a key component of the global information superhighway. The committee enlarges the scope of policy options and offers specific conclusions and recommendations for decision makers. Cryptography's Role in Securing the Information Society explores how all of us are affected by information security issues: private companies and businesses; law enforcement and other agencies; people in their private lives. This volume takes a realistic look at what cryptography can and cannot do and how its development has been shaped by the forces of supply and demand. How can a business ensure that employees use encryption to protect proprietary data but not to conceal illegal actions? Is encryption of voice traffic a serious threat to legitimate law enforcement wiretaps? What is the systemic threat to the nation's information infrastructure? These and other thought-provoking questions are explored. Cryptography's Role in Securing the Information Society provides a detailed review of the Escrowed Encryption Standard (known informally as the Clipper chip proposal), a federal cryptography standard for telephony promulgated in 1994 that raised nationwide controversy over its "Big Brother" implications. The committee examines the strategy of export control over cryptography: although this tool has been used for years in support of national security, it is increasingly criticized by the vendors who are subject to federal export regulation. The book also examines other less well known but nevertheless critical issues in national cryptography policy such as digital telephony and the interplay between international and national issues. The themes of Cryptography's Role in Securing the Information Society are illustrated throughout with many examples -- some alarming and all instructive -- from the worlds of government and business as well as the international network of hackers. This book will be of critical importance to everyone concerned about electronic security: policymakers, regulators, attorneys, security officials, law enforcement agents, business leaders, information managers, program developers, privacy advocates, and Internet users.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!