The process used to extend the validity period of a cryptographic key so that it can be used for an additional time period.
To obtain an electronic cryptography key from active or archival electronic storage, a backup facility, or an archive under normal operational circumstances.
The total number of possible values that a key, such as a password, can have.
(1) A process used to move a cryptographic key from one protected domain to another domain, including both physical and electronic methods of movement. (2) A key establishment procedure whereby one party (the sender) selects and encrypts the keying material and then distributes the material to another party (the receiver). (3) The secure transport of cryptographic keys from one cryptographic module to another module.
A key transport key pair may be used to transport keying material from an originating entity to a receiving entity during communications, or to protect keying material while in storage. The originating entity in a communication (or the entity initiating the storage of the keying material) uses the public key to encrypt the keying material; the receiving entity (or the entity retrieving the stored keying material) uses the private key to decrypt the encrypted keying material.
A process used to replace a previously active key with a new key that is related to the old key.
A process by which cryptographic parameters (e.g., domain parameters, private keys, public keys, certificates, and symmetric keys) are tested as being appropriate for use by a particular cryptographic algorithm for a specific security service and application and that they can be trusted.
The secret code used to encrypt and decrypt a message.
A method of encrypting keys (along with associated integrity information) that provides both confidentiality and integrity protection using a symmetric key algorithm.
A data scavenging method, using resources available to normal system users, which may include advanced software diagnostic tools.
A message authentication code that uses a cryptographic key in conjunction with a hash function. It creates a hash based on both a message and a secret key.
The data (e.g., keys and initialization vectors) necessary to establish and maintain cryptographic keying relationships.
A form of malware that monitors a keyboard for action events, such as a key being pressed, and provides the observed keystrokes to an attacker.
The process used to view or record both the keystrokes entered by a computer user and the computer’s response during an interactive session. Keystroke monitoring is usually considered a special case of audit trails.
A method of disabling a system by sending Ethernet or Internet Protocol (IP) packets that exploit bugs in the networking code to crash the system. A similar action is done by synchronized floods (SYN floods), which is a method of disabling a system by sending more SYN packets than its networking code can handle.
Uses an integer programming technique. In contrast to RSA, the encryption and decryption functions are not inverse. It requires a high bandwidth and generally is insecure due to documented security breaches.
L
(1) An explicit or implicit marking of a data structure or output media associated with an information system representing the FIPS 199 security category, or distribution limitations or handling caveats of the information contained therein. (2) A piece of information that represents the security level of an object and that describes the sensitivity of the information in the object. Similar to security label.
Process of assigning a representation of the sensitivity of a subject or object.
A data scavenging method through the aid of what could be precise or elaborate powerful equipment.
Measures the delay from first bit in to first bit out. It is the time delay of data traffic through a network, switch, port, and link. Also, see data latency and packet latency.
A partially ordered set for which every pair of elements has a greatest lower bound and a least upper bound.
The judicious placement of security protection and attack countermeasures that can provide an effective set of safeguards (controls) that are tailored to the unique needs of a customer’s situation. It is a part of security-in-depth or defense-in-depth strategy.