An attack that can be performed on a cryptographic module without direct physical contact with the module. Examples include differential power analysis attack, electromagnetic emanation attack, simple power analysis attack, and timing analysis attack.
Maintenance activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network.
It is an area, room, or space that, when staffed, must be occupied by two or more security cleared individuals who remain within sight of each other.
(1) An identifier, a counter, a value, or a message number that is used only once. These numbers are freshly generated random values. Nonce is a time-varying value with a negligible chance of repeating (almost non-repeating). (2) A nonce could be a random value that is generated anew or each instance of a nonce, a timestamp, a sequence number, or some combination of these. (3) A randomly generated value used to defeat “playback” attacks in communication protocols. One party randomly generates a nonce and sends it to the other party. The receiver encrypts it using the agreed-upon secret key and returns it to the sender. Because the sender randomly generated the nonce, this defeats playback attacks because the replayer cannot know in advance the nonce the sender will generate. The receiver denies connections that do not have the correctly encrypted nonce. (4) Nonce is a value used in security protocols that is never repeated with the same key. For example, challenges used in challenge-response authentication protocols generally must not be repeated until authentication keys are changed, or there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge because a nonce is not necessarily unpredictable.
(1) An authentication that with high assurance can be asserted to be genuine and that cannot subsequently be refuted. It is the security service by which the entities involved in a communication cannot deny having participated. Specifically, the sending entity cannot deny having sent a message (nonrepudiation with proof of origin) and the receiving entity cannot deny having received a message (nonrepudiation with proof of delivery). This service provides proof of the integrity and origin of data that can be verified by a third party. (2) Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information. (3) A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified and validated by a third party as having originated from a specific entity in possession of the private key (i.e., the signatory). (4) Protection against an individual falsely denying having performed a particular action. It provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message.
A type of action that supports the principle of accountability by preventing the reversal and/or concealment of activity associated with sensitive objects.
A security measure that is not directly part of the network information security processing system, taken to help prevent system vulnerabilities. Nontechnical countermeasures encompass a broad range of personal measures, procedures, and physical facilities that can deter an adversary from exploiting a system (e.g., security guards, visitor escort, visitor badge, locked closets, and locked doors).
A method of controlling actions of subjects (people) by distributing a task among more than one (N) subject.
N-version programming is based on design or version diversity. The different versions are executed in parallel and the results are voted on.
O
A way of constructing a virus to make it more difficult to detect.