| - | |
| -Security Classification - | --Internal - | -
| -Document Reference - | --SGL.GT0128.56 - | -
| -Status - | --Draftversion - | -
| -Version - | --0.1 - | -
| -Team/Department - | --Security Team - | -
| -Author - | --William Bamberg - | -
| -Owner - | --Security Team - | -
| - | |
| -Asymmetric Cryptography - | -
-A form of cryptography in which the 'key' is generated as a key pair: if one key is used for encryption
-only the other can be used to decrypt, and vice versa.
- -Using asymmetric cryptography, the problem of key distribution becomes one of authentication; i.e. how to make sure -that a given key really does belong to the entity that claims to own it. - |
-
| -Attribute Certificate - | --A digitally signed data structure including at least an identifier for an individual entity -and a set of attributes, whose function is to bind the entity with the attributes, usually for the -purpose of authorisation. - | -
| -Authentication - | --Usually used to refer to a property of a communication; that the receiver of a message is able to ascertain its origin, -so an attacker cannot successfully impersonate the sender. - | -
| -Block Cipher - | --A class of symmetric algorithm in which several bits of the input data -are encrypted at once in a fixed-size block. -The cipher and its mode of operation define the block size: -the plaintext is split up into appropriately-sized blocks and each block is fed into the cipher. - | -
| -CA Certificate - | --A certificate held by a CA: the key pair associated with it is used for -signing certificates issued by that CA. May or may not be self-signed. - | -
| -Certificate - | --For our purposes, this is the same thing as a -public key certificate - | -
| Certification Authority (CA) - | -
-An organization which perform the following functions in a hierachical PKI:
-
A CA will always have a root certificate-signing key pair, which must be authenticated to End Entities via -out of band channels. This key pair is not logically certified by anything, but it is usually distributed inside -a self-signed certificate to afford some degree of tamper evidency. - However, CAs do not have to use their root key pair to issue certificates directly to End Entities. For organizational -reasons and to reduce the exposure of keys, a CA may have a single root signing key pair, which it uses to certify a -set of subordinate key pairs, which in turn are used to certify End Entities. Also, CAs may certify the -signing keys of other CAs by issuing cross certificates, which enable interoperation -between two distinct PKIs. - |
-
| -Ciphertext - | --The output of an encryption operation, or -the input to a decryption operation. - | -
| -Client Authentication - | --In a secure client-server protocol such as TLS, the process in which the client -authenticates itself to the server, so the server knows who it's talking to. - | -
| -Client/User/End Entity Certificate - | --A certificate issued by a CA to an -end entity (for example the user of a WID) who may use it -to demonstrate their ownership of the key pair associated with it - | -
| -Cross Certificate - | --A certificate issued by a CA which certificates another -CA's root certificate. This is way of uniting two distinct certification hierarchies. - | -
| -Decryption - | --The process of turning encrypted data (called ciphertext) into the original information (called plaintext) -using a cryptographic algorithm parameterised with a key. - | -
| -Digital Signature - | -
-A structure linking some data and a private key. A digital signature may be generated by the application of a
-private key to some piece of data. The original data
-may be reconstructed by applying the corresponding public key, demonstrating that the signature could only have been generated by
-someone with access to the private key.
- Digital signatures have two primary uses: to demonstrate someone's identity by signing some challenge, as in -client authentication in TLS, in which the client -signs a hash of the messages that have been exchanged, and more strongly, for someone to demonstrate their -acceptance of some human-processable information (e.g. 'Please withdraw £10 000 from my bank account') as in the -WMLScript Crypto API SignText function. - |
-
| -Digital Signature Algorithm (DSA) - | --NIST-approved asymmetric algorithm. It can only be used for generating and -verifying digital signatures, not for encryption. - | -
| -Elliptic Curve Cryptography (ECC) - | --Elliptical curve cryptography (ECC) is an asymmetric algorithm - based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys. -Because ECC helps to establish equivalent security with lower computing power and battery resource usage, -it is becoming widely used for mobile applications. - | -
| -Encryption - | --The process of turning meaningful data (called plaintext) into meaningless gibberish (called ciphertext) -using a cryptographic algorithm parameterised with a key. - | -
| -End Entity - | --A leaf node in a certification hierarchy: any entity in a PKI -which has a certificate, but is not allowed to issue its own certificates. - | -
| -Hash - | --Hash algorithms take a variable-length input and produce a fixed length output known as a digest, or hash, of the input. -For cryptographic purposes they need to be one-way functions: -it should not be possible to deduce the input from the digest, or even any part of the input. - Also, it should be hard to find collisions: that is, two different inputs which produce the same output. - | -
| -HMAC - | --Keyed-Hashing for Message Authentication. A mechanism for message authentication using cryptographic -hashes. It can be used with any iterative cryptographic -hash function, e.g., MD5, SHA-1, in combination with a secret shared key. -The cryptographic strength of HMAC depends on the properties of the underlying hash function. - | -
| -ICC - | --Integrated Circuit Card: removable card with at least data storage and sometimes processing - | -
| -IPSec - | --A standard providing secrecy and authentication at the network or -packet-processing layer of network communication. Earlier security approaches have inserted security at the -application layer of the communications model. IPsec will be especially useful for implementing virtual -private networks and for remote user access through dial-up connection to private networks. IPSec is mandatory in IPv6. - | -
| -MD2 - | --Legacy hash algorithm. Considered insecure. - | -
| -MD5 - | --Legacy hash algorithm. Considered vulnerable. - | -
| -Message Digest Algorithm - | --Same thing as a hash algorithm. - | -
| -Nonrepudiation - | --The process by which it is assured that an entity making a declaration cannot subsequently deny having made it: -so I can't claim that I never wrote that cheque. - | -
| -Online Certificate Status Protocol (OCSP) - | --A protocol enabling a relying party to check that a -certificate has not been revoked. In this protocol the OCSP client -asks the OCSP server about the status of one or more certificates, and receives a -digitally signed response. - | -
| -Out Of Band - | -
-A channel of communication which is distinct from the channel which we are using cryptography to try to secure,
-and which is secure on its own terms; that is, its security is not dependent on the cryptography we are using.
- A common example of an out of band channel is a motorcycle courier. - |
-
| -Padding - | --The process of adding bytes to the input to a block cipher so that the input matches the -block size. - | -
| -Plaintext - | --The output of an decryption operation, or -the input to a encryption operation. - | -
| -Pretty Good Privacy (PGP) - | --A very widely-used encryption and digital signing -program. - | -
| -Private Key - | --In the context of public key cryptography, the private half of the key pair. - | -
| -Public Key - | --In the context of public key cryptography, the public half of the key pair. - | -
| -Public Key Certificate - | --A digitally signed structure including at least an identifier for an -individual entity and a public key, whose function is to bind the entity with the key. - | -
| -Public Key Cryptography - | --A common application of asymmetric cryptography in which one half of the key pair is -kept secrect (the private key) and the other half is published -(the public key. - | -
| -Public Key Infrastructure - | -
-
- A way of modelling real-world trust relationships which enables users of public key cryptography -to have confidence in the ownership of -the public keys they are using. - -A PKI consists of: -
The TTP uses its signing key pair to create certificates for other entities, which relying parties can use to authenticate these -other entities. - We can classify PKIs according to whether they are hierachical or flat. In hierachical PKIs, such as the one defined in the PKIX -set of standards, there is a distinction between users of the PKI such as End Entities and -Relying Parties, and entities responsible for issuing and distributing certificates such as -CAs and RAs. In a flat PKI such as the -web of trust underpinning PGP, there are no entities whose -sole role is to issue certificates; instead users of the PKI certify each other. - |
-
| -Registration Authority - | --An organization responsible for registering new certificate users in a -PKI, e.g. by gathering and verifying information which identifies the -certificate applicant. - | -
| -Revocation - | --The term used for asserting that a certificate is no longer valid: for example, because the private key -associated with it has been compromised. - | -
| -Relying Party - | --An entity who relies on the authenticity of a public key. - | -
| -Root Certificate - | --The certificate of a trusted third party. -A certificate directly trusted by a relying party: that is, trust in it is not -established by cryptographic means, but trust in it is the prerequisite for establishing trust in the entity -which the relying party is trying to authenticate. -Trust in a root certificate must be established through out of band means. A root certificate may or may not be self signed. - | -
| -Secrecy - | --This means that access to information is controlled: for example, it means that two entities -(e.g. people, machines, processes) are able to communicate with one another without any other entities -being able to access the information communicated, or that an entity may store some information and be -assured that only this entity will be able to access it. - | -
| -Secure Hash Algorithm 1(SHA-1) - | --A widely used hash algorithm, producing a 160-bit digest. - | -
| -Secure Sockets Layer (SSL) - | --Precursor to TLS. SSL has been through three versions: -the first two are considered insecure, and the third is almost identical to TLS. - | -
| -Server Authentication - | --In a secure client-server protocol such as TLS, the process in which the server -authenticates itself to the client, so the client knows who it's talking to. - | -
| -SignText - | --A function defined in the WMLScript Crypto API which provides application-level -Authentication and Nonrepudiation for transactions. - | -
| -Stream Cipher - | --A class of symmetric algorithm which is initialised with a key, -then outputs a stream of pseudorandom bits. -This 'keystream' is typically XOR-ed with the plaintext to generate the ciphertext. -So they encrypt a bit of plaintext at a time. - | -
| -Symmetric Cryptography - | -
-A form of cryptography in which the same key is used for encryption and decryption
- -Symmetric cryptography is fast, but suffers from the problem of how to distribute the key privately. -Asymmetric cryptography is an attempt to alleviate the key -distribution problem, by reducing the requirement for the distributed key from one of privacy to one of -authentication. - |
-
| -Transport Layer Security (TLS) - | -
-A client-server security protocol providing secrecy and optionally authentication, and
-running over TCP/IP.
- In this protocol a client connects to a server; the two then perform a handshake in which they exchange a -symmetric key by using asymmetric cryptography, -which is then used to encrypt their communications, providing the secrecy element. - Without the authentication element secrecy is not very useful; although only client and server can understand the data -exchanged, the client doesn't know who the server is or vice versa. TLS provides the capability for -server authentication, in which the client establishes who the server is, and -client authentication in which the server establishes who the client is. - |
-
| -Trusted Third Party (TTP) - | -
-An entity whose public key is known to a relying party due to its having been
-received via out of band means, and which is trusted to issue
-public key certificates for other entities not directly known to the relying party.
- A CA is a type of TTP. - |
-
| -Web of Trust - | --The set of social relationships between users of PGP that enables them to sign each others' keys, -essentially providing a PKI for this technology. - | -
| -WMLScript Crypto API - | --A WAP Forum standard which defines cryptographic functions in WML, the scripting language used in WAP. -It defines a function for creating signed objects called SignText - | -
| -WTLS - | --A client-server security protocol providing secrecy and optionally authentication, -running at the transport layer of the WAP stack. WTLS is closely modelled on TLS, -and defines its own lightweight certificate format. - | -
| -X.509 Certificate - | --A widely used type of public key certificates, part of the -now largely moribund X.500 series of standards. - | -
| + | |
| +Security Classification + | ++Internal + | +
| +Document Reference + | ++SGL.GT0128.56 + | +
| +Status + | ++Draftversion + | +
| +Version + | ++0.1 + | +
| +Team/Department + | ++Security Team + | +
| +Author + | ++William Bamberg + | +
| +Owner + | ++Security Team + | +
| + | |
| +Asymmetric Cryptography + | +
+A form of cryptography in which the 'key' is generated as a key pair: if one key is used for encryption
+only the other can be used to decrypt, and vice versa.
+ +Using asymmetric cryptography, the problem of key distribution becomes one of authentication; i.e. how to make sure +that a given key really does belong to the entity that claims to own it. + |
+
| +Attribute Certificate + | ++A digitally signed data structure including at least an identifier for an individual entity +and a set of attributes, whose function is to bind the entity with the attributes, usually for the +purpose of authorisation. + | +
| +Authentication + | ++Usually used to refer to a property of a communication; that the receiver of a message is able to ascertain its origin, +so an attacker cannot successfully impersonate the sender. + | +
| +Block Cipher + | ++A class of symmetric algorithm in which several bits of the input data +are encrypted at once in a fixed-size block. +The cipher and its mode of operation define the block size: +the plaintext is split up into appropriately-sized blocks and each block is fed into the cipher. + | +
| +CA Certificate + | ++A certificate held by a CA: the key pair associated with it is used for +signing certificates issued by that CA. May or may not be self-signed. + | +
| +Certificate + | ++For our purposes, this is the same thing as a +public key certificate + | +
| Certification Authority (CA) + | +
+An organization which perform the following functions in a hierachical PKI:
+
A CA will always have a root certificate-signing key pair, which must be authenticated to End Entities via +out of band channels. This key pair is not logically certified by anything, but it is usually distributed inside +a self-signed certificate to afford some degree of tamper evidency. + However, CAs do not have to use their root key pair to issue certificates directly to End Entities. For organizational +reasons and to reduce the exposure of keys, a CA may have a single root signing key pair, which it uses to certify a +set of subordinate key pairs, which in turn are used to certify End Entities. Also, CAs may certify the +signing keys of other CAs by issuing cross certificates, which enable interoperation +between two distinct PKIs. + |
+
| +Ciphertext + | ++The output of an encryption operation, or +the input to a decryption operation. + | +
| +Client Authentication + | ++In a secure client-server protocol such as TLS, the process in which the client +authenticates itself to the server, so the server knows who it's talking to. + | +
| +Client/User/End Entity Certificate + | ++A certificate issued by a CA to an +end entity (for example the user of a WID) who may use it +to demonstrate their ownership of the key pair associated with it + | +
| +Cross Certificate + | ++A certificate issued by a CA which certificates another +CA's root certificate. This is way of uniting two distinct certification hierarchies. + | +
| +Decryption + | ++The process of turning encrypted data (called ciphertext) into the original information (called plaintext) +using a cryptographic algorithm parameterised with a key. + | +
| +Digital Signature + | +
+A structure linking some data and a private key. A digital signature may be generated by the application of a
+private key to some piece of data. The original data
+may be reconstructed by applying the corresponding public key, demonstrating that the signature could only have been generated by
+someone with access to the private key.
+ Digital signatures have two primary uses: to demonstrate someone's identity by signing some challenge, as in +client authentication in TLS, in which the client +signs a hash of the messages that have been exchanged, and more strongly, for someone to demonstrate their +acceptance of some human-processable information (e.g. 'Please withdraw £10 000 from my bank account') as in the +WMLScript Crypto API SignText function. + |
+
| +Digital Signature Algorithm (DSA) + | ++NIST-approved asymmetric algorithm. It can only be used for generating and +verifying digital signatures, not for encryption. + | +
| +Elliptic Curve Cryptography (ECC) + | ++Elliptical curve cryptography (ECC) is an asymmetric algorithm + based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys. +Because ECC helps to establish equivalent security with lower computing power and battery resource usage, +it is becoming widely used for mobile applications. + | +
| +Encryption + | ++The process of turning meaningful data (called plaintext) into meaningless gibberish (called ciphertext) +using a cryptographic algorithm parameterised with a key. + | +
| +End Entity + | ++A leaf node in a certification hierarchy: any entity in a PKI +which has a certificate, but is not allowed to issue its own certificates. + | +
| +Hash + | ++Hash algorithms take a variable-length input and produce a fixed length output known as a digest, or hash, of the input. +For cryptographic purposes they need to be one-way functions: +it should not be possible to deduce the input from the digest, or even any part of the input. + Also, it should be hard to find collisions: that is, two different inputs which produce the same output. + | +
| +HMAC + | ++Keyed-Hashing for Message Authentication. A mechanism for message authentication using cryptographic +hashes. It can be used with any iterative cryptographic +hash function, e.g., MD5, SHA-1, in combination with a secret shared key. +The cryptographic strength of HMAC depends on the properties of the underlying hash function. + | +
| +ICC + | ++Integrated Circuit Card: removable card with at least data storage and sometimes processing + | +
| +IPSec + | ++A standard providing secrecy and authentication at the network or +packet-processing layer of network communication. Earlier security approaches have inserted security at the +application layer of the communications model. IPsec will be especially useful for implementing virtual +private networks and for remote user access through dial-up connection to private networks. IPSec is mandatory in IPv6. + | +
| +MD2 + | ++Legacy hash algorithm. Considered insecure. + | +
| +MD5 + | ++Legacy hash algorithm. Considered vulnerable. + | +
| +Message Digest Algorithm + | ++Same thing as a hash algorithm. + | +
| +Nonrepudiation + | ++The process by which it is assured that an entity making a declaration cannot subsequently deny having made it: +so I can't claim that I never wrote that cheque. + | +
| +Online Certificate Status Protocol (OCSP) + | ++A protocol enabling a relying party to check that a +certificate has not been revoked. In this protocol the OCSP client +asks the OCSP server about the status of one or more certificates, and receives a +digitally signed response. + | +
| +Out Of Band + | +
+A channel of communication which is distinct from the channel which we are using cryptography to try to secure,
+and which is secure on its own terms; that is, its security is not dependent on the cryptography we are using.
+ A common example of an out of band channel is a motorcycle courier. + |
+
| +Padding + | ++The process of adding bytes to the input to a block cipher so that the input matches the +block size. + | +
| +Plaintext + | ++The output of an decryption operation, or +the input to a encryption operation. + | +
| +Pretty Good Privacy (PGP) + | ++A very widely-used encryption and digital signing +program. + | +
| +Private Key + | ++In the context of public key cryptography, the private half of the key pair. + | +
| +Public Key + | ++In the context of public key cryptography, the public half of the key pair. + | +
| +Public Key Certificate + | ++A digitally signed structure including at least an identifier for an +individual entity and a public key, whose function is to bind the entity with the key. + | +
| +Public Key Cryptography + | ++A common application of asymmetric cryptography in which one half of the key pair is +kept secrect (the private key) and the other half is published +(the public key. + | +
| +Public Key Infrastructure + | +
+
+ A way of modelling real-world trust relationships which enables users of public key cryptography +to have confidence in the ownership of +the public keys they are using. + +A PKI consists of: +
The TTP uses its signing key pair to create certificates for other entities, which relying parties can use to authenticate these +other entities. + We can classify PKIs according to whether they are hierachical or flat. In hierachical PKIs, such as the one defined in the PKIX +set of standards, there is a distinction between users of the PKI such as End Entities and +Relying Parties, and entities responsible for issuing and distributing certificates such as +CAs and RAs. In a flat PKI such as the +web of trust underpinning PGP, there are no entities whose +sole role is to issue certificates; instead users of the PKI certify each other. + |
+
| +Registration Authority + | ++An organization responsible for registering new certificate users in a +PKI, e.g. by gathering and verifying information which identifies the +certificate applicant. + | +
| +Revocation + | ++The term used for asserting that a certificate is no longer valid: for example, because the private key +associated with it has been compromised. + | +
| +Relying Party + | ++An entity who relies on the authenticity of a public key. + | +
| +Root Certificate + | ++The certificate of a trusted third party. +A certificate directly trusted by a relying party: that is, trust in it is not +established by cryptographic means, but trust in it is the prerequisite for establishing trust in the entity +which the relying party is trying to authenticate. +Trust in a root certificate must be established through out of band means. A root certificate may or may not be self signed. + | +
| +Secrecy + | ++This means that access to information is controlled: for example, it means that two entities +(e.g. people, machines, processes) are able to communicate with one another without any other entities +being able to access the information communicated, or that an entity may store some information and be +assured that only this entity will be able to access it. + | +
| +Secure Hash Algorithm 1(SHA-1) + | ++A widely used hash algorithm, producing a 160-bit digest. + | +
| +Secure Sockets Layer (SSL) + | ++Precursor to TLS. SSL has been through three versions: +the first two are considered insecure, and the third is almost identical to TLS. + | +
| +Server Authentication + | ++In a secure client-server protocol such as TLS, the process in which the server +authenticates itself to the client, so the client knows who it's talking to. + | +
| +SignText + | ++A function defined in the WMLScript Crypto API which provides application-level +Authentication and Nonrepudiation for transactions. + | +
| +Stream Cipher + | ++A class of symmetric algorithm which is initialised with a key, +then outputs a stream of pseudorandom bits. +This 'keystream' is typically XOR-ed with the plaintext to generate the ciphertext. +So they encrypt a bit of plaintext at a time. + | +
| +Symmetric Cryptography + | +
+A form of cryptography in which the same key is used for encryption and decryption
+ +Symmetric cryptography is fast, but suffers from the problem of how to distribute the key privately. +Asymmetric cryptography is an attempt to alleviate the key +distribution problem, by reducing the requirement for the distributed key from one of privacy to one of +authentication. + |
+
| +Transport Layer Security (TLS) + | +
+A client-server security protocol providing secrecy and optionally authentication, and
+running over TCP/IP.
+ In this protocol a client connects to a server; the two then perform a handshake in which they exchange a +symmetric key by using asymmetric cryptography, +which is then used to encrypt their communications, providing the secrecy element. + Without the authentication element secrecy is not very useful; although only client and server can understand the data +exchanged, the client doesn't know who the server is or vice versa. TLS provides the capability for +server authentication, in which the client establishes who the server is, and +client authentication in which the server establishes who the client is. + |
+
| +Trusted Third Party (TTP) + | +
+An entity whose public key is known to a relying party due to its having been
+received via out of band means, and which is trusted to issue
+public key certificates for other entities not directly known to the relying party.
+ A CA is a type of TTP. + |
+
| +Web of Trust + | ++The set of social relationships between users of PGP that enables them to sign each others' keys, +essentially providing a PKI for this technology. + | +
| +WMLScript Crypto API + | ++A WAP Forum standard which defines cryptographic functions in WML, the scripting language used in WAP. +It defines a function for creating signed objects called SignText + | +
| +WTLS + | ++A client-server security protocol providing secrecy and optionally authentication, +running at the transport layer of the WAP stack. WTLS is closely modelled on TLS, +and defines its own lightweight certificate format. + | +
| +X.509 Certificate + | ++A widely used type of public key certificates, part of the +now largely moribund X.500 series of standards. + | +