| Security Classification | Internal |
| Document Reference | SGL.GT0128.56 |
| Status | Draftversion |
| Version | 0.1 |
| Team/Department | Security Team |
| Author | William Bamberg |
| Owner | Security Team |
| Asymmetric Cryptography |
A form of cryptography in which the 'key' is generated as a key pair: if one key is used for encryption
only the other can be used to decrypt, and vice versa.
Using asymmetric cryptography, the problem of key distribution becomes one of authentication; i.e. how to make sure that a given key really does belong to the entity that claims to own it. |
| Attribute Certificate | A digitally signed data structure including at least an identifier for an individual entity and a set of attributes, whose function is to bind the entity with the attributes, usually for the purpose of authorisation. |
| Authentication | Usually used to refer to a property of a communication; that the receiver of a message is able to ascertain its origin, so an attacker cannot successfully impersonate the sender. |
| Block Cipher | A class of symmetric algorithm in which several bits of the input data are encrypted at once in a fixed-size block. The cipher and its mode of operation define the block size: the plaintext is split up into appropriately-sized blocks and each block is fed into the cipher. |
| CA Certificate | A certificate held by a CA: the key pair associated with it is used for signing certificates issued by that CA. May or may not be self-signed. |
| Certificate | For our purposes, this is the same thing as a public key certificate |
| Certification Authority (CA) |
An organization which perform the following functions in a hierachical PKI:
A CA will always have a root certificate-signing key pair, which must be authenticated to End Entities via out of band channels. This key pair is not logically certified by anything, but it is usually distributed inside a self-signed certificate to afford some degree of tamper evidency. However, CAs do not have to use their root key pair to issue certificates directly to End Entities. For organizational reasons and to reduce the exposure of keys, a CA may have a single root signing key pair, which it uses to certify a set of subordinate key pairs, which in turn are used to certify End Entities. Also, CAs may certify the signing keys of other CAs by issuing cross certificates, which enable interoperation between two distinct PKIs. |
| Ciphertext | The output of an encryption operation, or the input to a decryption operation. |
| Client Authentication | In a secure client-server protocol such as TLS, the process in which the client authenticates itself to the server, so the server knows who it's talking to. |
| Client/User/End Entity Certificate | A certificate issued by a CA to an end entity (for example the user of a WID) who may use it to demonstrate their ownership of the key pair associated with it |
| Cross Certificate | A certificate issued by a CA which certificates another CA's root certificate. This is way of uniting two distinct certification hierarchies. |
| Decryption | The process of turning encrypted data (called ciphertext) into the original information (called plaintext) using a cryptographic algorithm parameterised with a key. |
| Digital Signature |
A structure linking some data and a private key. A digital signature may be generated by the application of a
private key to some piece of data. The original data
may be reconstructed by applying the corresponding public key, demonstrating that the signature could only have been generated by
someone with access to the private key.
Digital signatures have two primary uses: to demonstrate someone's identity by signing some challenge, as in client authentication in TLS, in which the client signs a hash of the messages that have been exchanged, and more strongly, for someone to demonstrate their acceptance of some human-processable information (e.g. 'Please withdraw £10 000 from my bank account') as in the WMLScript Crypto API SignText function. |
| Digital Signature Algorithm (DSA) | NIST-approved asymmetric algorithm. It can only be used for generating and verifying digital signatures, not for encryption. |
| Elliptic Curve Cryptography (ECC) | Elliptical curve cryptography (ECC) is an asymmetric algorithm based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys. Because ECC helps to establish equivalent security with lower computing power and battery resource usage, it is becoming widely used for mobile applications. |
| Encryption | The process of turning meaningful data (called plaintext) into meaningless gibberish (called ciphertext) using a cryptographic algorithm parameterised with a key. |
| End Entity | A leaf node in a certification hierarchy: any entity in a PKI which has a certificate, but is not allowed to issue its own certificates. |
| Hash | Hash algorithms take a variable-length input and produce a fixed length output known as a digest, or hash, of the input. For cryptographic purposes they need to be one-way functions: it should not be possible to deduce the input from the digest, or even any part of the input. Also, it should be hard to find collisions: that is, two different inputs which produce the same output. |
| HMAC | Keyed-Hashing for Message Authentication. A mechanism for message authentication using cryptographic hashes. It can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. |
| ICC | Integrated Circuit Card: removable card with at least data storage and sometimes processing |
| IPSec | A standard providing secrecy and authentication at the network or packet-processing layer of network communication. Earlier security approaches have inserted security at the application layer of the communications model. IPsec will be especially useful for implementing virtual private networks and for remote user access through dial-up connection to private networks. IPSec is mandatory in IPv6. |
| MD2 | Legacy hash algorithm. Considered insecure. |
| MD5 | Legacy hash algorithm. Considered vulnerable. |
| Message Digest Algorithm | Same thing as a hash algorithm. |
| Nonrepudiation | The process by which it is assured that an entity making a declaration cannot subsequently deny having made it: so I can't claim that I never wrote that cheque. |
| Online Certificate Status Protocol (OCSP) | A protocol enabling a relying party to check that a certificate has not been revoked. In this protocol the OCSP client asks the OCSP server about the status of one or more certificates, and receives a digitally signed response. |
| Out Of Band |
A channel of communication which is distinct from the channel which we are using cryptography to try to secure,
and which is secure on its own terms; that is, its security is not dependent on the cryptography we are using.
A common example of an out of band channel is a motorcycle courier. |
| Padding | The process of adding bytes to the input to a block cipher so that the input matches the block size. |
| Plaintext | The output of an decryption operation, or the input to a encryption operation. |
| Pretty Good Privacy (PGP) | A very widely-used encryption and digital signing program. |
| Private Key | In the context of public key cryptography, the private half of the key pair. |
| Public Key | In the context of public key cryptography, the public half of the key pair. |
| Public Key Certificate | A digitally signed structure including at least an identifier for an individual entity and a public key, whose function is to bind the entity with the key. |
| Public Key Cryptography | A common application of asymmetric cryptography in which one half of the key pair is kept secrect (the private key) and the other half is published (the public key. |
| Public Key Infrastructure |
A way of modelling real-world trust relationships which enables users of public key cryptography to have confidence in the ownership of the public keys they are using. A PKI consists of:
The TTP uses its signing key pair to create certificates for other entities, which relying parties can use to authenticate these other entities. We can classify PKIs according to whether they are hierachical or flat. In hierachical PKIs, such as the one defined in the PKIX set of standards, there is a distinction between users of the PKI such as End Entities and Relying Parties, and entities responsible for issuing and distributing certificates such as CAs and RAs. In a flat PKI such as the web of trust underpinning PGP, there are no entities whose sole role is to issue certificates; instead users of the PKI certify each other. |
| Registration Authority | An organization responsible for registering new certificate users in a PKI, e.g. by gathering and verifying information which identifies the certificate applicant. |
| Revocation | The term used for asserting that a certificate is no longer valid: for example, because the private key associated with it has been compromised. |
| Relying Party | An entity who relies on the authenticity of a public key. |
| Root Certificate | The certificate of a trusted third party. A certificate directly trusted by a relying party: that is, trust in it is not established by cryptographic means, but trust in it is the prerequisite for establishing trust in the entity which the relying party is trying to authenticate. Trust in a root certificate must be established through out of band means. A root certificate may or may not be self signed. |
| Secrecy | This means that access to information is controlled: for example, it means that two entities (e.g. people, machines, processes) are able to communicate with one another without any other entities being able to access the information communicated, or that an entity may store some information and be assured that only this entity will be able to access it. |
| Secure Hash Algorithm 1(SHA-1) | A widely used hash algorithm, producing a 160-bit digest. |
| Secure Sockets Layer (SSL) | Precursor to TLS. SSL has been through three versions: the first two are considered insecure, and the third is almost identical to TLS. |
| Server Authentication | In a secure client-server protocol such as TLS, the process in which the server authenticates itself to the client, so the client knows who it's talking to. |
| SignText | A function defined in the WMLScript Crypto API which provides application-level Authentication and Nonrepudiation for transactions. |
| Stream Cipher | A class of symmetric algorithm which is initialised with a key, then outputs a stream of pseudorandom bits. This 'keystream' is typically XOR-ed with the plaintext to generate the ciphertext. So they encrypt a bit of plaintext at a time. |
| Symmetric Cryptography |
A form of cryptography in which the same key is used for encryption and decryption
Symmetric cryptography is fast, but suffers from the problem of how to distribute the key privately. Asymmetric cryptography is an attempt to alleviate the key distribution problem, by reducing the requirement for the distributed key from one of privacy to one of authentication. |
| Transport Layer Security (TLS) |
A client-server security protocol providing secrecy and optionally authentication, and
running over TCP/IP.
In this protocol a client connects to a server; the two then perform a handshake in which they exchange a symmetric key by using asymmetric cryptography, which is then used to encrypt their communications, providing the secrecy element. Without the authentication element secrecy is not very useful; although only client and server can understand the data exchanged, the client doesn't know who the server is or vice versa. TLS provides the capability for server authentication, in which the client establishes who the server is, and client authentication in which the server establishes who the client is. |
| Trusted Third Party (TTP) |
An entity whose public key is known to a relying party due to its having been
received via out of band means, and which is trusted to issue
public key certificates for other entities not directly known to the relying party.
A CA is a type of TTP. |
| Web of Trust | The set of social relationships between users of PGP that enables them to sign each others' keys, essentially providing a PKI for this technology. |
| WMLScript Crypto API | A WAP Forum standard which defines cryptographic functions in WML, the scripting language used in WAP. It defines a function for creating signed objects called SignText |
| WTLS | A client-server security protocol providing secrecy and optionally authentication, running at the transport layer of the WAP stack. WTLS is closely modelled on TLS, and defines its own lightweight certificate format. |
| X.509 Certificate | A widely used type of public key certificates, part of the now largely moribund X.500 series of standards. |