Master Definitions Table

Week 1

Term/Acronym	Simple Definition	Context/Usage
Risk	The possibility to suffer harm or loss, often quantified as a function of loss associated with an event and the probability that the event occurs.	Risk exists only when there is a threat and a vulnerability that the specific threat can exploit.
Threat	Potential cause of an unwanted event that may harm assets.	Threats tend to be specific to certain environments, such as a virus posing a threat to Windows but not Linux.
Vulnerability	A characteristic of a system that can be exploited by a threat.	Vulnerabilities are weaknesses or holes that can be exploited by threats in order to cause harm.
Impact	An additional factor added to the threat/vulnerability/risk equation, relating to the value of the asset being threatened.	A necessary component in the working definition of risk, which is calculated as impact multiplied by probability of occurrence.
Countermeasure	Means to detect, deter, or deny attacks to threatened assets.	These are deployed to reduce risk, and their implementation is the final step in the risk mitigation process.
Controls	Measures put in place to help ensure a given type of threat is accounted for, used to mitigate risks.	These are divided into three categories: physical, logical (technical), and administrative.
CIA Triad	A foundational model in information security composed of three primary concepts: Confidentiality, Integrity, and Availability.	This model is commonly used as a framework for discussing security concepts and tends to be very focused on security as it pertains to data.
Confidentiality	The ability to protect data from those who are not authorized to view it.	Compromise occurs through unauthorized viewing, penetration of systems, or the loss of a laptop containing data.
Integrity	The ability to prevent data from being changed in an unauthorized or undesirable manner.	Integrity is particularly important when dealing with data that forms the foundation for other decisions, such as medical test results.
Availability	The ability to access data when it is needed.	Loss can result from power loss, application problems, network attacks, or a Denial of Service (DoS) attack.
DoS Attack	Acronym for Denial of Service, which is a loss of availability caused by an outside party, such as an attacker.	A type of interruption attack that causes assets to become unusable or unavailable.
Parkerian Hexad	A more complex variation of the CIA triad consisting of Confidentiality, Integrity, Availability, Possession or Control, Authenticity, and Utility.	This model is helpful when the CIA triad is too restrictive to describe an entire security situation.
Possession or Control	Refers to the physical disposition of the media on which the data is stored.	This principle allows one to describe the loss of physical data medium, such as encrypted backup tapes, separate from confidentiality issues.
Authenticity	Allows discussion about the proper attribution as to the owner or creator of the data in question.	This principle can be violated if an e-mail message is altered to appear to come from a different e-mail address.
Utility	Refers to how useful the data is to us.	The only principle of the Parkerian hexad that is not necessarily binary in nature, as it relates to the degree of usefulness (e.g., encrypted data has low utility).
Nonrepudiation	Prevents someone from taking an action (like sending an e-mail) and then later denying that he or she has done so.	This concept is critical to e-commerce and is enforced through mechanisms like digital signatures.
Interception (Attack)	Attacks that allow unauthorized users to access data, applications, or environments.	Primarily an attack against confidentiality, such as eavesdropping on phone conversations or unauthorized file viewing.
Interruption (Attack)	Attacks that cause assets to become unusable or unavailable for use, on a temporary or permanent basis.	Interruption attacks often affect availability, but can also be considered an attack on integrity.
Modification (Attack)	Attacks that involve tampering with an asset.	Primarily considered an integrity attack, but can also affect availability if a critical file, like a Web server configuration file, is altered.
Fabrication (Attack)	Attacks that involve generating data, processes, communications, or other similar activities with a system.	These attacks primarily affect integrity by generating spurious information in a database or spoofing e-mail.
Risk Management	The process that involves identifying assets, identifying threats, assessing vulnerabilities, and then taking steps to mitigate the resulting risks.	This program must be managed at the senior leader level of the organization and implemented by everyone.
Defense in Depth	A strategy to formulate a multilayered defense that allows for successful protection should one or more defensive measures fail.	The goal is to delay an attacker long enough to detect the attack and mount an active defense.
Incident Response	The process that exists to react to events where risk management efforts have failed.	This process consists of preparation, detection and analysis, containment, eradication and recovery, and post incident activity.
OWASP	Acronym for Open Web Application Security Project.	Provides security resources and methodologies, such as the OWASP Risk Rating Methodology, used for risk assessment.
PII	Acronym for personally identifiable information.	Refers to proprietary information contained in a database that, if exposed, can lead to severe consequences.
PIN	Acronym for personal identification number.	A number maintained confidentially that, combined with an ATM card, allows a person to draw funds.
DAD	Acronym for Disclosure, alteration, and denial.	Represents the negative forms of the CIA concepts (Confidentiality, Integrity, and Availability).
5G	The next generation standard for mobile communication.	Provides higher network throughput, support for high-speed devices, and accommodates IoT devices.
UE	Acronym for User Equipment.	Refers to the device (phone/IoT device) used in 5G mobile communication that interacts with the network.
HN	Acronym for Home Network.	Refers to the user’s carrier in the 5G communication model, which often performs mutual authentication with the UE.
SN	Acronym for Serving Network.	Refers to the component (Base Station or User’s carrier) involved in mobile communication, often requiring confidential communication with the UE.
IDS	Acronym for Intrusion Detection System.	A security tool whose output or alerting is monitored during the detection and analysis phase of incident response.
AV	Acronym for Anti Virus software.	Software used for monitoring and alerting during the detection phase of incident response.
SIEM	Acronym for Security Information and Event Monitoring.	A tool or service used to automate analysis and monitoring of security events during the detection phase of incident response.
MSSP	Acronym for Managed Security Service Provider.	An external provider that can handle the detection and analysis portion of incident response.
IPS	Acronym for Intrusion Prevention System.	A system on which rules might be updated during containment to halt malicious traffic.
ALE	Acronym for Annualized Loss Expectancy.	The expected loss multiplied by the number of incidents expected in an average year, used for quantifying risk.
PKI	Acronym for Public Key Infrastructure.	Mentioned in the historical context of technology and security trends in the mid-1990s.
PCI DSS	Acronym for Payment Card Industry Data Security Standard.	A body of law that defines security standards for companies that process credit card payments.
HIPAA	Acronym for Health Insurance Portability and Accountability Act of 1996.	A body of law that defines security standards for organizations that handle health care and patient records.
FISMA	Acronym for Federal Information Security Management Act.	A body of law that defines security standards for many federal agencies in the United States.
DMZ	(Demilitarized Zone)	A layer of defense often placed at the network perimeter in a Defense in Depth strategy.
VPN	Acronym for Virtual Private Network.	A network defense mechanism listed as a potential defense layer, often at the external network.
SSO	Acronym for Single Sign-On.	An application or host-level security mechanism used for authentication.
digital signatures	A security mechanism used for authentication or enforcing nonrepudiation.	Used in e-commerce to enforce nonrepudiation by preventing someone from denying a previous action.

Week 2

Term/Acronym	Simple Definition (1 sentence explanation)	Context/Usage
Secure Sockets Layer (SSL)	An older communication protocol designed to create a secure, encrypted connection between devices or applications over a network.	All versions of SSL are now deprecated due to security flaws, though the term is still commonly used to refer to TLS.
Transport Layer Security (TLS)	The upgraded version of SSL that fixes existing vulnerabilities, authenticates more efficiently, and supports encrypted communication channels.	TLS versions 1.2 and 1.3 are actively used, and AWS clients must support TLS 1.2 or later by June 2023.
Communication Protocol	A set of rules that defines how two devices or applications exchange data securely over a network.	Both SSL and TLS are examples of communication protocols used to encrypt data and authenticate two connected parties.
Digital Certificates	Files used by TLS and SSL to facilitate the handshake process and establish encrypted communications between a browser and a web server.	Often called SSL certificates, they are currently the industry-standard TLS certificates.
Handshake (SSL/TLS)	A process during which a browser authenticates a server’s certificate, authenticates both parties, and exchanges cryptographic keys.	The TLS handshake is implicit and faster, having fewer steps than the complex, explicit SSL handshake.
HTTP	A protocol or set of communication rules used for client-server communication across any network.	HTTPS is established when a secure SSL/TLS protocol is layered over the insecure HTTP connection.
HTTPS	The practice of establishing a secure SSL/TLS protocol on an insecure HTTP connection, indicated by the ‘s’ for ‘secure’.	Browsers check for https:// in the address bar to confirm an authentic and encrypted connection.
Alert messages	Mechanisms used by both SSL and TLS protocols to communicate errors and warnings.	SSL alert messages are unencrypted and include warning or fatal types, while TLS alerts are encrypted and include close notify.
Warning (Alert Type)	An alert in SSL indicating an error has occurred, but the connection can continue.	It is one of the two unencrypted alert message types used by SSL.
Fatal (Alert Type)	An alert in SSL indicating that the connection must be terminated immediately.	This alert type signals a critical error requiring connection termination.
Close notify (Alert Type)	An encrypted alert message type used in TLS to signal the end of the current session.	This alert is an addition to the warning and fatal types carried over from SSL.
Message authentication codes (MACs)	A cryptographic technique used by both protocols for verifying the authenticity and integrity of messages.	A MAC is generated using a secret key, resulting in a fixed-length code attached to the original message.
MD5 algorithm	An outdated cryptographic algorithm used by the SSL protocol for Message Authentication Code (MAC) generation.	Its use in SSL is a security flaw resolved by TLS.
Hash-Based Message Authentication Code (HMAC)	The method utilized by TLS for MAC generation, providing more complex cryptography and enhanced security.	HMAC replaced the outdated MD5 algorithm used by SSL.
Cipher suite	A collection of algorithms that are responsible for creating keys to encrypt information exchanged between a browser and a server.	A typical suite includes key exchange, validation, bulk encryption, and MAC algorithms.
AWS Certificate Manager (ACM)	An Amazon Web Services (AWS) service that provisions, manages, and deploys public and private SSL/TLS certificates.	ACM helps users meet SSL/TLS requirements, for example, by maintaining certificates and automating renewals.
Amazon Web Services (AWS)	The organization offering the ACM service to help clients meet SSL/TLS requirements.	AWS clients were mandated to support TLS 1.2 or later by June 2023.
Internet of Things (IoT)	A class of devices and applications that ACM can help protect through secure communication on private networks.	ACM provides secure communication, protecting devices like mobile and IoT applications.
Sockets	An API provided by the operating system for developers to send and receive data over a network between running software.	Sockets are an abstraction of network facilities and can be created as clients (connecting) or servers (listening).
API	An interface provided by the operating system that consists of a library of data structures, classes, and functions to access network operations.	Sockets are an API abstraction used by developers to manage network communication.
TCP (Transmission Control Protocol)	An underlying transport layer protocol used by some sockets, where data is viewed as an endless ordered stream.	Sockets using TCP behave similarly to files, utilizing methods like recv() and send().
UDP (User Datagram Protocol)	An underlying transport layer protocol that sockets can be based upon for data transmission.	The use of UDP results in data that may not be ordered or guaranteed to be delivered.
IP (Internet Protocol)	The address referencing the device, used alongside a port number to identify the socket’s endpoint.	The IP address and port number are the only information used by intermediate networks devices most of the time.
Port number	A number indicating which specific software or application corresponds to the socket endpoint.	The OS uses the port number to make received data available to the correct process which created the socket.
Operating Systems (OS)	The system that manages sockets internally via the kernel, treating them as endpoints for low-level system calls.	The OS is responsible for ensuring data ordering and guaranteed delivery functionalities expected from the transport layer.
Kernel	The internal component of the operating system that manages sockets similarly to file descriptors.	The kernel is responsible for managing the low-level system calls related to network card(s).
File descriptors	An internal abstraction used by the kernel; sockets are managed similarly to these.	The internal kernel management of sockets resembles that of file descriptors.
Network card(s)	The hardware related to the low-level system calls for which sockets are endpoints.	The network card driver makes received data available in the corresponding socket.
OSI model	A conceptual model where functions like data ordering and delivery guarantees are expected from the transport layer.	The lower layers of this model, such as the network layer, do not concern themselves with ordering or delivery guarantees.
recv()	A method used on TCP sockets to read data from the endless ordered stream.	This method works similarly to the read() call used for files.
send()	A method used on TCP sockets to write data to the endless ordered stream.	This method works similarly to the write() call used for files.
close()	A method used to terminate a socket connection.	It is one of the basic methods involved in socket management.
bind / listen / connect	Methods used to call the equivalent of open() depending on whether the socket is used as a server or a client.	bind and listen are used for server sockets, while connect is used for client sockets.
SSL/TLS context	A structure or object that holds the necessary configuration, including certificates and keys, for securing a socket.	This context must be created and the socket wrapped in it before establishing a secure connection.

Week 3

Term/Acronym	Simple Definition	Context/Usage
3DES (Triple DES)	An encryption algorithm that uses DES to encrypt each block three times, typically with different keys, to compensate for the short key length of DES.	Widely used in banking networks, and was used in ECB mode for encrypting Adobe passwords; uses a 64-bit block size and a 168-bit key.
A5	A specific stream cipher algorithm.	Used to encipher GSM mobile phone traffic.
AddKey	An operation in the Rijndael/AES round function that bitwise XORs the state with the round key.	It is the only operation in Rijndael that depends on the secret key shared by the communication partners.
Adaptively-chosen-ciphertext attack (CCA)	An attack where the adversary can choose ciphertexts, obtain the corresponding plaintexts (via a decryption device), and perform analysis iteratively.	CCA is a more powerful attack model than CPA, which must be resisted by highly secure systems.
Adaptively-chosen-plaintext attack	An attack where the adversary obtains plaintext–ciphertext pairs, performs analysis, and subsequently gets more pairs repeatedly.	This attack assumes the adversary has lengthy or repeated access to the encrypting device.
Advanced Encryption Standard (AES)	A modern symmetric block cipher standard (also known as Rijndael) used by the US government, featuring a 128-bit block length and key sizes of 128, 192, or 256 bits.	It is often recommended as the modern standard block cipher for general use.
Alice	The assumed sender of a message in cryptographic communication scenarios.	Used generally in cryptography when discussing protocols involving two parties and an eavesdropper.
Asymmetric key cryptography (Public key)	A system utilizing two mathematically related keys—a public key for encryption and a private key for decryption—to resolve the issue of key exchange.	It forms the basis of many modern secure communication methods like SSL and TLS.
Authentication (Data Origin)	The goal of verifying the origin of a message, ensuring it was legitimately sent by the expected party.	Achieved using mechanisms like Message Authentication Codes (MACs) and Digital Signatures.
Autokeying	A technique where principals update a shared key by hashing it with the messages they exchange periodically.	Used to provide forward security, ensuring that if a key is compromised, security is recovered after exchanging a message the attacker doesn’t observe.
Avalanche effect	A desirable consequence of diffusion in block ciphers, where changing one input bit should, on average, cause half of the output bits to change.	Indicates that data diffuse completely through the cipher, making linear and differential attacks harder.
Backward security	The property that ensures if a current key is compromised, previous traffic remains secure.	Achieved through key updating mechanisms, where old keys cannot be recovered from new ones.
Biclique attack	The best known computational attack against the Advanced Encryption Standard (AES).	The attack complexity on AES-128 is approximately $2^{126.1}$.
Bit	The fundamental unit for measuring information, corresponding to the answer to a yes or no question.	Used for specifying the key length and block length of ciphers and the output length of hash functions.
Bit rate (r)	A parameter of the sponge construction defining the length of the input or output pieces processed iteratively.	Closely related to the performance of the resulting hash function.
Bitwise XOR ($\oplus$)	The binary exclusive-or operator used bitwise, often denoted by $\oplus$.	Used in stream ciphers like the One-Time Pad, and in block cipher modes like CBC and CTR.
Blind signatures	A method of generating a signature on a message without the signer knowing the contents of the message.	Used in applications like creating anonymous digital cash payment tokens.
Block cipher	A symmetric-key encryption scheme that processes plaintext in predetermined chunks of fixed length ($n$ bits), called blocks.	Most modern encryption algorithms are block ciphers, which are modeled theoretically as Pseudorandom Permutations (PRPs).
Block cipher modes of operation	Methods used to extend a fixed-size block cipher to process messages of arbitrary length.	Standard examples include ECB, CBC, and CTR modes.
Block length (n)	The fixed binary length of the plaintext blocks processed by a block cipher.	Typical lengths are 64 bits (DES) or 128 bits (AES).
Blowfish	A well-known symmetric block cipher algorithm.	An alternative design to DES and AES.
Bob	The assumed receiver of a message in cryptographic communication scenarios.	Used generally in cryptography when discussing protocols involving two communicating parties.
Brute force attack	A method of attack involving checking all possible keys until a plaintext that makes sense is found.	Demonstrates that the keyspace of a cipher must be large enough to make this approach infeasible.
Caesar cipher	A classic ancient encryption method said to have been used by Julius Caesar, based on shifting each letter of the plaintext by a fixed offset.	It is a simple substitution cipher that is vulnerable to frequency analysis.
Capacity (c)	A parameter of the sponge construction defining the bits of the internal state that are not directly affected by input/output operations.	Closely related to the security level of the resulting hash function.
CAST5	A well-known symmetric block cipher algorithm.	Used as an alternative block cipher.
Certificate authority (CA)	A trusted entity that handles digital certificates, typically by signing a user’s public key and identifying information.	VeriSign is one well-known CA.
Certificates (Digital certificates)	Constructs that link a public key to a particular individual, often used as a form of electronic identification.	Signed by a Certificate Authority (CA) to establish the legitimacy of a public key.
Certificational attack	A scientific cryptanalytic attack that requires infeasibly large numbers of texts or computational power, primarily serving to prove theoretical insecurity rather than enabling practical exploitation.	Such attacks can undermine confidence in a system even if they pose no immediate engineering threat.
Challenge-and-response protocol	A protocol where one party (Bob) sends a random challenge, which the other party (Alice) must sign using a secret key, proving their identity without revealing the key.	Used for purposes such as user identification and access control.
Channel	The medium (e.g., wires, radio frequencies) used to transmit the signal from the transmitter to the receiver.	Has a defined capacity for transmitting information.
Chosen Ciphertext Attack (CCA)	An attack model where the adversary may query a decryption oracle, choosing ciphertexts and obtaining the corresponding plaintexts.	A stronger attack model than CPA.
Chosen-key attacks	Attacks that hash functions must withstand, necessary because of fixed-point vulnerabilities in the underlying block cipher design.	If a hash function relies on a block cipher, that cipher must be secure against these attacks.
Chosen-Plaintext Attack (CPA)	An attack where the adversary has the ability to choose plaintexts and obtain the corresponding ciphertexts under the target key.	This model is relevant when an attacker can feed data into an encrypting device.
Chosen plaintext/ciphertext attack	An attack where the opponent is allowed to make queries of either plaintext (getting ciphertext) or ciphertext (getting plaintext).	This model is relevant for a “lunchtime attacker” who gains temporary access to cryptographic equipment.
Cipher Block Chaining (CBC) mode	A block cipher mode that XORs the previous ciphertext block (or IV for the first block) with the current plaintext block before encryption.	This mode ensures that the encryption of each block depends on all preceding blocks, disguising patterns in the plaintext.
Cipher Feedback (CFB) mode	A block cipher mode that turns the block cipher into a stream cipher, encrypting the last $n$ bits of ciphertext to generate a keystream block.	Designed to be self-synchronizing, meaning it can recover synchronization after a short burst error.
Ciphertext	The encrypted form of the plaintext message.	Transmitted over an insecure communication channel to Bob.
Ciphertext indistinguishability	A concept meaning that an adversary cannot distinguish between two plaintexts with better than a negligible chance greater than 1/2.	This is the computational analogy to perfect secrecy.
Ciphertext-Only Attack (COA)	An attack where the adversary obtains only the ciphertexts that result from the encryption scheme.	An encryption method that cannot resist a COA is considered completely insecure.
Cleartext	Unencrypted data or the original message to be transmitted.	Also commonly referred to as plaintext.
CMAC	A standardized MAC (Message Authentication Code) that uses a variant of the key XORed in before the last encryption.	Developed to securely handle messages of variable length, unlike basic CBC-MAC.
Collision	Occurs when two distinct inputs ($M_1\ne M_2$) hash to the same output ($h(M_1)=h(M_2)$).	While theoretically they must exist for hash functions, collision resistance dictates they cannot be found efficiently.
Collision resistance (CR)	The strong property of a cryptographic hash function meaning it is computationally infeasible to find any pair of distinct messages that hash to the same value.	Required when hash functions are used with digital signatures to prevent message forgery.
Commitment	A cryptographic scheme where a party computes and publicly submits a hash of a value ($C(x)=h(x)$) to commit to that value before revealing it later.	Used in sealed-bid auctions to ensure bids are fixed and secret initially.
Computational complexity	The amount of resources (time, memory) required to execute an algorithm, often measured by polynomial running time.	Used in modern security proofs where only attacks feasible in practice are considered.
Computational secrecy	A security concept where the plaintext and ciphertext are computationally independent “from the point of view of a computationally limited adversary.”	It is the achievable security goal of modern cryptography, unlike perfect secrecy.
Computationally bounded adversary	An attacker whose computational power is limited, typically modeled as running in polynomial time on a probabilistic Turing Machine.	This limitation is the starting point for modern cryptography, replacing the assumption of infinite resources.
Compression function ($f$)	A component function in the Merkle-Damgård construction that maps messages of a fixed, longer length ($n+r$) to messages of a fixed, shorter length ($n$).	The construction relies on this function being collision resistant.
Confusion	A cryptographic design principle aimed at making the relationship between the secret key and the ciphertext as complex and indirect as possible.	Provided primarily by non-linear elements like Substitution Boxes (S-boxes).
Continuous system	A communication system where the message and signal are treated as continuous functions.	Examples include radio and television.
Counter Mode (CTR)	A block cipher mode that turns the block cipher into an additive stream cipher by encrypting a counter (or incrementing IV) to generate a keystream.	A major advantage of this mode is its high parallelizability for high-speed applications.
Cryptanalysis	The science of breaking through the encryption used to create the ciphertext or studying attacks against cryptographic schemes.	Subsumed, along with cryptography, under the general term cryptology.
Cryptographic algorithm	The specifics of the process used to encrypt the plaintext or decrypt the ciphertext.	These algorithms typically require one or multiple keys.
Cryptographic primitives	Basic building blocks used for solving problems involving secrecy, authentication, or data integrity.	Examples include encryption/decryption algorithms, hash functions, and pseudorandom generators.
Cryptography	The science (and art) of keeping information secure, typically focused on confidentiality and data integrity (through hashing).	It is considered the key enabling technology for protecting distributed systems.
Cryptology	The overarching field of study that covers both cryptography (designing ciphers) and cryptanalysis (breaking them).	Often shortened to “crypto.”
Cryptosystem	A concept that covers a given cryptographic algorithm and all possible keys, plaintexts, and ciphertexts.	Used as a comprehensive term for the entire encryption scheme.
Cut and splice attack	An attack in ECB mode where an opponent can combine parts of two different ciphertexts to produce a seemingly genuine but unauthorized message.	Occurs because identical plaintext blocks encrypt to identical ciphertext blocks.
Data at rest	Data that is stored on a storage device (e.g., hard drives, backup tapes) and is not actively moving over a network.	Protecting this data often requires full disk encryption.
Data integrity	The objective that the receiver of a message should be able to check whether the message was modified during transmission.	Achieved using hash functions or Message Authentication Codes (MACs).
Data in motion	Data that is moving over a network (LAN, WAN, Internet, etc.).	Protecting this data is vital for secure transactions over the Internet and often relies on protocols like SSL/TLS.
Decryption	The process of recovering the plaintext message from the ciphertext.	Performed using the corresponding key and the decryption algorithm ($Dec$).
Decryption function ($D_k$)	The inverse function of the encryption function ($E_k^{-1}$) used to recover the plaintext $m$.	It is assumed that efficient algorithms exist to compute this function.
DES (Data Encryption Standard)	A symmetric block cipher developed in the 1970s, featuring a 56-bit key and a 64-bit block size.	Though once considered secure, its short key length makes it highly vulnerable to exhaustive key search attacks today.
Destination	The person or thing for whom the message is intended in a communication system.	One of the five essential parts of a communication system according to Shannon.
Deterministic signature	A signature scheme where computing a signature on a message will always give the same result.	Contrasts with a randomized signature scheme.
Differential Cryptanalysis	A cryptanalytic attack based on the probability that a given change in the input to an S-box will give rise to a certain change in the output.	This technique, discovered by Biham and Shamir, was used to break DES.
Diffie-Hellman	The first published public key encryption scheme (1976), which establishes a shared secret key ($g^{x_A{x}_B}$ mod $p$) between two parties over an insecure channel.	Used for key establishment.
Diffusion	A cryptographic design principle aimed at spreading the influence of the plaintext widely throughout the ciphertext, causing the avalanche effect.	Achieved primarily through linear transformations or permutation circuits (P-boxes).
Digram / Digraph	A letter pair.	Statistics on digraphs (letter pairs) are collected to break ciphers like Playfair.
Digital cash	A system designed to allow anonymous payment tokens to customers.	Often relies on blind signature protocols.
Digital Signature Algorithm (DSA) / Digital Signature Standard (DSS)	A US standard digital signature scheme based on ElGamal and discrete logarithms.	It is a randomized digital signature scheme without message recovery.
Digital signature scheme	A special type of asymmetric cryptographic primitive allowing one party to sign a message using a private key and anyone to verify it using a public key.	Provides nonrepudiation and ensures message integrity.
Discrete logarithm	The exponent $x$ in the equation $y=g^x$ (mod $p$).	A mathematical problem used in many government asymmetric systems because computing it is infeasible for large random primes $p$.
Discrete system	A communication system where both the message and the signal are a sequence of discrete symbols.	A typical case is telegraphy.
Discrete transducer	A mathematical representation of the encoding and decoding operations performed by the transmitter and receiver.	Has a finite internal memory, or states.
Dual_EC_DRBG	A specific pseudorandom number generator (PRNG) that was found to have a kleptographic backdoor inserted by the NSA.	Highlights the need for cryptographic PRNGs to be thoroughly scrutinized.
ECC (Elliptic curve cryptography)	A class of cryptographic algorithms based on discrete logarithms on an elliptic curve.	Known for achieving high cryptographic strength with shorter keys, making it efficient for constrained devices like cell phones.
ECB (Electronic Codebook) mode	The most straightforward block cipher mode where each block of plaintext is encrypted independently with the key.	Highly insecure for encrypting long, redundant messages because identical plaintext blocks result in identical ciphertext blocks.
ElGamal	An asymmetric algorithm based on discrete logarithms, used for encryption and digital signatures.	The ElGamal signature scheme is used as the basis for the Digital Signature Algorithm (DSA).
Enc (Encryption algorithm)	The algorithm that transforms plaintext ($M$) into ciphertext ($C$) using a key ($K$).	It is assumed that efficient algorithms exist to compute this function.
Encryption	The transformation of unencrypted data (plaintext/cleartext) into its encrypted form (ciphertext).	A subset of cryptography focused specifically on this transformation.
Encryption function ($E_k$)	The bijective map $E_k:M\to C$ that encrypts plaintexts given a key $k$.	Used as a component of symmetric-key encryption schemes.
Enigma machine	A German-made cryptographic machine used to secure communications during World War II, based on a series of rotors.	An intricate mechanical example of ancient cryptography.
Entropy ($H$)	A measurement used as an information scale that quantifies the choice, uncertainty, or information generated by a source.	Used to define the theoretical limit for compression (relative entropy) and the strength of passwords.
Entropy power ($N_1$)	The power in a white noise limited to the same band as the original ensemble and having the same entropy.	Used in continuous channel capacity calculations; the capacity is bounded by bounds related to entropy power.
Ergodic sources	Sources corresponding to Markoff processes that are statistically homogeneous, meaning averages over a sequence approach the same limit regardless of the sequence.	This property allows time averages along a sequence to be identified with averages over the ensemble of possible sequences.
Eve	The assumed adversary or eavesdropper in cryptographic communication scenarios.	Assumed to monitor the communication channel and sometimes the end points.
Exhaustive key search	An attack technique, notably used against DES, where the key is recovered by testing all possible keys against known plaintext-ciphertext pairs.	The security of a system is limited by its key length and vulnerability to this attack.
Factorization	The process of finding the prime factors of a composite number.	It is a one-way problem forming the basis of RSA and other public-key encryption schemes.
Feistel cipher	An iterated block cipher structure where the input block is split into two halves and rounds alternate transformations between the halves.	The structure ensures that decryption is simple by reversing the round functions, even if the round function itself is not invertible.
Fermat’s (little) theorem	A mathematical theorem stating that for all primes $p$ not dividing $a$, $a^{p-1}\equiv 1$ (mod $p$).	Used as a basis for the RSA algorithm.
Fixed-point attack	A vulnerability where an attacker can find a key that leaves the input to the cipher unchanged after one or more rounds.	This type of attack prevents the underlying block cipher from being used in hash functions.
Flame malware	A sophisticated malicious software that utilized an MD5 collision.	Used MD5 collision to make its code appear as if it was signed by Microsoft.
Forgery attack	An attacker’s objective in which they attempt to deduce the answer to a query they haven’t already made.	One of the primary goals in attacking digital signatures or block ciphers.
Forward security	The property that ensures if a key is compromised, security will be recovered after the principals exchange a subsequent message which the attacker does not observe or guess.	Achieved through techniques like autokeying or Diffie-Hellman key exchange.
Frequency analysis	The technique used to break substitution ciphers by counting the frequency of each letter in the encrypted text and checking how far the pattern has shifted.	This was the weakness published by Al-Kindi that broke the Caesar cipher.
Full disk encryption	Commercial products designed to encrypt entire hard disks.	A critical defense for protecting data at rest on devices like laptops.
Fundamental theorem of arithmetic	A theorem stating that each natural number greater than 1 factors uniquely into prime numbers.	Forms the mathematical foundation for factoring-based cryptographic systems like RSA.
Galois Counter Mode (GCM)	An innovative, highly parallelizable composite mode of operation combining counter-mode encryption with Galois field multiplication for authentication tagging.	Designed for high throughput on fast data links with low cost and low latency.
Gaussian distribution	The distribution form that yields maximum entropy when the standard deviation is fixed.	White noise ensembles follow a Gaussian distribution.
Hash functions (Cryptographic)	Functions that map an arbitrary length input string (message) to a fixed-length output bit string (message digest or hash).	Used widely for password protection, checking file integrity, and digital signatures; they are the model for keyless cryptography.
Hash-then-decrypt paradigm	The approach to digital signatures where the message is hashed first, and then the hash value is signed by the decryption algorithm.	A common method used in schemes like RSA.
Hash value / Message digest	The fixed-length output string produced by a hash function.	This value acts as a compact, virtually unique “fingerprint” of the original message.
HMAC	The standard symmetric-key method for converting a cryptographic hash function into a Message Authentication Code (MAC) by applying the hash function twice with keyed padding.	Widely used in practice, including in the Transport Layer Security (TLS) protocol.
IDEA (International Data Encryption Algorithm)	A symmetric block cipher algorithm.	One of the finalists in the AES competition.
Identity-based cryptosystem	A system where the public key used for encryption is the user’s identity (name).	Requires a central authority to issue private keys corresponding to identities.
Impossible cryptanalysis	A variant of differential cryptanalysis that searches for differences that cannot happen or happen only rarely.	Used in attacks against specific cipher designs.
IND-CPA Security	A security concept meaning that a computationally bounded adversary cannot distinguish between a challenge ciphertext and a random guess better than random chance (probability > 0.5 + $ϵ$).	This rigorous definition of confidentiality is achieved by schemes like CBC and CTR modes when used properly.
Information	What allows one mind to influence another, based on the idea of communication as selection.	Can be measured using the concept of entropy.
Information Theory	A theory developed by Claude Shannon during World War II that introduced concepts such as entropy and the mathematical limits of communication.	Provides the formal basis for analyzing perfect secrecy.
Initialization Vector (IV)	A unique or random block of data used in modes like CBC and CTR, typically XORed into the first block of plaintext/counter.	It ensures that identical plaintexts result in distinct ciphertexts when encrypted with the same key.
IPsec (Internet Protocol Security)	A protocol used to secure a Virtual Private Network (VPN) connection.	One of the two main methods used at present for VPNs, often requiring complex hardware configuration.
Iterated cipher	A block cipher that is computed by iteratively applying a round function to the plaintext over many rounds.	Both DES and AES are iterated ciphers.
Jefferson Disk	A purely mechanical cryptographic machine composed of a series of marked, rotatable disks used for encryption.	A historical example of a substitution cipher.
JN-25 (Japanese Navy Code #25)	A Japanese military cipher used during World War II.	It was broken using a chosen-plaintext attack (CPA).
Keccak	A sponge function selected by NIST to become the new SHA-3 standard for cryptographic hash functions.	Uses a permutation function iteratively instead of the Merkle-Damgård construction.
Kerberos	A complex network authentication protocol often used as the basis for Single Sign-On (SSO) implementations.	Provides centralized login system functionality.
Kerckhoffs’ Principle	The tenet that a cryptographic system must remain secure even if the adversary knows all details about the algorithms and their implementation; security must rely entirely on the secret keys.	It represents the opposite approach to “security through obscurity.”
Key ($k$)	Secret information, roughly analogous to a password, used by cryptographic algorithms to encrypt or decrypt a message.	The primary basis for security in modern cryptography.
Key exchange	The process of securely distributing a single shared secret key between the sender and the receiver.	This problem, inherent in symmetric cryptography, is often solved using public-key encryption methods.
Key recovery attack	An attacker’s objective in which they attempt to recover the secret key from observations of the cipher.	One of the primary goals in cryptanalysis.
Key schedule algorithm	The process or algorithm used to derive the round keys from the master secret key.	Used in iterated ciphers like Rijndael/AES.
Key stream	A sequence of key characters or bits ($k_1{k}_2{k}_3...$) used in a stream cipher to encrypt the plaintext stream character by character (or bit by bit).	In modern ciphers, it is generated by a PRNG from a short seed.
Key updating	A mechanism where principals pass a shared key through a one-way hash function at agreed times ($K_i=h(K_{i-1})$).	Used to provide backward security by making previous keys inaccessible even if the current key is stolen.
Keyspace	The range of all possible values for the key.	The security of a cipher against brute force depends on the keyspace being sufficiently large.
Known-Plaintext Attack (KPA)	An attack where the adversary has the ability to obtain pairs of plaintexts and their corresponding ciphertexts, where the plaintexts are randomly selected.	Relevant because real messages are often sent in standard formats known to the adversary.
Length extension problem	A vulnerability of simple keyed hash constructions where an adversary can compute a valid MAC value for an extended message without knowing the secret key.	HMAC solves this problem by applying the hash function twice.
Linear cryptanalysis	A cryptanalytic attack that searches for algebraic relationships between input bits, output bits, and key bits that hold with a probability different from one half.	One of the theoretical attacks against block ciphers like DES.
Lucifer algorithm	A Feistel cipher algorithm developed by Feistel, which was a predecessor of the DES algorithm.	An early example of an iterated cipher structure.
Lunchtime attacker	An adversary who gets temporary, unmonitored access to some cryptographic equipment while its authorized user is absent.	Chosen plaintext/ciphertext attacks may be a worry when this threat model is assumed.
MAC (Message Authentication Code)	A symmetric key technique using a shared secret key to augment a message with a code that guarantees data integrity and message authentication.	MACs are the standard symmetric technique for integrity protection and authentication used in protocols like SSL/TLS.
MAC-then-encrypt	A method for establishing secure channels where the MAC tag is computed, appended to the message, and then the combined string is encrypted.	Used in SSL/TLS, but has been vulnerable to attacks like “Lucky Thirteen.”
Markoff processes	Mathematical models representing discrete stochastic processes (sources) where successive symbols are chosen according to probabilities dependent on preceding symbols.	They are used as the mathematical description of a discrete source of information.
MD4	An older version of the Message Digest hash function, proposed by Rivest.	It only had three rounds and is considered broken, with collisions found in 1998.
MD5 (Message-Digest Algorithm 5)	A version of the Message Digest hash function proposed by Rivest, with a 128-bit hash value.	Now considered broken due to attacks that efficiently compute collisions, making it unsuitable for stringent security requirements.
Message Authentication Codes (MDCs)	Another term for cryptographic hash functions.	Used because hash functions can be applied to control the integrity of a message (Modification Detection Codes).
Message recovery	A property of a signature scheme where anyone can recover the message on which the signature was generated simply by inputting the signature.	Sometimes desirable for short messages over low bandwidth channels.
Merkle-Damg̊ard’s construction	An iterative method used to design collision-resistant hash functions by reducing the problem to constructing a collision-resistant compression function.	The design basis for MD5, SHA-1, and the SHA-2 family.
Message digests	Another term for hash values or cryptographic hash functions.	Used widely in forensic applications and digital signature applications.
MixColumns	A transformation in the Rijndael/AES round function that operates on each column of the state matrix independently using matrix multiplication.	A key component ensuring diffusion in the cipher.
Mixed system	A communication system where both discrete and continuous variables appear.	PCM transmission of speech is an example of a mixed system.
Modulus (N)	The product of two large prime numbers ($N=pq$) used in the RSA algorithm.	Factoring the modulus is the computational problem upon which RSA security relies.
Monoalphabetic substitution	A generalized substitution cipher where a keyword is used to permute the alphabet.	The primary tool for cryptanalysis against this cipher is statistical frequency analysis.
Multiplicative homomorphism	A property of raw RSA where algebraic relations holding among plaintexts also hold among ciphertexts and signatures.	This vulnerability requires adding randomness and redundancy (padding) to the message before encryption.
NIST (National Institute of Standards and Technology)	A US government organization that sponsors competitions for cryptographic standards like AES and SHA-3.	They set the standards for cryptographic algorithms used by the US federal government.
NMAC	A construction method for Message Authentication Codes (MACs) using hash functions.	One of the methods mentioned for constructing MACs from hash functions.
Non-malleability (NM)	The property that, given $h(x)$, it is infeasible to produce $h(x^{\prime })$ where $x$ and $x^{\prime }$ are related in some fashion (e.g., $x^{\prime }=x+1$).	Essential for cryptographic commitment schemes, like auctions, to prevent subtle bid manipulation.
Nonrepudiation	The assurance that the sender of a message cannot later deny that they sent it.	A key guarantee provided by digital signatures.
Nonce	A number or value that is used only once.	Used as a seed in algorithmic keystream generators to ensure a different keystream is generated for each use of the key.
One-Time Pad (OTP) / Vernam’s one-time pad	A stream cipher that uses a key sequence as long as the plaintext, which is truly random and never repeated, encrypted via bitwise XOR.	It is the only known system offering perfect secrecy, proven by Claude Shannon.
One-way function	A function that is easy to compute in one direction (input to output) but computationally infeasible to invert (output to input).	Hash functions are modeled as one-way functions, and they form the basis of public-key cryptography.
One-way homomorphism	The mathematical property of discrete exponentiation ($f(x)\to g^x$ mod $p$), which is a one-way function that preserves multiplication.	Used to construct digital signature and public key encryption algorithms based on discrete logarithms.
One-wayness (OW) / Pre-image resistance	The property that given a hash value $y$, it is computationally infeasible to find the original input message $x$ such that $h(x)=y$.	This is a basic security requirement for password storage.
OpenSSL	A well-known software library used for cryptographic operations.	Mentioned as having had a flawed PRNG implementation on Debian GNU/Linux which made cryptographic keys vulnerable.
Optimal asymmetric encryption padding (OAEP)	A common real-world solution that adds randomness and redundancy using a hash function in a two-round Feistel structure before RSA encryption.	Used to mitigate algebraic attacks and low-exponent vulnerabilities in raw RSA.
Output Feedback (OFB) mode	A block cipher mode that repeatedly encrypts an Initialization Vector (IV) and uses the output stream as a keystream.	A standard way of turning a block cipher into an additive stream cipher.
Perfect Secrecy	A theoretical security concept meaning the adversary learns no additional information about the plaintext after observing the ciphertext, even if they have infinite computational resources.	Only achieved by the One-Time Pad, proving that the key length must be at least as long as the message.
PGP (Pretty Good Privacy)	One of the first strong encryption tools designed for securing messages and files, originally symmetric.	Its release caused controversy as it was regulated as a munition under US law.
PKCS #1	A Public-Key Cryptography Standard describing OAEP (Optimal Asymmetric Encryption Padding).	Published by RSA Data Security.
PKCS #7	A Public-Key Cryptography Standard describing simple mechanisms for signing a message digest.	One of the standard specifications for digital signatures.
PKI (Public key infrastructure)	The infrastructure put in place to handle digital certificates on a large scale.	Generally composed of Certificate Authorities (CAs) and Registration Authorities (RAs).
Plaintext	Unencrypted data or the original message to be transmitted.	The message $m$ that is input to the encryption algorithm.
Playfair system	A well-known early block cipher that enciphers data two letters at a time using a keyword permuted 5x5 grid.	Used as a field cipher by the British army in World War 1.
Polynomial-time indistinguishability	A term synonymous with ciphertext indistinguishability or semantic security.	It means an attacker’s chance of guessing correctly is negligibly greater than $1/2$.
Postscript documents	A specific document format for which researchers successfully produced two distinct instances that hashed to the same MD5 value.	Used to demonstrate that the collision resistance of MD5 was practically broken.
Preimage	The corresponding input $x$ for a given hash value $h(x)$.	Finding the preimage is computationally infeasible for a one-way hash function.
Private key	The secret key in asymmetric cryptography used by the receiver for decryption.	Must be carefully guarded by the owner.
Probabilistic algorithms	Algorithms that may toss a coin or use random sources to direct control flow.	Used to model the behavior of realistic attackers (computationally bounded adversaries).
Probabilistic encryption	Formal models developed to add randomness to the encryption process.	Used to achieve higher levels of security like semantic security.
Probabilistic signature scheme (PSS)	A signature scheme that modifies the hash value by pseudorandom sequences, turning signing into a probabilistic procedure.	A sophisticated signature scheme requiring more steps than simple hash-then-decrypt.
PRG (Pseudorandom generator)	An efficient deterministic algorithm that takes a short random seed and stretches it into a much longer, computationally indistinguishable random output (keystream).	Used as the theoretical model for stream ciphers and to make the One-Time Pad practical.
Prime numbers	Positive whole numbers with no proper divisors (other than 1 and the number itself).	The foundation of factorization and discrete logarithm problems.
PRP (Pseudorandom permutation)	A keyed function that is efficient to evaluate and invert (one-to-one), and is computationally indistinguishable from a truly random permutation.	Used as the theoretical model for block ciphers like AES.
PRNG (Pseudorandom number generator)	A mechanism used to stretch a short, random input seed into a long, pseudo-random output.	Used to make stream ciphers practical by supplying a key stream that is computationally indistinguishable from truly random.
Public key	The encryption key in asymmetric cryptography that is shared openly with everyone.	Used by the sender to encrypt data for the receiver.
Public-key one-time pads	A construction similar to Vernam’s OTP but using a pseudorandom bit sequence generated from a short truly random seed via a one-way function.	Proven to be ciphertext-indistinguishable under the assumption that the underlying function is one-way.
RACE	A cryptographic hash algorithm.	One of the many alternatives to the MD and SHA families.
Random function	An ideal function that accepts input of any length and outputs a random string of fixed length.	It serves as the theoretical model (random oracle) for cryptographic hash functions.
Random permutation	A function that is invertible, with fixed input/output size, where the key corresponds to a single permutation chosen independently from all others.	Serves as the theoretical model (random oracle) for block ciphers.
Randomized signature	A signature scheme where computing a signature on a message gives a different result each time.	Models the inherent variability of handwritten signatures.
Random oracle	A conceptual model where a cipher’s outputs are indistinguishable from a truly random function of a certain type, given resource limitations.	Used by cryptologists to formalize the idea of a “good” cipher.
RAs (Registration authorities)	Components of a Public Key Infrastructure (PKI) that verify the identity of the individual associated with a certificate.	Work alongside Certificate Authorities (CAs).
RC4, RC6	RC4 is a symmetric stream cipher; RC6 is a symmetric block cipher.	RC6 was one of the finalists in the AES competition.
Receiver	The component of a communication system that performs the inverse operation of the transmitter, reconstructing the message.	Bob is the designated receiver in most communication scenarios.
Redundancy	One minus the relative entropy of a source; determined by the statistical structure of a language.	In ordinary English, it is roughly 50%, meaning half of what is written is determined by the language structure.
Related key attack	An attack where the opponent can make queries answered using keys related to the target key $K$ (e.g., $K+1$).	A major concern when a block cipher is used as a building block in hash function construction.
Relative entropy	The ratio of the entropy of a source to the maximum value it could have while restricted to the same symbols.	It measures the maximum possible compression when encoding into the same alphabet.
Replay attacks	Attacks where an adversary observes a valid message authentication tag or signature and retransmits it later.	MACs typically do not protect against replay attacks, requiring higher-level application solutions like time-stamps.
Rijndael cipher	The encryption algorithm designed by Daemen and Rijmen that was selected as the winner of the AES competition.	It is an iterated block cipher that supports different block and key sizes.
RIPEMD-160	A cryptographic hash function producing a 160-bit output.	It belongs to the MD4 family of hash functions.
Rotor	A series of wheels with letters and electrical contacts, used in cryptographic machines like the Enigma.	The configuration of the rotors determined the encryption key.
ROT13 cipher	A modern variation of the Caesar cipher that moves each letter 13 places forward.	Applying ROT13 encryption twice results in decryption.
Round function	The core of an iterated block cipher that applies transformations and mixes in the round key to produce the input for the next round.	The design of this function is critical to a block cipher’s security.
Round key ($k_i$)	The key material used in each major step (round) of an iterated block cipher, derived from the main key.	In DES, 16 round keys of 48 bits each are used.
RSA algorithm	An asymmetric algorithm widely used in protocols like SSL, named after its inventors Rivest, Shamir, and Adleman.	Its security relies on the hardness of factoring the large composite modulus $N$.
S-boxes (Substitution boxes)	Non-linear components in block ciphers that substitute input bits with output bits based on a lookup table or non-linear function.	They are essential for providing confusion in SP-networks.
Second pre-image resistant	The property that, given a specific message $m$, it is computationally hard to find a distinct message $m^{\prime }\ne m$ such that $H(m)=H(m^{\prime })$.	Required for detecting file modification by an adversary.
Secure Hash Algorithm (SHA)	A family of cryptographic hash functions that succeeded the MD family.	Versions include SHA-1, SHA-2, and the current recommended version, SHA-3.
Security through obscurity	The idea that a system is kept secure primarily because its design details are kept secret.	Directly opposed by Kerckhoffs’ principle.
Seed (s)	A short, truly random input that is stretched by a PRNG into a much longer key stream.	Acts as the secret key for PRNG-based stream ciphers.
Self-synchronizing	A property of certain cipher modes (like CBC and CFB) where decryption can recover the correct plaintext after a loss or error in the ciphertext stream.	Allows the system to return to normal operation after a short time.
Semantic security	A strong definition of security where an attacker cannot gain any information about a plaintext $M$ from its ciphertext $C$.	Synonymous with ciphertext indistinguishability or polynomial-time indistinguishability.
Serpent	A 128-bit block cipher that was an unsuccessful finalist in the AES competition.	An SP-network using 32 rounds designed for efficient software implementation.
SHA-1	A version of the Secure Hash Algorithm, featuring a 160-bit hash value.	Although computationally broken (collisions found efficiently), it is still sometimes used.
SHA-2 family	A family of hash functions (e.g., SHA-256, SHA-512) that produces extended block-size outputs.	Based on the Merkle-Damgård construction.
SHA-3	The current recommended version of the Secure Hash Algorithm, based on the Keccak sponge construction.	Selected by NIST in an open competition.
Shannon Entropy	A specific concept from Information Theory used to measure the amount of information, choice, or uncertainty for a set of probabilities.	Used to define the formal meaning of perfect secrecy.
Shared-key cryptography	A term synonymous with symmetric key or private key cryptography.	Uses a single key for both encryption and decryption.
Shift Cipher	A simple cipher, historically used by Julius Caesar, that shifts each letter by a fixed number of positions in the alphabet.	The simplest example of a substitution cipher.
ShiftRows	A transformation in the Rijndael/AES round function that performs a cyclic left shift of the rows of the state matrix.	Provides diffusion in the cipher.
Signature	The output of a digital signature function (${\text{Sig}}_{\sigma R}(M)$).	Consists of values generated using the signer’s private key.
Signature key	The private key used by a party to create a digital signature.	Must be kept secret.
Signature verification key	The public key used by any party to check if a digital signature is valid.	Often distributed via certificates.
Single sign-on (SSO)	A system allowing access to a set of associated applications or systems through a centralized login system.	Kerberos is commonly used as the basis for SSO implementations.
S-boxes (SRD)	The specific substitution function used in the AES/Rijndael algorithm.	It is the only non-linear transformation in Rijndael.
Sponge construction	A method of building hash functions, used by Keccak/SHA-3, that iteratively applies a permutation to an internal state.	A departure from the Merkle-Damgård construction.
SP-networks (Substitution-Permutation networks)	Block ciphers built by combining substitution (S-box) and permutation (P-box) circuits repeatedly.	The basic structure used to build strong ciphers like Serpent and AES.
SSH protocol (Secure Shell)	A protocol often used to secure communications between two machines, typically on port 22.	It can provide security for terminal connections, file transfers, and VPNs.
State	The intermediate result block on which the round function of an iterated block cipher (like Rijndael) operates.	Considered a 4-row matrix of bytes during AES computation.
Stochastic process	A model of a system that produces a sequence of symbols governed by a set of probabilities.	Used to represent a discrete source of information.
Stream cipher	A symmetric-key encryption scheme that encrypts a stream of plaintext characters or bits character by character.	Modeled theoretically as Pseudorandom Generators (PRGs).
STU-III	A secure telephone used by the US government and defense contractors.	It uses a crypto ignition key for identification and clearance verification.
Substitution cipher	A cipher where one letter is substituted for another in a consistent fashion, such as the Caesar cipher.	Historical examples are highly vulnerable to statistical frequency analysis.
SubBytes	The step in the Rijndael/AES round function that performs the only non-linear transformation by substituting bytes using the S-box.	Essential for providing confusion in the algorithm.
Symmetric key cryptography	A cryptographic system (also known as private key or shared-key) that utilizes a single key for both encryption and decryption.	It is generally faster than asymmetric cryptography for encrypting large amounts of data.
Tag ($t$)	The fixed-length output of the tagging algorithm in a MAC scheme.	Sent along with the message to allow the receiver to verify authenticity and integrity.
Target Collision Resistance (TCR)	A weaker form of collision resistance meaning that, given a specific message $x$, it is infeasible to find a distinct message $x^{\prime }\ne x$ such that $h(x^{\prime })=h(x)$.	Needed for file modification detection, ensuring an attacker cannot generate an innocuous $x^{\prime }$ to replace a given $x$.
Test key	A hash value or MAC derived by adding together code groups from a code book.	An early example of a one-way function used by banks for message authentication.
Threshold crypto	A mechanism allowing a signing or decryption key to be split among $n$ principals so that any $k$ out of $n$ can collectively perform the operation.	Used to implement business rules requiring multi-party authorization.
TLS (Transport Layer Security)	A protocol for securing traffic (e.g., Web, e-mail) that is based heavily on SSL.	Used in conjunction with cryptographic hashes and MACs.
Total exhaust time	The time required to find a key using brute force by trying all $2^n$ possible keys.	Often used alongside average solution time ($2^n/2$) when analyzing keysearch feasibility.
Trapdoor	The secret information (the private key) needed to reverse a trapdoor one-way permutation.	Allows the key owner to perform the difficult decryption operation.
Trapdoor one-way permutation	A computational process that anyone can perform easily (encryption), but which can only be reversed (decrypted) by someone who knows a secret key (the trapdoor).	The model used for public-key encryption algorithms.
Transmitter	The component of a communication system that operates on the message to produce a signal suitable for transmission over the channel.	One of the five essential parts of a communication system according to Shannon.
TrueCrypt, BitLocker, dm-crypt	Examples of commercial or open-source software used for full disk encryption.	Used to protect data at rest.
Turing Machines	A theoretical computational model used to define the limits of real-life computation.	Probabilistic Turing Machines define the capabilities of a computationally bounded adversary.
Twofish, Serpent, Blowfish	Symmetric block cipher algorithms.	They were finalists in the competition for the Advanced Encryption Standard (AES).
Unconditional security (Statistical security)	Security that is provably independent of the opponent’s computational power or future advances in mathematics.	Only achieved by Vernam’s One-Time Pad (perfect secrecy).
Universal hash function	A type of hash function from the theory of unconditionally-secure authentication codes.	Used in the Galois Counter Mode (GCM) for tag computation.
VeriSign	A well-known Certificate Authority (CA).	Used to issue and verify digital certificates.
Vigenère (polyalphabetic substitution cipher)	An early stream cipher that works by adding a repeating key (running key) repeatedly into the plaintext modulo 26.	It was broken by Kasiski, who exploited repeated patterns in the ciphertext.
VPN (Virtual private network)	A connection that encrypts all network traffic, providing a secure connection between two systems, often over an insecure network.	Main types include IPsec VPNs and SSL VPNs.
Vrfy (Verification algorithm)	The algorithm in a MAC scheme that takes the key, message, and tag as input and outputs whether the tag is valid (true or false).	Satisfies the correctness condition $vrf{y}_k(m,ta{g}_k(m))=\text{true}$.
Whitening (DESX)	A technique to increase resistance to keysearch by XORing the plaintext with a whitening key before encryption and the ciphertext with another whitening key afterwards.	Used in applications like the Win2K encrypting file system.
X.509 signing certificates	Digital documents whose forgery was accomplished by researchers using MD5 collisions.	This demonstrated the practical insecurity of MD5 for use with digital signatures.
XEX-based Tweaked CodeBook (TCB) mode	A specific block cipher mode of operation.	Included in the set of modes supported by the Advanced Encryption Standard (AES).

Week 4

Term/Acronym	Simple Definition	Context/Usage
Authentication	The set of methods used to establish whether a claim of identity is true.	Verifies to a server or machine that “you are who you say you are,” usually preceding authorization.
Identification	The simple assertion or claim of what someone or something is, without involving verification or validation of that claim.	Used in payment card transactions when swiping the magnetic strip on the card.
Identity Verification	A superficial validation of identity that is a step beyond identification but remains short of formal authentication.	This is generally the purpose when a person is asked to show documents like a driver’s license or birth certificate.
Authorization	A separate task from authentication that determines what the authenticated party is permitted to do.	Authentication needs to take place first before authorization is determined.
Multifactor Authentication (MFA)	An authentication scheme that uses one or more of the authentication factors (e.g., something you know, something you have).	Recommended where security is a concern, such as online banking, although increased security layers can hinder productivity.
Two-Factor Authentication (2FA)	A specific subset of multifactor authentication where only two factors are employed.	Using an ATM card (something you have) and a PIN (something you know) is a common example.
PIN (Personal Identification Number)	A common authentication factor representing “something you know” that a person can remember.	Entering the PIN completes the authentication portion of a payment card transaction.
Biometrics	An authentication factor based on the relatively unique physical attributes of an individual, also referred to as “something you are”.	More complex identifiers commonly used include fingerprints, iris or retina patterns, or facial characteristics.
Mutual Authentication	An authentication mechanism in which both the client and the server authenticate each other.	It is implemented to prevent impersonation attacks, such as man-in-the-middle attacks, and is often achieved through digital certificates.
One-Time Password (OTP)	A password generated by a device or app that is only intended to be used a single time.	Used in online banking systems where a device produces a unique code after a card and PIN are entered.
HOTP (Hash-Based One-Time Password)	A system where the OTP is generated by calculating the HMAC of a secret key (S) and an incrementing counter (C).	Requires that both the device generating the password and the server be synchronized on the same counter number.
TOTP (Time-Based One-Time Password)	An extension of HOTP that replaces the incrementing counter with the current time, often rounded to the nearest 30 seconds.	This helps prevent issues caused by devices potentially falling out of sync with the server, as used by Google Authenticator.
HMAC (Hash-based Message Authentication Code)	A function used in HOTP/TOTP protocols that combines a secret key and a message (counter or time) to generate a hash.	The server and the generating device use the shared secret key with the current counter or time to generate the same one-off hash.
Hashing	Converting a plaintext password into a non-reversible summary or “gibberish” using a One Way Pseudorandom Function.	Used to protect passwords against database leaks by storing the hash instead of the plaintext password.
Salt	A unique, random string of characters generated for each user and combined with the password before hashing.	This technique defeats rainbow table attacks and prevents the same password used by different users from producing identical hashes.
Rainbow Tables	Precomputed reverse-lookup tables that trade computation time for storage space, allowing attackers to look up a hash to find the corresponding plaintext password.	Highly effective against unsalted hashes like MD5 or SHA-1, but rendered impractical by the use of unique salt for each user.
Brute Force Cracking	An attack method involving trying every possible combination of characters in sequence until the correct password is found.	This attack is effective against short passwords (e.g., 6 characters or less), but becomes impractical for long passwords with large character sets.
Dictionary Attack	A cracking strategy that attempts to guess passwords by going through lists of commonly used words, names, or popular passwords, often manipulating them with rules.	This is much more effective than brute force for cracking long passwords (passphrases).
Encryption	A two-way process using a key to lock data that can later be unlocked/decrypted.	Storing passwords using encryption is fundamentally flawed because if the encryption key is stolen, the passwords become visible.
MD5	A basic, fast hashing algorithm that is considered highly insecure and should not be used for password storage.	Rainbow tables can crack MD5 hashes in a few seconds, with specialized hardware achieving hashing rates of 40 billion per second.
SHA-1	An older standard hash algorithm that is inappropriate for back-end password storage.	The unsalted version was used in the 2012 LinkedIn breach, where 90% of the passwords were decrypted in 72 hours.
SHA-512	A robust hash function that takes longer for a GPU to process than MD5/SHA-1, increasing cracking time.	Recommended as a replacement for older, faster hashes, although by itself it makes for a poor password hash function.
bcrypt, PBKDF2, scrypt, Argon2	Hash functions specifically built for password hashing that use slow, CPU-intensive mechanisms and adjustable work parameters.	These “slow hashes” are necessary because their inefficiency dramatically increases the time and resources needed for dictionary attacks.
Password Entropy	The amount of information held within a password.	Low entropy indicates a small search space, meaning the password is at high risk of being cracked quickly.
Social Engineering	A technique that relies on manipulating people’s willingness to help others to achieve a security compromise.	This tactic was the initial method of gaining ingress to the corporate environment during the 2011 RSA breach.
Phishing	A specific social engineering technique primarily employed through electronic communications (email, text) to entice a victim to click a link or open an attachment.	Leads victims to fake sites that imitate legitimate ones (like banks) to steal credentials or install malware.
Spear Phishing	A targeted phishing attack against a specific company, organization, or person that requires advanced reconnaissance to appear legitimate.	The email is carefully constructed with proper logos and language, often appearing to come from a trusted source like HR or a manager.
Pretexting	A social engineering technique where the attacker assumes a fake identity (e.g., manager or co-worker) to create a believable scenario designed to elicit sensitive information.	The attacker “drops names” or provides organizational details to gain the victim’s trust.
Tailgating (Piggybacking)	The physical act of following someone through an access control point (like a secure door) without possessing the proper credentials.	This is an endemic problem in locations with technical access controls, often successful because people desire to avoid confrontation.
Man-in-the-Middle Attack (MITM)	An impersonation attack where the attacker inserts himself between the client and the server, impersonating both parties to the other.	This attack can be carried out by placing a “skimmer” over a normal ATM to intercept information.
Replay Attack	A classic attack where a legitimate transaction is captured and attempted to be repeated later.	One-time passwords (OTPs) and transaction devices are used by banks to stop the replay attack and time-of-check time-of-use issues.
IDN Homographic Attack	A method used in phishing/certificate attacks that employs international characters to create domain names that look deceptively similar to legitimate ones.	This attack relies on confusing the user about the true domain name, although many modern browsers alert to such issues.
Enrollment (Biometrics)	The process of recording the chosen biometric characteristic from the user and storing the characteristic in the system for later matching.	Processing during enrollment may include noting certain parts of the image, depending on the characteristic in question.
FAR (False Acceptance Rate)	A performance metric that occurs when the biometric system accepts a user whom it should actually have rejected (a false positive).	The FAR is typically balanced against the FRR to achieve the Equal Error Rate.
FRR (False Rejection Rate)	A performance metric that occurs when the biometric system rejects a legitimate user who should have been accepted (a false negative).	Systems try to balance the FRR with the FAR, as excess of either is undesirable.
EER (Equal Error Rate)	The balance point where the FAR and FRR intersect on a graph.	This measure is sometimes used to judge the overall accuracy of a biometric system.
Circumvention (Biometrics)	Describes the ease with which a biometric system can be fooled by a falsified biometric identifier.	The “gummy finger” attack, where a mold of a fingerprint is created using gelatin, is a classic example of this attack.
Hardware Token	A small, purpose-built physical device, often credit card or keychain fob shaped, used to aid authentication.	Many contain an internal clock and unique identifier to generate a regularly changing code, often every 30 seconds.
VPN (Virtual Private Network)	A technical solution that allows secure access to the corporate network, even when the device is on a foreign network.	The VPN client can be configured to automatically connect the device to the VPN whenever it detects it is on a foreign network.
TLS (Transport Layer Security)	A protocol that authenticates the server, used in ensuring secure communication.	When using TLS, the user must still verify that the public-key certificate is issued to the intended communication partner.
UNIX	A time-sharing operating system developed by Bell Laboratories whose password security scheme has evolved historically through competition with attackers.	Its password file historically contained the actual passwords and had to be heavily protected.
PDP-11/70	A specific computer system used historically to test the running time required to encrypt and check trial passwords.	On this system, checking one trial password took approximately 1.25 milliseconds.
M-209 Cipher Machine	A cipher machine used by the U.S. Army during WWII, whose simulation program was used for the first UNIX password encryption scheme.	In the first scheme, the password was used as the key for the M-209 algorithm to encrypt a constant value.
Caffe	A deep learning library installed on the deep learning server.	Used on the “Beast” server alongside CUDA to solve interesting deep learning problems.
cudaHashcat	A specific password cracking tool designed to run on NVIDIA graphics cards.	This tool utilizes the computational power of graphics cards in parallel to perform fast password cracking.
CUDA	An NVIDIA-developed C-like intermediate language that instructs the graphics card on what to do.	Allows Hashcat to leverage the massively parallel architecture of a GPU to perform fast calculations.
HSM (Hardware Security Module)	A device designed to store encryption or HMAC keys and generally refuse to export them.	Used as a theoretical defense mechanism to limit an attacker who breaches the database to online attacks only.

Week 5

Term/Acronym	Simple Definition	Context/Usage
Computer Misuse Act 1990 + amendments	Legislation that makes unauthorized hacking and denial-of-service (DoS) attacks illegal in the UK, carrying a maximum penalty of 10 years in prison.	Used to cite the law governing DoS attacks and unauthorized system access.
DoS (Denial-of-service attack)	A class of attacks focused on compromising the availability of a service by either breaking it or overloading/starving it of resources.	Examples of techniques include Ping of Death, Permanent DoS, and the use of botnets in a distributed denial-of-service (DDoS) attack.
DDoS (Distributed Denial of Service)	A popular form of DoS attack where many distributed willing or unwilling participants contact the victim, frequently carried out using botnets.	In 2016, the Mirai botnet used 145,000 webcams (IoT devices) to set DDoS bandwidth records exceeding 1 Tbit/s.
Botnets	Networks of compromised machines (bots) built by exploiting vulnerabilities and used by attackers to perform DDoS attacks.	Early botnets consisted of Windows PCs, but modern versions often leverage Internet of Things (IoT) devices like DVRs and Internet cameras.
Social Engineering	The act of “hacking people” by obtaining passwords or installing malware via interaction methods like email (phishing), over the phone, or in person.	Cited as a method used in the Sony Attacks, where hackers stole an IT administrator’s password.
Phishing	A method of social engineering carried out via email to get passwords or install malware.	It is a common technique used to compromise systems.
OWASP Top 10	A list compiled by the Open Web Application Security Project of the most critical web application security risks.	Categories like A1 Injection and A3 Cross Site Scripting (2013 list) were cited as possible attack vectors in the Sony Attacks.
A1 Injection	A critical Web Application Security Risk concerning flaws where malicious data is sent to an interpreter as part of a command or query (e.g., SQL, OS, LDAP).	Identified as a vulnerability category used in the Sony Attacks and is linked to attacks like SQL injection.
A3 Cross Site Scripting (XSS)	A critical Web Application Security Risk involving the injection of malicious scripts into trusted websites, executed in the victim’s browser.	Identified as a vulnerability category used in the Sony Attacks (2013 OWASP ranking).
A8 Cross-Site Request Forgery (CSRF)	A critical Web Application Security Risk involving tricking an authenticated user’s browser into sending a fraudulent request to the server, causing an unwanted state change.	Identified as a vulnerability category used in the Sony Attacks (2013 OWASP ranking).
SQL Injection (SQLi)	An injection attack where malicious SQL code is inserted or appended into user input parameters that are later passed to a back-end SQL server for parsing and execution.	This attack breaches confidentiality and integrity and can be used to steal contents of databases or gain unauthorized access.
Prepared Statements	A defense mechanism, also called parameterized queries, that involves creating a query “template” and inserting user data separately to ensure the strict separation of code and data.	This is the recommended primary defense against SQL injection attacks as it prevents the database from interpreting user input as executable code.
Stored Procedures	A collection of statements stored in the database that can be executed and return a result.	They are a suggested defense against SQL injection, though they are not foolproof.
XSS (Cross-site Scripting)	A type of injection attack where malicious scripts are injected into trusted web sites and executed in the victim’s browser.	Attackers use XSS to steal information like cookies and credentials, install key loggers, or perform phishing attacks by modifying the webpage content.
Reflected Server XSS	Occurs when malicious user input is received by the target server and immediately sent back to the browser (e.g., as an error message) without being made safe to render.	The script is often embedded in a link, and the client receives the data from the server.
Stored Server XSS	The classic XSS attack type where malicious user input is permanently stored on the target server (e.g., in a database or message forum).	The client receives the stored data from the server and executes the malicious script when viewing the page.
Client XSS (Reflected/Stored)	An XSS attack where malicious user input is displayed or stored in the client’s browser (e.g., added to DOM or HTML5 localStorage) and may not be sent to the server.	Defenses include avoiding client-side document rewriting and using safe JavaScript APIs/methods.
Output Encoding	A defense mechanism, preferably server-side and context-sensitive, used to ensure output generated from user-supplied input is made safe to render.	This is the first line of defense against Server XSS.
Whitelists/Blacklists	Whitelists identify safe tokens and allow only those, while blacklists identify unsafe tokens and attempt to filter those out.	Whitelists are generally preferred for input validation because it is nearly impossible to define every unacceptable character combination in a blacklist.
CSRF (Cross-site request forgery)	An attack that causes a state change in the server by having the victim’s authenticated browser send a fraudulent request, typically initiated by clicking a malicious link.	Defenses involve including unpredictable tokens in valid requests for critical state changes.
Unpredictable Tokens	Security values included in valid requests for critical state changes.	Used as a primary defense against CSRF attacks, often implemented with challenge-response mechanisms, to ensure the request originated from the legitimate user’s application.
Active data uploads	A vulnerability created when a site allows data to be uploaded, and an attacker uploads and subsequently runs an active executable file (like a .php file).	Protection involves putting any uploads outside of the path to the document root and creating new, unpredictable file names.
IP spoofing	The act of using a spoofed source address to hide the attacker’s identity, often setting the source address to be the victim’s address.	Used in Reflected DoS attacks to direct the responses/amplified traffic toward the victim.
Amplification	A technique in DoS attacks where a request generates a response many times larger (up to 557 times larger) than the initial request, typically leveraging services like DNS or NTP servers.	Used to flood the victim with a small number of requests resulting in a large volume of traffic.
IoT (Internet of Things) devices	Devices like DVRs, WiFi routers, and Internet cameras that are frequently compromised due to security vulnerabilities and used to form large DDoS botnets.	These devices pose a threat to the Internet at large due to their use in setting DDoS bandwidth records (e.g., Mirai botnet).
Responsible Disclosure	A process where a security researcher contacts the vendor first, waits for security updates, and then performs public disclosure of findings (without exploit code).	This is the preferred method for handling serious vulnerabilities found in a system.
Full disclosure	The public release of a vulnerability that includes the exploit code.	This is contrasted with Responsible Disclosure, which only releases the vulnerability description.
TJX breach	A major security incident in 2007 where financial data was exposed, starting with an attack on the wireless network at a retail store.	The attack exploited the use of the outdated WEP encryption protocol on the 802.11b wireless network.
WEP (Wired Equivalent Privacy) encryption	An outdated encryption protocol used by the TJX system, known to have weaknesses and rendered obsolete in 2002.	Its use facilitated the initial compromise of the TJX network.
Buffer Overflows/Overruns	Occur when applications do not properly account for the size of input data, causing excess data to be written over memory used by other applications or the operating system.	They are classified as common software development vulnerabilities and can be nullified by proper bounds checking.
Bounds Checking	Setting a limit on the amount of data accepted by an application.	Proper bounds checking can nullify buffer overflow attacks entirely.
Race Conditions	Occur when multiple processes share access to a resource, and the correct operation depends on the precise ordering or timing of transactions, potentially leading to undesirable results.	They are difficult to detect in existing software and should be avoided by careful handling of resource access in new applications.
Format String Attack	An input validation problem where print functions in languages like C or C++ can be exploited using formatting parameters (e.g., %n) to manipulate or view internal memory.	This vulnerability can allow an attacker to crash an application or cause the operating system to run a command.
Principle of Least Privilege	The security principle that mandates allowing the minimum permissions required for both users and the internal activities of software.	This is crucial for authorization mechanisms to limit compromise and must be re-checked whenever a privileged activity is attempted.
AES (Advanced Encryption Standard)	A major cryptographic algorithm in general use today.	It is an example of a known algorithm that should be used instead of developing homegrown cryptographic schemes.
RSA	A major cryptographic algorithm in general use today.	It is an example of a known algorithm that should be used instead of developing homegrown cryptographic schemes.
Clickjacking	An attack that tricks a user into clicking something unintended by exploiting the browser’s graphical display capabilities, placing an invisible layer over the actual content.	These attacks are mostly thwarted by newer versions of common browsers like Internet Explorer, Firefox, Safari, and Chrome.
NoScript	An additional browser tool, available for Firefox, that blocks most web page scripts by default, only allowing those explicitly enabled by the user.	Used to disable many Web-based threats and protect against client-side attacks.
Sniffers	Tools used to examine all the network traffic traveling over a portion of the network.	Sniffers, such as Wireshark or Microsoft Network Monitor, can be used to monitor traffic exchanged with a particular application or protocol to increase security.
HTTP (Hypertext Transfer Protocol)	The protocol used for communication in the context of Web traffic.	Wireshark can be used to examine HTTP traffic specifically.
Nikto	A free and open source command-line Web server analysis tool.	It performs checks for common vulnerabilities and indexes all visible files and directories on the target Web server (spidering).
Wikto	A Windows version of the Nikto Web server analysis tool that provides a graphical user interface (GUI).	Used by Windows-centric environments or users who prefer a graphical interface for Web server analysis.
Fuzzers	Tools used during fuzz testing that bombard applications with unexpected data and inputs to discover completely unknown or unexpected problems.	Used to find vulnerabilities in both existing software and software in development.
Fuzz Testing	A process where applications are bombarded with all manner of unexpected data and inputs to discover completely unexpected problems.	This technique helps find flaws that might not be revealed by testing against known vulnerabilities.
NIST 800 Series	Publications from the National Institute of Standards and Technology containing numerous guides for both development and deployment of technologies and applications.	Provides a great starting place for organizations needing secure development and deployment standards.
BSI (Build Security in Software Assurance Initiative)	A security initiative from the US Department of Homeland Security providing secure coding guidelines.	Cited as an external source for secure software development guidelines.
Three-tier architecture	A common architecture where the presentation tier never communicates directly with the data tier; communication must pass through the middleware (logic) tier.	This architecture consists of a presentation tier, a logic tier, and a storage tier.
metadata	Data about the data contained in a database, such as the name of a database or table.	Attackers exploiting SQL injection often attempt to access database metadata.
INFORMATION_SCHEMA	A virtual database used by MySQL and Microsoft SQL Server to access database metadata, often accessed by attackers during SQL injection attacks.	Contains information on data dictionary and system catalog data.

Week 6

Term/Acronym	Simple Definition (1 sentence explanation)	Context/Usage
Public Key Cryptography (PKC) (Asymmetric encryption)	A cryptographic system where each person’s key is separated into a public key (for encryption) and a secret key (for decryption).	Used for secure communication, key exchange, digital signatures, online shopping, and secure website access.
Symmetric Key Encryption	A cryptographic system where the same single key is used by both parties for encoding (encryption) and decoding (decryption) a message.	Requires parties to agree on a common secret key beforehand; generally more efficient than public-key methods for long messages.
Public Key ($pk$)	The publicly distributed key used by anyone to encrypt messages intended for the key pair owner.	Published everywhere (e.g., keyserver, end of emails); used in Textbook RSA as $(N,e)$.
Private Key (Secret Key, $sk$)	The key that must be kept absolutely secret and is used by the owner to decrypt ciphertexts or create digital signatures.	Used in Textbook RSA as $(N,d)$; essential for proving authenticity when used for signing messages.
One-way Function (OWF)	A function that is easy to compute in one direction but hard to reverse, meaning finding the pre-image is practically infeasible.	Examples include multiplication of large primes and Discrete Exponentiation; security basis for public-key cryptography.
Trapdoor Function	A one-way function that possesses specific secret information (the trapdoor) which enables efficient computation of the inverse.	The RSA function is a trapdoor function, where the secret decryption exponent $d$ is the trapdoor information.
Modular Exponentiation	The calculation of $a^n\mathrm{mod}N$, which can be computed efficiently using the Square and Multiply method.	Used as the one-way function in RSA encryption and is the basis for Discrete Exponentiation.
Square-and-multiply method	An efficient algorithm used for the computation of modular exponentiation ($a^n$) that requires time proportional to the logarithm of the exponent.	Used to efficiently compute modular powers like the RSA function and the discrete exponential function.
Discrete Exponentiation (Exp)	A function, such as $x\mapsto g^x$, that is efficiently computable, serving as a one-way function.	Used in ElGamal and Diffie-Hellman; its hardness of inversion secures these schemes.
Discrete Logarithm Function (Log)	The inverse function of the discrete exponential function that is believed to be hard to compute efficiently for sufficiently large primes.	The difficulty of extracting discrete logarithms (DLP) is the foundation for ElGamal and Diffie-Hellman cryptosystems.
Diffie-Hellman Key Exchange (DH)	A public-key method allowing two parties to establish a fresh, shared secret key over an insecure channel by exchanging public components $g^a$ and $g^b$.	Based on the difficulty of the Diffie–Hellman Problem (DHP); often analogized to mixing colors.
Diffie–Hellman Problem (DHP)	The assumption that it is impossible to compute the shared secret $g^{ab}$ from the publicly known values $g^a$ and $g^b$ alone.	The security of ElGamal encryption relies on the difficulty of solving this problem; presupposes the discrete logarithm assumption.
RSA Cryptosystem	The most popular and widely used public-key cryptosystem, based on the difficulty of factoring large numbers.	Provides encryption and digital signatures; uses the RSA modulus $N$, and exponents $e$ and $d$.
RSA Modulus ($N$)	The product of two large random primes ($N=pq$) that forms the modulus for RSA operations.	Part of the public key $(N,e)$; the security of RSA depends on the difficulty of finding the factors $p$ and $q$ of $N$.
Textbook RSA	The basic RSA scheme defined by $c=m^e\mathrm{mod}N$ for encryption and $m=c^d\mathrm{mod}N$ for decryption.	It is deterministic and therefore not CPA-secure; in practice, RSA requires encoding methods like OAEP.
CPA-secure (Chosen-Plaintext Attack Secure)	A security property meaning the encryption scheme is resistant to an attack where the adversary cannot perform better than random guessing.	No deterministic encryption scheme (like Textbook RSA) is CPA-secure; requires the encryption process to be randomized.
Chosen-Plaintext Attack (CPA)	An attack where the adversary computes ciphertexts for messages of her choosing using the public key to compare against a challenge ciphertext.	Textbook RSA is vulnerable to CPA because it is deterministic; security requires the encryption to be randomized.
Chosen-Ciphertext Attack (CCA)	An attack where the adversary gains temporary access to the decryption device to decrypt ciphertexts of her choice, potentially enabling the decryption of a targeted message later.	Basic RSA encryption and ElGamal encryption are vulnerable to chosen-ciphertext attacks; specific variants include Bleichenbacher’s attack.
Hybrid Encryption	A system that combines public-key encryption (for key exchange) with symmetric-key encryption (for bulk data encryption).	Used to encrypt longer messages because symmetric-key encryption is much more efficient than computationally expensive public-key encryption.
Session Key	A secret key, often temporary, used in a symmetric encryption scheme to encrypt the messages for a single communication session.	Used in hybrid encryption: the public key encrypts the session key, and the session key encrypts the long message.
OAEP (Optimal Asymmetric Encryption Padding)	A randomized preprocessing scheme applied to plaintexts before public-key encryption to enhance security and prevent attacks like Bleichenbacher’s.	Used to make encryption non-deterministic and CCA-secure; adopted in PKCS#1 v2.0; necessary to prevent the 1-Million-Chosen-Ciphertext Attack.
PKCS #1 (Public-Key Cryptography Standards #1)	A series of standards defining mechanisms for encrypting and signing data using the RSA public-key system.	Version 1.5 had weaknesses targeted by Bleichenbacher’s attack; Version 2.0 uses OAEP padding.
Bleichenbacher’s 1-Million-Chosen-Ciphertext Attack	An adaptive chosen-ciphertext attack against PKCS#1 v1.5 that exploits information revealed by a decryption oracle.	Targeted implementations of the SSL/TLS protocol; prevented by the adoption of OAEP encoding.
Digital Signature	A value depending on the message and the signer’s secret key, allowing an unbiased third party to verify the message origin using the public key.	Used to guarantee authenticity, integrity, and non-repudiation; RSA and ElGamal both provide signature capabilities.
Existential Forgery	An attack where an adversary is able to construct a valid signature for some message, although the forged message is unlikely to be meaningful.	Basic RSA signatures and ElGamal signature schemes are vulnerable to existential forgery when used without a hash function.
Hash-then-decrypt paradigm	A common signature approach where a collision-resistant hash function is applied to the message, and the resulting hash value is signed instead of the message itself.	Prevents attacks like existential forgery, allows messages of arbitrary length to be signed, and guarantees non-repudiation.
Full-Domain-Hash (FDH) RSA signatures	An RSA signature scheme where the hash function output ranges over the full set $Z_n$ (the full domain of the RSA function).	Can be mathematically proven secure in the random oracle model; used to guarantee that the signature verification condition is hard to achieve by chance.
Random Oracle Model	A theoretical model where the hash function is assumed to be a truly random function that the adversary must call as a “black box” to obtain hash values.	Used to prove the security of cryptographic schemes like FDH RSA signatures, assuming the hash function behaves like a perfect oracle.
PSS (Probabilistic Signature Scheme)	A randomized signature scheme where the signature depends on the message and a randomly chosen input, provably secure in the random oracle model.	Applicable to messages of arbitrary length; uses a trapdoor permutation ($f$) and hash functions ($G$ and $h$).
ElGamal Encryption Scheme	A public-key cryptosystem based on the discrete logarithm assumption, where encryption involves multiplying the message by a random element $y^k$ and sending the pair $(g^k,y^k\cdot m)$.	Does not use a trapdoor function but is based on the Diffie–Hellman problem; its ciphertext is twice as long as the plaintext.
ElGamal Signatures	A digital signature scheme where the signature $\sigma =(r,s)$ is computed such that $r=g^k$ and $s=k^{-1}(m-rx)\mathrm{mod}(p-1)$.	Security relies on the discrete logarithm assumption; vulnerable to existential forgery if used without a hash function.
DSA (Digital Signature Algorithm)	The algorithm included in the Digital Signature Standard (DSS), which is very similar to ElGamal’s signature scheme but uses a subgroup generator of prime order $q$.	Used by government and financial organizations; relies on the difficulty of finding discrete logarithms in the subgroup $G_q$.
DSS (Digital Signature Standard)	The standard proposed by NIST that contains the Digital Signature Algorithm (DSA).	Was intended to become a standard digital signature method for use by government and financial organizations.
SHA-1 (Secure Hash Algorithm 1)	A cryptographic hash algorithm considered secure, recommended for implementing $h$ and $G$ in OAEP and used in the DSS.	Used in protocols like OAEP and the DSS; often applied to messages before signing (hash-then-decrypt paradigm).
Chinese Remainder Theorem (CRT)	A theorem allowing computation in $Z_n$ to be performed by decomposing $Z_n$ into a product of smaller rings (e.g., $Z_p\times Z_q$).	Used to speed up RSA decryption by calculating exponents modulo the smaller factors $(p-1)$ and $(q-1)$.
Euler Phi Function ($\phi (n)$) (Euler Totient Function)	The number of integers in the interval $[1,n-1]$ which are prime to $n$ (units in $Z_n$).	Used in RSA key generation to find the decryption exponent $d$ such that $ed\equiv 1\mathrm{mod}\phi (n)$.
Extended Euclidean Algorithm (EEA)	An algorithm used to find the greatest common divisor of two numbers, and to derive the multiplicative inverse element in modular arithmetic.	Used in RSA key generation to compute the decryption exponent $d$; also used in the Common-Modulus Attack.
Integer Factorization Problem (IFP) (Factoring)	The computational challenge of designing an efficient algorithm for calculating the prime factors ($p,q$) of an extremely large composite number ($N$).	The foundational “hard problem” upon which RSA security depends; factorization takes exponentially longer than multiplication.
RSA Assumption	The belief that inverting the RSA function is intractable, meaning it is impossible to compute the plaintext $m$ from $N,e,$ and $m^e\mathrm{mod}N$.	The security of RSA relies on this assumption, which is closely related to the Factoring Assumption.
Elliptic Curve Cryptography (ECC)	A cryptographic field implemented using the addition operation in the Abelian group of points on an elliptic curve over a finite field.	Often preferred due to providing comparable security with substantially shorter key lengths than classical schemes like RSA or ElGamal in $Z_p^{\ast }$.
Elliptic Curve Discrete Logarithm Problem (ECDLP)	The computationally infeasible problem of determining the integer $k$ given two points $P$ and $Q$ on an elliptic curve such that $P=kQ$.	The hard problem upon which ECC security (like Elliptic Curve Diffie-Hellman) relies, analogous to the DLP in $Z_p^{\ast }$.
Double and Add Algorithm	A recursive algorithm used to efficiently compute the point $xP$ (scalar multiplication) given the number $x$ and the point $P$ on an elliptic curve.	The ECC analogue of the Square and Multiply method for modular exponentiation.
Point at infinity (O)	The unique point on an elliptic curve that serves as the zero element (neutral element) for the addition operation in the Abelian group $E(F_q)$.	All elements $P\in E(F_q)$ satisfy $nP=O$ where $n$ is the order of the group or subgroup.
ECDSA (Elliptic Curve Digital Signature Algorithm)	The elliptic curve analogue of the Digital Signature Algorithm (DSA) that is included in standards like IEEE 1363-2000 and TLS protocol.	Uses Alice’s secret key $d_A$ and public key $P_A=d_{A}Q$ to sign messages.
Homomorphic Encryption	Probabilistic public-key encryption algorithms where multiplication of plaintexts corresponds to multiplication of ciphertexts.	Used in applications like electronic voting protocols and re-encryption mix nets; ElGamal and Paillier encryption are examples.
Paillier Encryption	A probabilistic homomorphic encryption scheme that works in the residue class group $Z_{n^2}$ where $n$ is an RSA modulus $pq$.	Security is based on the composite residuosity assumption; used in electronic voting protocols.
Modular Squaring Function (Square)	The function $\text{Square}:Z_n\to Z_n,m\mapsto m^2$, which is a one-way function with a trapdoor if factoring is infeasible.	The encryption function in Rabin’s Cryptosystem; extracting square roots (inversion) is equivalent to factoring $N$.
Rabin’s Cryptosystem	A public-key cryptosystem based on the modular squaring function that is provably as difficult to break as the factorization problem.	Uses $N=pq$ as the public key; decryption requires computing modular square roots, which yields four possible plaintext solutions.
KDC (Key Distribution Centre)	A centralized server that supplies secret keys to users on the fly, feasible only if users work within one company.	An alternative to pre-deploying pairwise keys, but relies on the honesty and permanent availability of the server.
CCA-secure (Chosen-Ciphertext Attack Secure)	A strong security property requiring resistance against an adversary who has access to the decryption device.	PKCS#1 V1.5 is noted to have weaknesses and is not fully CCA-secure; OAEP is designed to achieve CCA-security.

Week 7

Term/Acronym	Simple Definition	Context/Usage
Public Key ($\mathbf{pk}$)	A key that can be distributed publicly and is used by anyone to verify digital signatures or to encrypt a message for the owner.	Used in public-key encryption schemes where it is known to everyone, but computation of the corresponding secret key is infeasible,.
Private Key / Secret Key ($\mathbf{sk}$)	A key that must be kept secret by the owner and is used to sign a message or to decrypt a ciphertext,.	In digital signature schemes, the secret key ($\mathbf{sk}$) is used to compute the digital tag ($\sigma$) for a message.
Digital Signatures	The digital counterpart of a handwritten signature, depending on the message and a secret known only to the signer, providing public verifiability, transferability, and non-repudiation,.	Used in public-key methods to guarantee the authenticity of public keys by certification authorities.
MACs (Message Authentication Codes)	A security method used in symmetric cryptography to detect modifications of messages or verify the origin of a message.	Unlike digital signatures, MACs do not provide public verifiability or non-repudiation because the verifier knows the shared secret key,.
Non-repudiation	A property of digital signatures meaning the signer cannot truthfully deny having signed the message once the signature verifies as correct,.	This property is crucial for signed documents, preventing the signer from claiming, “I never signed that!”.
One-way function	A family of functions ($E_{\mathbf{pk}}$) that are efficiently computable, but for which computing pre-images (finding $m$ from $c=E_{\mathbf{pk}}(m)$) is practically infeasible.	The security of the RSA function depends on its property of being a one-way function, provided the factors of $N$ are not known.
Trapdoor function	A one-way function where some secret information, called the trapdoor information ($\mathbf{sk}$), enables the efficient computation of the function’s inverse.	The RSA function ($RS{A}_{n,e}$) is an example of a trapdoor function, with the trapdoor information being the decryption exponent $d$.
RSA	The most popular and widely used public-key cryptosystem, published in 1978 and based on the difficulty of factoring large numbers.	RSA cryptosystems provide both encryption and digital signatures, using the modulus $N=pq$,.
Textbook RSA Signatures	The basic digital signature scheme where signing is $m^d\mathrm{mod}N$ and verification is ${\sigma }^e=m\mathrm{mod}N$.	This scheme is vulnerable to a “no-message attack,” where an adversary can forge a signature on a random message $m$,.
Hash and Sign	A generic construction that uses a collision-resistant hash function to transform a signature scheme working on “short messages” into one working on “long messages”.	This paradigm is implemented by signing the hash value $H(m)$ instead of the message $m$ itself, making the signature $\sigma =H(m{)}^d(\mathrm{mod}N)$,.
Collision-resistant hash function ($H$)	A cryptographic hash function applied to a message ($m$) that produces a short digital fingerprint, essential for preventing collisions where $H(m)=H(m^{\prime })$ for $m\ne m^{\prime }$,,.	Collision resistance is essential for non-repudiation, preventing the signer from claiming they signed a different message $m^{\prime }$.
$N$ (RSA Modulus)	The product of two large random primes, $N=pq$, which is public, but whose factors must be kept secret for RSA security,.	RSA keys are based on computations modulo $N$, and the security of RSA depends on the difficulty of factoring $N$,.
$\phi (N)$ (Euler Phi Function)	The number of integers in the interval $[1,N-1]$ which are prime to $N$; computed as $(p-1)(q-1)$ for $N=pq$,.	Used in RSA key generation to compute the decryption exponent $d$ such that $ed\equiv 1(\mathrm{mod}\phi (N))$,.
PKI (Public Key Infrastructure)	A set of policies and procedures designed to manage (create, distribute, store, revoke) digital certificates.	A PKI can be based on Certificate Authorities (CAs), Web of Trust (PGP/GnuPG), or Blockchain trust models.
Digital Certificate / Certificate	A data structure that binds an identity and a purpose to a public key,.	Certificates include parameters like the issuer, the expiration date, and the purpose of the public key.
Certification Authority (CA)	An entity that checks a user’s identity and issues a certificate signed with the CA’s private key.	Anyone who trusts the CA (and knows its public key) can verify that a specific public key belongs to the claimed identity.
X.509	An ITU standard that defines the structure of digital certificates and the method for certificate validation.	This standard is widely used in protocols like SSL/TLS, IPSec, S/MIME, and SSH.
Certificate Chain	A sequence of certifications where one party certifies the key of another, who certifies the key of a third, and so on, to establish trust,.	This chain is necessary when Alice needs to trust Wilma’s key but only knows and trusts Bob, who certified Wilma’s key.
CRL (Certificate Revocation List)	A list maintained by every certificate authority detailing certificates that have been revoked (e.g., if the private key was lost or stolen).	A major problem with CRLs is that they only work if the user is online to check the list.
TSA (Time Stamping Authority)	A trusted service, often provided by CAs, that certifies that an electronic document existed at a given point in time.	TSAs are used to prove that a signature is valid even after the certificate’s expiration date, provided the document was signed before that date.
ElGamal	A public-key cryptosystem based on the difficulty of solving the discrete logarithm problem,.	ElGamal provides schemes for both encryption and digital signatures, relying on the Diffie–Hellman problem for its security,.
Rabin cryptosystems	A cryptosystem based on the modular squaring function, whose underlying encryption algorithm is provably as difficult to break as factoring large numbers,,.	Rabin’s scheme uses the modulus $n=pq$ as the public key, and its decryption involves computing square roots,.
Digital Signature Algorithm (DSA)	A digital signature scheme proposed by NIST as a standard, which is very similar to the ElGamal algorithm but uses a generator $g$ of prime order $q$,.	DSA signatures are fairly short, consisting of two 160-bit numbers, and its security relies on the difficulty of computing discrete logarithms.
ECDSA (Elliptic Curve Digital Signature Algorithm)	The elliptic curve analogue of the Digital Signature Algorithm, included in standards like IEEE 1363-2000.	ECDSA signatures are based on the elliptic curve discrete logarithm assumption and are preferred when computing resources are limited due to shorter required key lengths,.
Discrete logarithm problem	The problem of computing the exponent $x$ from a given element $y=g^x$ in a finite field $Z_p^{\ast }$ or a cyclic subgroup,,.	The security of ElGamal and DSA schemes relies on the assumption that solving the discrete logarithm problem is infeasible,.
Diffie–Hellman problem	The problem of computing $g^{ab}$ (or $abQ$ in ECC) from $g^a$ and $g^b$, which is assumed to be computationally infeasible,.	This problem forms the basis for the security of ElGamal encryption and the Diffie–Hellman key agreement protocol,.
Ciphertext ($c$)	The output obtained after applying the encryption function $E$ to a message $m$ using a public key $pk$.	The security of a public-key scheme depends on it being practically infeasible to compute the plaintext $m$ from the ciphertext $c$.
OAEP (Optimal Asymmetric Encryption Padding)	A randomized preprocessing scheme applied to plaintexts before encryption to protect against various attacks, such as chosen-ciphertext attacks.	OAEP is adopted in PKCS#1 v2.0 and is used with schemes like RSA to prevent attacks like Bleichenbacher’s 1-Million-Chosen-Ciphertext Attack,.
Random oracle model	A theoretical model used in security proofs where a hash function is assumed to operate as a truly random function, requiring the adversary to call an oracle to obtain hash values.	This model is used to mathematically prove the security of full-domain-hash RSA signatures,.
Chosen-ciphertext attack (CCA)	An attack where an adversary gains access to the decryption device to obtain plaintexts for ciphertexts of their choosing, attempting to decrypt a target ciphertext.	Basic RSA encryption is vulnerable to this attack, necessitating the use of probabilistic padding schemes like OAEP,.
Homomorphic Encryption	Encryption algorithms where an operation performed on the plaintexts corresponds to an operation performed on the ciphertexts,.	ElGamal encryption is homomorphic with respect to the multiplication of plaintexts and ciphertexts.
Paillier encryption	A probabilistic, homomorphic encryption scheme that works in the residue class group $Z_{n^2}^{\ast }$.	The security of this scheme is based on the composite residuosity assumption, and it is used in applications like electronic voting protocols,,.
Elliptic Curve Cryptography (ECC)	Cryptographic algorithms implemented on an elliptic curve defined over a finite field $F_q$, analogous to discrete logarithm schemes,.	ECC allows for the use of substantially shorter keys compared to classical schemes like RSA for a comparable level of security, making it suitable for embedded systems,.
Point at infinity ($O$)	The zero element (neutral element) of the addition operation in the Abelian group defined by the points $E(F_q)$ on an elliptic curve.	In ECC, the computation $nQ=O$ defines the termination of the cyclic subgroup generated by point $Q$ of order $n$.
ECDLP (Elliptic Curve Discrete Logarithm Problem)	The problem of computing the integer $k$ from a given point $P$ in a cyclic subgroup $⟨Q⟩$, such that $P=kQ$.	The security of ECC protocols, such as ECDSA, relies on the assumption that solving the ECDLP is practically infeasible,.
$h$ (Cofactor)	A parameter in ECC defined by the ratio $h =	E(F_q)
FIPS 186-4	A standard published by the National Institute of Standards and Technology (NIST) that recommends specific key sizes and elliptic curves for use in cryptographic applications,.	This standard includes the Elliptic Curve Digital Signature Algorithm (ECDSA) and provides guidelines for selecting suitable curves and domain parameters,.

Week 8

Term/Acronym	Simple Definition	Context/Usage
TLS (Transport Layer Security)	The successor to SSL, this cryptographic protocol provides communications security, confidentiality, integrity, and authenticity over a network like the Internet, often securing HTTPS traffic.	It runs in the presentation layer over a reliable transport protocol (like TCP) and is the current IETF standard.
SSL (Secure Sockets Layer)	The original security protocol developed by Netscape that was deprecated due to flaws but is the predecessor of TLS.	SSL versions 2.0 and 3.0 are deprecated; SSL 3.0 was vulnerable to the POODLE attack.
Cryptographic Primitives	Fundamental cryptographic tools such as RSA, AES, SHA-2, and SHA-3 that provide building blocks for secure communication.	They are used in security protocols (e.g., SSL/TLS, IPSec) to achieve security goals like confidentiality and integrity in distributed systems.
Communication Protocol	A distributed algorithm executed by two or more parties that specifies the syntax, semantics, and synchronization of data exchange.	If an algorithm is not distributed (i.e., only executed in one place), it is not called a protocol.
Security (or Cryptographic) Protocols	Communication protocols that employ cryptographic building blocks (encryption, hashing, digital signatures) to achieve security goals.	They are essential for solving issues such as determining message origin, preventing replays, and ensuring confidentiality in distributed systems.
Dolev-Yao Adversary	An active and powerful attacker model that controls the network, capable of eavesdropping, intercepting/modifying messages, constructing new messages, and compromising old cryptographic keys.	This model is frequently used to test the security of communication protocols, contrasting with passive adversaries who only eavesdrop.
Honest (Protocol Agents)	Protocol participants who strictly adhere to the specified protocol rules and whose cryptographic keys remain uncompromised.	Protocol security properties (like key secrecy and freshness) must hold if participating agents are honest.
Symbolic Encryption Notation {m}k	A notation representing a message m that has been encrypted and authenticated using a symmetric key k.	It is defined as combining encryption with two derived keys ($k_0,k_1$) and a tag for authentication.
Master Keys	Long-lived, secret cryptographic keys, typically belonging to a public-key cryptosystem, used to generate session keys.	Access to these keys is severely restricted, often by storing them on protected hardware, to prevent severe attacks.
Session Keys	Keys associated with a specific connection session, usually from a symmetric cryptosystem, valid only for the short duration of that session.	They are used for the bulk encryption of application data because symmetric encryption is more efficient than public-key encryption.
Entity Authentication	The process by which one party (e.g., Alice) convinces a communication partner (Bob) that her declared identity is correct, thereby preventing impersonation.	This is achieved when a party signs a specific message to prove identity, often using techniques like challenge-response.
Replay Attack	An attack where an adversary intercepts a message signed or authenticated by a legitimate user and uses it later to impersonate the original sender.	This attack can be prevented if the message content varies, often by including timestamps or nonces in the signed message.
Nonce (N)	A “number used once,” typically implemented as a random number, used to guarantee the freshness of a message.	Nonces are generated and sent by one party and must be returned by the other to prove the response was freshly generated, protecting against replay attacks.
Challenge-response identification	An authentication method where a verifier sends a random number (challenge) to a prover, who must return a signed message (response) incorporating that random number to prove knowledge of a secret key.	This principle is used for identification in military IFF systems and two-factor authentication.
Key Establishment Protocol	A protocol designed to allow two or more parties to negotiate and agree upon a shared session key securely.	Security properties required include key freshness, secrecy (known only to honest parties), and agreement (parties agree on the key and partners).
Kerberos	A distributed authentication service and protocol that provides entity authentication and key establishment using symmetric cryptography and a trusted server.	It involves a trusted server ($T$) sharing secret keys with clients and servers to issue tickets and session keys.
Ticket (Kerberos)	Credentials issued by the Kerberos authentication server ($T$) for a client ($A$) to access a server ($B$), containing $A$‘s identity and the session key ($k$), encrypted with $B$‘s secret key.	The ticket is forwarded by the client to the server, who decrypts it to obtain the session key.
Authenticator (Kerberos)	A message created by the client and encrypted with the session key ($k$) that proves to the server that the client knows the session key embedded in the ticket.	It typically contains the client’s identity and a timestamp ($t_A$) to prevent replay attacks.
Diffie–Hellman Key Exchange (DH)	The first practical solution to the key distribution problem, based on public-key cryptography, enabling two parties to establish a mutual secret key over a public channel.	Its security relies on the Diffie–Hellman assumption: that computing $g^{ab}$ from $g^a$ and $g^b$ is computationally intractable.
Man-in-the-middle attack (MITM)	An active attack where an adversary intercepts communications, establishing separate secret keys with both communicating parties and impersonating each to the other.	Basic Diffie–Hellman is vulnerable to MITM attacks, necessitating the use of digital signatures to authenticate the key exchange.
Mafia-in-the-middle Attack	A type of MITM attack where an adversary exploits a key reuse vulnerability across different protocols or contexts to deceive a user into authorizing an unintended transaction.	This attack highlights the danger of reusing cryptographic keys or authentication mechanisms in more than one application.
Forward Secrecy (PFS)	A security property ensuring that a session key will not be compromised if the long-term private key used to establish the connection is compromised in the future.	It is achieved by using ephemeral key exchange algorithms (like DHE/ECDHE) that generate unique, one-time session keys.
Ephemeral Key Exchange	A method (such as DHE or ECDHE) where session keys are based on temporary, randomly generated keys unique to each session, ensuring PFS.	TLS 1.3 mandates the use of ephemeral key exchange algorithms.
X.509	A recognized standard defining the format for digital certificates used in TLS/SSL to bind public keys to identities.	Clients must validate the server’s certificate chain according to X.509 specifications during the handshake.
Certificate Authorities (CA)	A trusted third party (TTP) whose primary role is to issue, manage, distribute, and digitally sign digital certificates.	The client implicitly trusts a list of CA public keys (root certificates) to verify the authenticity of a server’s certificate.
Digital Certificate (Certificate)	A document signed by a CA that binds a public key to a distinguished name (the owner’s identity) and indicates expected key usage.	Sent by the server in the TLS handshake, it allows the client to authenticate the server’s identity.
Certificate Chain	An ordered list of certificates, starting with the server’s SSL/TLS certificate and ending with a Root CA Certificate, used by the receiver to verify the sender’s trustworthiness.	The client validates the chain by verifying the signatures of all certificates up to a trusted Root CA.
Root CA Certificate	The certificate at the end of the certificate chain, which is signed by the Certificate Authority itself and whose public key is inherently trusted by the client.	These certificates serve as the “trust anchors” for validating all other certificates in the chain.
Intermediate Certificate	Any certificate that sits in the chain between the SSL/TLS Certificate and the Root Certificate, acting as the signer/issuer of the SSL/TLS Certificate.	They are necessary to make the SSL/TLS certificate compatible with all clients by linking it back to a trusted root.
Certificate revocation lists (CRL)	A list of entries corresponding to revoked certificates that are still within their validity period, signed by the CA.	They are maintained to publicize that a secret key has been compromised, as the CA cannot notify all users possessing copies of the certificate.
Public Key Infrastructure (PKI)	A comprehensive system involving roles, policies, hardware, software, and procedures needed to manage and validate digital certificates and public-key encryption.	Its purpose is to facilitate the secure electronic transfer of information and reliably verify entity identity via digital signatures.
Registration Authority (RA)	A PKI role, sometimes delegated by the CA, responsible for identifying and authenticating certificate applicants but lacking signing authority.	RAs manage the vetting and provisioning of certificates before they are issued by the CA.
Cipher Suite	A set of algorithms used to secure a network connection, typically including key exchange, bulk encryption, and message authentication code algorithms.	During the handshake, the client sends a list of preferred cipher suites, and the server chooses one that both parties support.
Bulk Encryption Algorithm	The symmetric encryption algorithm used by the cipher suite to encrypt the bulk of the application data being sent over the secure connection.	Examples include AES, CHACHA20, and 3DES.
MAC (Message Authentication Code) Algorithm	The algorithm used to provide data integrity checks, ensuring that the data sent has not been altered in transit.	The MAC is computed over the message and a sequence number, often using hash functions like SHA or MD5.
AEAD (Authenticated Encryption with Associated Data)	A type of encryption scheme that combines confidentiality and integrity checks simultaneously.	TLS 1.3 mandates the use of AEAD ciphers (like AES-GCM) and AEAD-integrated MACs, replacing the older MAC-then-encrypt structure.
ClientHello	The first message in the SSL/TLS handshake, sent by the client, which initiates the negotiation.	It contains the maximum supported TLS version, a list of preferred cipher suites, compression methods, and a client random nonce.
ServerHello	The message sent by the server in response to the ClientHello, selecting the agreed-upon protocol version, cipher suite, and compression algorithm.	It also contains the server’s random nonce and a session ID if session resumption is possible.
PreMasterSecret	A random string of bytes (48 bytes, 46 random in RSA) generated by the client and encrypted using the server’s public key.	It is decrypted by the server, and then both parties use it, along with the two random nonces, to compute the Master Secret.
Master Secret	The final shared secret key material derived from the PreMasterSecret and the client and server random nonces.	All symmetric session keys (for encryption and MAC) used for the actual data connection are derived from the Master Secret.
ChangeCipherSpec	A record-level protocol message (type 20) sent by both client and server to signal that subsequent messages will be encrypted and authenticated using the newly derived session keys.	This message marks the point in the handshake where the communication switches to symmetric encryption.
Finished Message	A cryptographic checksum computed over all previous handshake messages (from both parties) and sent encrypted and authenticated with the new session keys.	Successfully verifying this message authenticates the peer and protects the entire handshake process from tampering.
MAC-then-encrypt	The cryptographic method used in TLS before version 1.3, where the MAC (integrity check) is applied first, and then the MAC and data are encrypted together.	This structure was vulnerable to padding oracle attacks like POODLE and Lucky 13.
Padding Oracle Attack	A class of attacks exploiting implementation errors, usually involving CBC mode, where an attacker modifies ciphertext and deduces plaintext based on distinct server error responses (or timing) indicating valid vs. invalid padding.	The POODLE attack specifically exploited this weakness in SSL 3.0 where padding bytes were ignored.
POODLE Attack	Padding Oracle On Downgraded Legacy Encryption; an attack exploiting a padding flaw specific to SSL 3.0 when using CBC cipher suites.	Attackers leverage connection negotiation capabilities to force a downgrade to SSL 3.0, enabling byte-by-byte decryption.
Downgrade Attack	A method where an adversary forces a modern client and server to negotiate a connection using an older, less secure protocol version (like SSL 3.0) or weaker cipher suites.	The primary defense is strong anti-downgrade controls (like TLS_FALLBACK_SCSV) and disabling support for insecure legacy versions.
CBC Mode (Cipher Block Chaining)	A mode of operation for block ciphers used in earlier TLS versions (pre-1.3) where each block is XORed with the previous ciphertext block before encryption.	CBC mode, especially in TLS 1.0 and SSL 3.0, was vulnerable to attacks like BEAST and POODLE due to predictable IVs and padding structures.
BEAST Attack	Browser Exploit Against SSL/TLS; an attack exploiting a CBC mode vulnerability in TLS 1.0 and SSL 3.0 where the Initialization Vector (IV) for a record was predictable.	The attack allowed an adversary who controlled part of the encrypted data stream to turn the encryption machine into a decryption oracle.
CRIME Attack	Compression Ratio Info-leak Made Easy; an attack that exploits data compression within TLS (or SPDY/HTTP) to leak plaintext information, such as session cookies, by observing resulting ciphertext length changes.	This vulnerability is mitigated by disabling TLS-level compression entirely, a feature removed in TLS 1.3.
BREACH Attack	Browser Reconnaissance and Exfiltration via Adaptive Compression; a variant of CRIME targeting HTTP-level compression to extract secrets like login tokens or cookies from HTTPS responses that reflect user input.	Unlike CRIME, which targeted TLS compression, BREACH exploits compression higher up the stack.
FREAK Attack	An encryption downgrade attack that tricks clients and servers into negotiating a connection using cryptographically weak “export-grade” RSA cipher suites (usually 512-bit keys).	This attack leveraged protocol negotiation to force the use of algorithms developed under obsolete US export regulations.
DROWN Attack	Decrypting RSA with Obsolete and Weakened eNcryption; a cross-protocol attack exploiting a server’s support for the deprecated SSLv2 protocol to leverage a vulnerability (Bleichenbacher’s attack) against connections using modern TLS.	It exposes sensitive data by decrypting RSA secrets without requiring the private key itself.
Renegotiation Attack	A vulnerability where an attacker hijacks an existing TLS connection and splices malicious content into the beginning of a conversation when a client initiates a new handshake (renegotiation).	This attack allows for plaintext injection and session confusion and led to the creation of the Renegotiation Indication Extension.
0-RTT (Zero Round Trip Time)	A performance feature supported by TLS 1.3 that allows clients to send encrypted application data on the very first message of a resumed session, eliminating one round trip.	It drastically speeds up resumed connections for returning users but introduces a potential vulnerability to replay attacks.
Replay Attack (0-RTT context)	A specific security risk in 0-RTT where an attacker copies the encrypted 0-RTT data (containing the first request) and sends it to the server again, causing repeated processing of the request.	This is mitigated by restricting 0-RTT to idempotent HTTP requests (like GET requests with no query parameters).
Idempotent	A property of certain HTTP requests (like GET requests) meaning they can be repeated safely without changing the server’s state (e.g., triggering a fund transfer).	0-RTT requests are restricted to idempotent methods to manage the risk of replay attacks.
Handshake (TLS/SSL)	The initial process of exchanging messages between a client and a server to acknowledge each other, authenticate identities, agree on cryptographic algorithms, and generate session keys.	A full TLS 1.2 handshake requires two round trips, while TLS 1.3 reduced this to one round trip.
TLS Record Protocol	The bottom layer of SSL/TLS that encapsulates all data sent in the tunnel, splitting it into records containing a header (type, version, length) and encrypted/authenticated data.	It defines how application data is compressed, authenticated, and encrypted using the keys established during the Handshake Protocol.
Alert Protocol	A TLS sub-protocol used to exchange warning and error messages, which can be sent at any time during the session.	A fatal alert (e.g., Bad record MAC) closes the session immediately, while a warning allows the recipient to decide whether to terminate.
PKCS#1	A standard defining padding schemes for RSA encryption, including the structure used for the PreMasterSecret in older SSL/TLS versions.	Weakness in processing invalid PKCS#1 padding on the server led to Bleichenbacher’s padding oracle attack.
Interactive Proof System	A system where a prover (Peggy) and a verifier (Vic) communicate alternately through moves and rounds to demonstrate knowledge of a secret fact (the prover’s secret).	Requirements include knowledge completeness (Peggy knows secret $\to$ Vic accepts) and knowledge soundness (Peggy convinces Vic $\to$ Peggy knows secret).
Zero-Knowledge (Proof System)	A property of an interactive proof where the verifier obtains no knowledge from the interaction that could not have been efficiently generated without the prover’s secret.	This property captures the prover’s security requirements against dishonest verifiers trying to gain secret information.
Simulator	A probabilistic algorithm used in zero-knowledge proofs that generates valid accepting transcripts for a verifier without access to the real prover’s secret.	It runs in expected polynomial time and ensures the simulated transcripts have the same probability distribution as real ones.
Commitment Schemes	Cryptographic mechanisms allowing a sender to commit to a specific value while keeping it secret until a later step when the commitment is opened.	They must satisfy the Hiding property (receiver cannot learn the value during commit) and the Binding property (sender cannot change the value after commit).
Homomorphic Commitment Schemes	Commitment schemes where a mathematical operation on two commitments yields a commitment to the operation performed on the underlying committed values.	They are used in distributed computation, such as electronic voting schemes, to compute a sum of votes without revealing individual votes.
(t, n)-Threshold Scheme	A secret sharing scheme where a secret ($s$) is divided into $n$ shares, requiring any $t$ users (where $t\le n$) to collaborate to recover $s$.	Shamir’s threshold scheme is a perfect implementation based on polynomial properties over a finite field.
Universal Verifiability	A critical property for electronic elections ensuring that everyone (voters, candidates, the public) can check that only legitimate votes were counted and that the final tally is accurately reproduced.	This is achieved in modern cryptographic voting protocols through mechanisms like verifiable shuffles or threshold decryption.
Receipt-freeness	An essential property in voting schemes where a voter cannot obtain or construct a proof (receipt) that they cast a particular vote, thereby preventing vote selling or coercion.	In some protocols, this is achieved by introducing a Randomizer to re-encrypt votes and using designated-verifier proofs.
Coercion Resistance	A stronger security property than receipt-freeness, where an election scheme resists attacks like randomization, forced abstention, and simulation, making it infeasible for an adversary to verify a coerced voter’s compliance.	The coercion-resistant protocol of Juels, Catalano, and Jakobsson uses anonymous channels, verifiable mix nets, and a Distributed Plaintext Equivalence Test (PET).
Mix Net (Mix Server/Cascade)	A network or cascade of mix servers that collect encrypted messages, randomly permute (“shuffle”) the order, and re-encrypt/partially decrypt them to guarantee sender anonymity.	Mix nets are the preferred tool for implementing anonymous communication channels, especially in electronic voting.
Distributed (t, n)-threshold decryption scheme	A decryption method where the secret key is shared among $n$ parties, allowing any $t$ of them to jointly decrypt a ciphertext without reconstructing the secret key.	This is used in multi-authority election schemes to ensure voter privacy and robustness.
Untappable Channel	A secret communication channel with the additional property that neither communication partner can prove to a third party which messages have been sent.	This strong requirement is necessary in election protocols to prevent a voter from proving they received a credential or submitted a specific ballot.
Blind Digital Signature	A signature scheme enabling the signer (e.g., a bank) to sign a message without knowing its content, ensuring the signer cannot later link the signature to the corresponding signing transaction.	Used in fair electronic cash systems to provide customer anonymity.
Fair Payment Systems	Anonymous payment systems that include a mechanism for revoking customer anonymity under well-defined conditions (e.g., double-spending detection).	This mechanism relies on “coin tracing” or “owner tracing” performed by a trusted third party or center.
ClientKeyExchange	A handshake message sent by the client containing the client’s part of the key exchange, such as the encrypted PreMasterSecret (in RSA) or a Diffie-Hellman public key share.	This message allows both parties to compute the shared secret key material.
Server Name Indication (SNI)	A TLS extension included in the ClientHello message that hints to the server the hostname the client wishes to connect to.	SNI is necessary for servers hosting multiple name-based virtual servers (virtual hosts) to select the correct SSL/TLS certificate to send back.
1-RTT Handshake	The connection setup efficiency achieved by TLS 1.3, requiring only one round trip between the client and server before encrypted application data can be sent.	This is significantly faster than the 2-RTT required by TLS 1.2 and earlier versions.
HKDF (HMAC-based Key Derivation Function)	A cryptographic function required in TLS 1.3 to derive the session keys from the Master Secret and other inputs.	This ensures key diversity and is part of the modern cryptographic improvements mandated by TLS 1.3.
DTLS (Datagram Transport Layer Security)	A communications protocol based on TLS that provides security (confidentiality, integrity) to datagram-based applications, typically over UDP.	It avoids the TCP meltdown problem and is used for applications like WebRTC and VPN tunnels.
Cipher-Choice	The original name used in early SSL drafts (before SSL v3) for the ability of a client and server to choose from a small set of ciphers to secure their connection.	This term was succeeded by “Cipher Suite” in SSL v3.
MAC-only cipher suite (NULL)	Cipher suites specified in older TLS/SSL versions that provide integrity checks (via MAC) but no encryption.	These are considered highly insecure and are removed from TLS 1.3.
Padding	Bytes added to a plaintext message before encryption to ensure its total length is a multiple of the block size, as required by block ciphers like AES in CBC mode.	Padding weaknesses, particularly in SSL 3.0, were exploited by Padding Oracle attacks like POODLE.
Logic of Belief (BAN logic)	A formal method for reasoning about what a principal (A) might reasonably believe having observed certain cryptographic messages and properties.	Used to verify the correctness of security protocols by modeling the beliefs and assumptions of the interacting parties.
Protocol robustness	A design approach that prioritizes explicitness, ensuring that the interpretation of a protocol depends solely on its content and not its context, by explicitly stating information like principals’ names and roles in messages.	This methodology is used to avoid subtle design flaws that arise from implicit assumptions.

Week 9

Term/Acronym	Simple Definition	Context/Usage
Firewall	A mechanism for maintaining control over the traffic that flows into and out of a network.	Typically placed on the border between an internal network and the Internet, or internally where the level of trust changes.
Packet Filtering	One of the oldest and simplest firewall technologies that examines the contents of each packet individually.	Filtering decisions are made based on simple factors found in the network stack, such as source/destination IP addresses, port number, and protocol used.
Stateful Packet Inspection (Stateful Firewall)	A firewall that keeps track of the connection state of traffic over a given connection using a state table.	It only allows traffic through that is part of a new or already established connection, making it generally more secure than simple packet filtering.
Deep Packet Inspection	Firewalls capable of analyzing the actual content of the flowing network traffic by reassembling the contents.	Used to filter out attacks and undesirable content based on payload content, rather than just the network structure.
Proxy Server	A specialized variant of a firewall that provides security and performance features, generally for a particular application like mail or Web browsing.	They act as a choke point to filter traffic for attacks and undesirable content, and provide a layer of security for devices behind them.
DMZ (Demilitarized Zone)	A combination of a network design feature and a protective device (like a firewall) used for systems that must be exposed to external networks.	Placed between two firewalls to protect exposed systems (e.g., mail servers, Web servers) while shielding the internal network.
Network Segmentation	The division of a network into multiple smaller networks, with each acting as its own small network called a subnet.	Helps reduce the impact of attacks, localize technical issues, and prevent unauthorized traffic from reaching sensitive portions of the network.
Choke Points	Specific points in the network through which traffic is funneled for inspection, filtering, and control.	Examples include routers moving traffic between subnets or application proxies that filter traffic for specific applications.
IDSes (Intrusion Detection Systems)	Devices or software that monitor networks, hosts, or applications for unauthorized activity to find and deal with malicious users.	They complement firewalls by constantly searching for traces of possible intrusion, such as abnormal traffic patterns or specific signatures.
NIDSes (Network Intrusion Detection Systems)	A type of IDS focused on monitoring traffic attached to the network.	Needs careful placement, often behind a firewall, to avoid being overloaded and to decrease the volume of spurious traffic it needs to inspect.
Signature-based Detection	An IDS method that maintains a database of attack signatures and compares incoming traffic against them.	Works well for known attacks, but fails if the attack is new or has been specifically constructed not to match existing signatures.
Anomaly-based Detection (Heuristic)	An IDS method that establishes a baseline of normal network activity and measures the present state against it to detect unusual patterns.	Works well for detecting new or zero-day attacks, but is prone to a larger number of false positives if the network’s normal traffic patterns change.
Zero-day attacks	New or unpublished attacks or vulnerabilities that are unknown to security tools when they first surface.	Security tools relying on known issues (like signature databases) are typically incapable of finding these issues.
Packet crafting attacks	Attacks involving very specifically designed packets of traffic that carry malicious code but are constructed to avoid detection by security devices.	These attacks are designed to pass through the relatively cursory inspections performed by devices like NIDSes.
VPNs (Virtual Private Networks)	An encrypted connection, often referred to as a tunnel, used for sending sensitive traffic securely over unsecure networks.	Commonly used by remote workers to connect to internal organizational resources (client-to-site) or for securely connecting two distant networks (site-to-site).
IPsec (Internet Protocol Security)	A solution that encapsulates the original IP packet into a secure packet to provide confidentiality, authentication, integrity, and anti-replay protection.	It works entirely at the network layer level and is commonly used in site-to-site VPN scenarios.
Anti-replay protection	A security mechanism designed to prevent malicious packets from being repeated intentionally.	IPsec uses a sequence number mechanism to check if a packet has already been received.
TLS (Transport Layer Security)	A protocol used to secure communications that can be utilized as a tunnel to meet VPN security goals.	Used in client-to-site VPN scenarios, but using it on top of TCP can lead to efficiency problems like head-of-line blocking and timer meltdown.
DTLS (Datagram TLS)	A version of the TLS protocol running on top of UDP.	Used to transport VPN traffic, specifically to avoid problems related to TCP transport layer protocols.
WPA2 (Wi-Fi Protected Access version 2)	The most current and strongest encryption protocol used for securing 802.11 wireless devices.	Used to protect the confidentiality of traffic flowing over wireless networks, alongside WEP and WPA.
Rogue Access Points	Wireless access points attached to a network without authorization.	They can invalidate planned network security by creating an insecure back door that bypasses border security.
Telnet	An older, purely text-based protocol for remote access that transmits data unencrypted.	It is completely unsecure, sending sensitive information like passwords in cleartext over the wire, and has largely been replaced by SSH.
SSH (Secure Shell)	A modern, secure protocol based on public key cryptography used to secure communications.	Used as the secure equivalent of Telnet for terminal access, and also supports file transfers (SFTP), port forwarding, and tunneling.
SFTP (Secure File Transfer Protocol)	A secure file transfer protocol based on the SSH protocol.	Used as the secure equivalent of the older, insecure FTP protocol for transferring files.
MDM (Mobile Device Management)	An external solution that enables the central management and enforcement of security policies on mobile devices.	Allows an organization to regulate access to enterprise resources, mandate security updates, and remotely wipe or disable a device.
BYOD (Bring Your Own Device)	An organization’s strategy and policies regarding the use of personal versus corporate-owned devices.	This approach is popular for budget savings, but necessitates careful risk management and usually requires MDM to enforce security measures on personal devices.
Port Scanners	Tools used to search for hosts on a network, identify their operating systems, and detect running services on open ports.	Used for security testing and assessment to discover the networks and systems present in an environment.
Nmap (Network Mapper)	A well-known and free tool that functions as a port scanner.	Besides conducting port scans, it can search for hosts, identify operating systems, and detect service versions.
Packet Sniffers (Network Analyzer/Sniffer)	A tool that intercepts traffic on a network by listening for any traffic the network interface of a device can see.	Used for troubleshooting and security analysis, but can glean sensitive data if insecure protocols are used.
Wireshark (Ethereal)	A fully featured packet sniffer with a graphical interface capable of intercepting traffic from a wide variety of wired and wireless sources.	A popular tool used by network operations and security teams for filtering, sorting, and analyzing traffic on the network.
Tcpdump	A classic command-line sniffing tool for UNIX-like operating systems that monitors network activities.	It is used to monitor traffic and can be used to filter network activities.
Honeypots	A security tool configured to deliberately display vulnerabilities or attractive materials to serve as bait for an attacker.	Used to detect, monitor, and study the activities of attackers or malware in the wild, providing an early warning system.
Honeynet	A larger structure created by setting up several honeypots in a network.	Used for large-scale monitoring of malware activity or internally to detect insider threats.
Hping3	A useful firewall tool able to construct specially crafted Internet Control Message Protocol (ICMP) packets.	Used to map the topology of and help locate vulnerabilities in firewalls by testing their responses.
DNS Spoofing	An attack where an unauthorized party replies to a DNS request before the legitimate resolver, providing the client with false information.	This is possible because DNS resolution is inherently unsecure, risking connection to the wrong server.
DNSSEC (DNS Security Extensions)	Extensions to the DNS protocol designed to authenticate DNS responses based on public-key cryptography.	Requires recursive resolvers and higher-level servers to sign records, allowing clients to verify the signatures chain.
SNMP (Simple Network Management Protocol)	An application layer protocol that assists with low-level diagnosis, reporting, and monitoring devices and network health.	Used by network administrators to set up network devices remotely and proactively request or receive usage reports.
RSVP(-TE) (Resource ReserVation Protocol)	A protocol that allows for the negotiation of bandwidth on routers and switches supporting it.	Mainly used for traffic engineering in the internet backbone because negotiation needs to occur throughout the entire path of the data.
QoS (Quality of Service)	Metrics and queueing strategies focused on managing traffic characteristics such as bandwidth, delay, jitter, and packets lost.	Involves classifying traffic based on headers like IP and TCP/UDP to prioritize packets.
RDP (Remote Desktop Protocol)	The proprietary protocol created by Microsoft to provide remote graphical access on Windows.	Its security has been updated (using TLS if agreed upon), and it includes features like audio and file system access.
RFB (Remote FrameBuffer) / VNC	An open, platform-independent protocol for remote graphical access.	It is pixel/framebuffer based, bandwidth-hungry, and is completely insecure by itself, requiring transport over a secure connection like SSH or VPN.
NFS (Network FileSystem)	A well-known protocol dedicated to offering a complete, distributed filesystem.	Used for local file transfer and is currently at version 4.
SMB/CIFS (Server Message Block/Common Internet File System)	Microsoft’s proprietary protocol solution for networked file sharing.	The newest versions (v2 & v3) have improved efficiency and interoperability compared to the original version (SMBv1/CIFS).
TFTP (Trivial File Transfer Protocol)	A very light protocol used for retrieving files.	Commonly used in specific scenarios like network booting devices.
P2P (Peer-to-Peer)	Protocols created to distribute the load over many computer nodes that form a kind of community.	This technology is known for decentralized file-sharing applications like BitTorrent and is also used by Microsoft for distributing updates.
DDoS (Distributed Denial of Service)	An attack that attempts to render portions of networks or infrastructure devices unusable.	This is a threat against which network redundancy is a factor in helping to mitigate risk.