Previous page | Next page | Contents

Appendix B

application protocol

An application protocol is a protocol that normally layers directly on top of the transport layer (e.g., TCP/IP). Examples include HTTP, TELNET, FTP, and SMTP.

asymmetric cipher

See public key cryptography.

authentication

Authentication is the ability of one entity to determine the identity of another entity.

block cipher

A block cipher is an algorithm that operates on plaintext in groups of bits, called blocks. 64 bits is a typical block size.

bulk cipher

A symmetric encryption algorithm used to encrypt large quantities of data.

Cipher Block Chaining Mode (CBC)

CBC is a mode in which every plaintext block encrypted with the block cipher is first exclusive-Ored with the previous ciphertext block (or, in the case of the first block, with the initialization vector).

certificate

As part of the X.509 protocol (a.k.a. ISO Authentication framework), certificates are assigned by a trusted Certificate Authority and provide verification of a party's identity and may also supply its public key.

client

The application entity that initiates a connection to a server.

client write key

The key used to encrypt data written by the client.

client write MAC secret

The secret data used to authenticate data written by the client.

connection

A connection is a transport (in the OSI layering model definition) that provides a suitable type of service. For SSL, such connections are peer to peer relationships. The connections are transient. Every connection is associated with one session.

Data Encryption Standard (DES)

DES is a very widely used symmetric encryption algorithm. DES is a block cipher.

Digital Signature Standard (DSS)

A standard for digital signing, including the Digital Signing Algorithm, approved by the National Institute of Standards and Technology, defined in NIST FIPS PUB 186, "Digital Signature Standard," published May, 1994 by the U.S. Dept. of Commerce.

digital signatures

Digital signatures utilize public key cryptography and one-way hash functions to produce a signature of the data that can be authenticated, and is difficult to forge or repudiate.

Fortezza

A PCMCIA card that provides both encryption and digital.

handshake

An initial negotiation between client and server that establishes the parameters of their transactions.

Initialization Vector (IV)

When a block cipher is used in CBC mode, the initialization vector is exclusive-ORed with the first plaintext block prior to encryption.

IDEA

A 64-bit block cipher designed by Xuejia Lai and James Massey.

Message Authentication Code (MAC)

A Message Authentication Code is a one-way hash computed from a message and some secret data. Its purpose is to detect if the message has been altered.

master secret

Secure secret data used for generating encryption keys, MAC secrets, and IVs.

MD5

MD5 [7] is a secure hashing function that converts an arbitrarily long data stream into a digest of fixed size.

public key cryptography

A class of cryptographic techniques employing two-key ciphers. Messages encrypted with the public key can only be decrypted with the associated private key. Conversely, messages signed with the private key can be verified with the public key.

one-way hash function

A one-way transformation that converts an arbitrary amount of data into a fixed-length hash. It is computationally hard to reverse the transformation or to find collisions. MD5 and SHA are examples of one-way hash functions.

RC2, RC4

Proprietary bulk ciphers from RSA Data Security, Inc. (There is no good reference to these as they are unpublished works; however, see [RSADSI]). RC2 is block cipher and RC4 is a stream cipher.

RSA

A very widely used public-key algorithm that can be used for either encryption or digital signing.

salt

Non-secret random data used to make export encryption keys resist precomputation attacks.

server

The server is the application entity that responds to requests for connections from clients. The server is passive, waiting for requests from clients.

session

A SSL session is an association between a client and a server. Sessions are created by the handshake protocol. Sessions define a set of cryptographic security parameters, which can be shared among multiple connections. Sessions are used to avoid the expensive negotiation of new security parameters for each connection.

session identifier

A session identifier is a value generated by a server that identifies a particular session.

server write key

The key used to encrypt data written by the server.

server write MAC secret

The secret data used to authenticate data written by the server.

SHA

The Secure Hash Algorithm is defined in FIPS PUB 180-1. It produces a 20-byte output [SHA].

stream cipher

An encryption algorithm that converts a key into a cryptographically-strong keystream, which is then exclusive-ORed with the plaintext..

symmetric cipher

See bulk cipher.

Previous page | Next page | Contents