Glossary
Kerberos (NIST)
A widely used authentication protocol developed at the Massachusetts Institute of Technology (MIT). In “classic” Kerberos, users share a secret password with a Key Distribution Center (KDC). The user, Alice, who wishes to communicate with another user, Bob, authenticates to the KDC and is furnished a “ticket” by the KDC to use to authenticate with Bob. When Kerberos authentication is based on passwords, the protocol is known to be vulnerable to off-line dictionary attacks by eavesdroppers who capture the initial user-to- KDC exchange. Longer password length and complexity provide some mitigation to this vulnerability, although sufficiently long passwords tend to be cumbersome for users.
SOURCE: SP 800-63
A means of verifying the identities of principals on an open network. It accomplishes this without relying on the authentication, trustworthiness, or physical security of hosts while assuming all packets can be read, modified and inserted at will. It uses a trust broker model and symmetric cryptography to provide authentication and authorization of users and systems on the network.
SOURCE: SP 800-95
Key (NIST)
A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.
SOURCE: SP 800-63
A numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.
SOURCE: CNSSI-4009
A parameter used in conjunction with a cryptographic algorithm that determines its operation.
Examples applicable to this Standard include:
1. The computation of a digital signature from data, and
2. The verification of a digital signature.
SOURCE: FIPS 186
Key Exchange (NIST)
The process of exchanging public keys in order to establish secure communications.
SOURCE: SP 800-32; CNSSI-4009
Key Logger (NIST)
A program designed to record which keys are pressed on a computer keyboard used to obtain passwords or encryption keys and thus bypass other security measures.
SOURCE: SP 800-82
Key Management (NIST)
The activities involving the handling of cryptographic keys and other related security parameters (e.g., IVs and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and zeroization.
SOURCE: FIPS 140-2; CNSSI-4009
Key Management Infrastructure – (KMI)(NIST)
All parts – computer hardware, firmware, software, and other equipment and its documentation; facilities that house the equipment and related functions; and companion standards, policies, procedures, and doctrine that form the system that manages and supports the ordering and delivery of cryptographic material and related information products and services to users.
SOURCE: CNSSI-4009
Key Pair (NIST)
Two mathematically related keys having the properties that (1) one key can be used to encrypt a message that can only be decrypted using the other key, and 2) even knowing one key, it is computationally infeasible to discover the other key.
SOURCE: SP 800-32
A public key and its corresponding private key; a key pair is used with a public key algorithm.
SOURCE: SP 800-21; CNSSI-4009
Known Error
A problem that has a documented root cause and a workaround.
SOURCE: ITIL V3