Читаем CISSP Practice полностью

The process used to extend the validity period of a cryptographic key so that it can be used for an additional time period.

Key retrieval

To obtain an electronic cryptography key from active or archival electronic storage, a backup facility, or an archive under normal operational circumstances.

Key space

The total number of possible values that a key, such as a password, can have.

Key transport

(1) A process used to move a cryptographic key from one protected domain to another domain, including both physical and electronic methods of movement. (2) A key establishment procedure whereby one party (the sender) selects and encrypts the keying material and then distributes the material to another party (the receiver). (3) The secure transport of cryptographic keys from one cryptographic module to another module.

Key transport key pairs

A key transport key pair may be used to transport keying material from an originating entity to a receiving entity during communications, or to protect keying material while in storage. The originating entity in a communication (or the entity initiating the storage of the keying material) uses the public key to encrypt the keying material; the receiving entity (or the entity retrieving the stored keying material) uses the private key to decrypt the encrypted keying material.

Key update

A process used to replace a previously active key with a new key that is related to the old key.

Key validate

A process by which cryptographic parameters (e.g., domain parameters, private keys, public keys, certificates, and symmetric keys) are tested as being appropriate for use by a particular cryptographic algorithm for a specific security service and application and that they can be trusted.

Key value (key)

The secret code used to encrypt and decrypt a message.

Key wrapping

A method of encrypting keys (along with associated integrity information) that provides both confidentiality and integrity protection using a symmetric key algorithm.

Keyboard attack

A data scavenging method, using resources available to normal system users, which may include advanced software diagnostic tools.

Keyed-hash based message authentication code (HMAC)

A message authentication code that uses a cryptographic key in conjunction with a hash function. It creates a hash based on both a message and a secret key.

Keying material

The data (e.g., keys and initialization vectors) necessary to establish and maintain cryptographic keying relationships.

Keystroke logger

A form of malware that monitors a keyboard for action events, such as a key being pressed, and provides the observed keystrokes to an attacker.

Keystroke monitoring

The process used to view or record both the keystrokes entered by a computer user and the computer’s response during an interactive session. Keystroke monitoring is usually considered a special case of audit trails.

Killer packets

A method of disabling a system by sending Ethernet or Internet Protocol (IP) packets that exploit bugs in the networking code to crash the system. A similar action is done by synchronized floods (SYN floods), which is a method of disabling a system by sending more SYN packets than its networking code can handle.

Knapsack algorithm

Uses an integer programming technique. In contrast to RSA, the encryption and decryption functions are not inverse. It requires a high bandwidth and generally is insecure due to documented security breaches.

L

Label

(1) An explicit or implicit marking of a data structure or output media associated with an information system representing the FIPS 199 security category, or distribution limitations or handling caveats of the information contained therein. (2) A piece of information that represents the security level of an object and that describes the sensitivity of the information in the object. Similar to security label.

Labeling

Process of assigning a representation of the sensitivity of a subject or object.

Laboratory attack

A data scavenging method through the aid of what could be precise or elaborate powerful equipment.

Latency

Measures the delay from first bit in to first bit out. It is the time delay of data traffic through a network, switch, port, and link. Also, see data latency and packet latency.

Lattice

A partially ordered set for which every pair of elements has a greatest lower bound and a least upper bound.

Layered solution

The judicious placement of security protection and attack countermeasures that can provide an effective set of safeguards (controls) that are tailored to the unique needs of a customer’s situation. It is a part of security-in-depth or defense-in-depth strategy.

Layering