Cyber Glossary - K
Kerberos – A widely used authentication protocol developed at the Massachusetts Institute of Technology (MIT). In “classic” Kerberos, users share a secret password with a Key Distribution Center (KDC). The user, Alice, who wishes to communicate with another user, Bob, authenticates to the KDC and is furnished a “ticket” by the KDC to use to authenticate with Bob.
When Kerberos authentication is based on passwords, the protocol is known to be vulnerable to off-line dictionary attacks by eavesdroppers who capture the initial user-toKDC exchange. Longer password length and complexity provide some mitigation to this vulnerability, although sufficiently long passwords tend to be cumbersome for users. (SP 800-63) (NISTIR)
A means of verifying the identities of principals on an open network. It accomplishes this without relying on the authentication, trustworthiness, or physical security of hosts while assuming all packets can be read, modified and inserted at will. It uses a trust broker model and symmetric cryptography to provide authentication and authorization of users and systems on the network. (SP 800-95) (NISTIR)
Key – The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.
Related Term(s): private key, public key, secret key, symmetric key
(From: CNSSI 4009) (NICCS)
Key – A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. (SP 800-63) (NISTIR)
A numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. (CNSSI-4009) (NISTIR)
A parameter used in conjunction with a cryptographic algorithm that determines its operation. Examples applicable to this Standard include:
- the transformation of plaintext data into ciphertext data,
- the transformation of ciphertext data into plaintext data,
- the computation of a digital signature from data,
- the verification of a digital signature,
- the computation of an authentication code from data,
- the verification of an authentication code from data and a received authentication code, and
- the computation of a shared secret that is used to derive keying material.
Key-Auto-Key (KAK) – Cryptographic logic using previous key to produce key. (CNSSI-4009) (NISTIR)
Key Bundle – The three cryptographic keys (Key1, Key2, Key3) that are used with a Triple Data Encryption Algorithm (TDEA) mode. (SP 800-67) (NISTIR)
Key Distribution Center (KDC) – COMSEC facility generating and distributing key in electronic form. (CNSSI-4009) (NISTIR)
The computation of a digital signature from data, and 2. The verification of a digital signature. (FIPS 186) (NISTIR)
Key-Encryption-Key (KEK) – Key that encrypts or decrypts other key for transmission or storage. (CNSSI-4009) (NISTIR)
Key Escrow – The processes of managing (e.g., generating, storing, transferring, auditing) the two components of a cryptographic key by two key component holders. (FIPS 185) (NISTIR)
- The processes of managing (e.g., generating, storing, transferring, auditing) the two components of a cryptographic key by two key component holders.
- A key recovery technique for storing knowledge of a cryptographic key, or parts thereof, in the custody of one or more third parties called "escrow agents," so that the key can be recovered and used in specified circumstances. (CNSSI-4009) (NISTIR)
A deposit of the private key of a subscriber and other pertinent information pursuant to an escrow agreement or similar contract binding upon the subscriber, the terms of which require one or more agents to hold the subscriber's private key for the benefit of the subscriber, an employer, or other party, upon provisions set forth in the agreement. (SP 800-32) (NISTIR)
Key Escrow System – A system that entrusts the two components comprising a cryptographic key (e.g., a device unique key) to two key component holders (also called "escrow agents"). (FIPS 185; CNSSI-4009) (NISTIR)
Key Establishment – The process by which cryptographic keys are securely established among cryptographic modules using manual transport methods (e.g., key loaders), automated methods (e.g., key transport and/or key agreement protocols), or a combination of automated and manual methods (consists of key transport plus key agreement). (FIPS 140-2) (NISTIR)
The process by which cryptographic keys are securely established among cryptographic modules using key transport and/or key agreement procedures. See Key Distribution. (CNSSI-4009 ((NISTIR)
Key Exchange – The process of exchanging public keys in order to establish secure communications. (SP 800-32) (NISTIR)
Process of exchanging public keys (and other information) in order to establish secure communications. (CNSSI-4009) (NISTIR)
Key Expansion – Routine used to generate a series of Round Keys from the Cipher Key. (FIPS 197) (NISTIR)
Key Generation Material – Random numbers, pseudo-random numbers, and cryptographic parameters used in generating cryptographic keys. (SP 800-32; CNSSI-4009) (NISTIR)
Key List – Printed series of key settings for a specific cryptonet. Key lists may be produced in list, pad, or printed tape format. (CNSSI-4009) (NISTIR)
Key Loader – A self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module. (FIPS 140-2) (NISTIR)
A self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or a component of a key that can be transferred, upon request, into a cryptographic module. (CNSSI-4009) (NISTIR)
Key Logger – A program designed to record which keys are pressed on a computer keyboard used to obtain passwords or encryption keys and thus bypass other security measures. (SP 800-82) (NISTIR)
Key Management – The activities involving the handling of cryptographic keys and other related security parameters (e.g., IVs and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and zeroization. SOURCE: FIPS 140-2; CNSSI-4009
Key Management Device – A unit that provides for secure electronic distribution of encryption keys to authorized users. (CNSSI-4009) (NISTIR)
Key Management Infrastructure (KMI) – All parts – computer hardware, firmware, software, and other equipment and its documentation; facilities that house the equipment and related functions; and companion standards, policies, procedures, and doctrine that form the system that manages and supports the ordering and delivery of cryptographic material and related information products and services to users. (CNSSI-4009) (NISTIR)
Key Pair – Two mathematically related keys having the properties that:
(1) one key can be used to encrypt a message that can only be decrypted using the other key, and
(2) even knowing one key, it is computationally infeasible to discover the other key. (SP 800-32) (NISTIR)
A public key and its corresponding private key; a key pair is used with a public key algorithm. (SP 800-21; CNSSI-4009) (NISTIR)
Related Term(s): private key, public key (Adapted from: CNSSI 4009, Federal Bridge Certificate Authority Certification Policy 2.25) (NICCS)
Key Production Key (KPK) – Key used to initialize a keystream generator for the production of other electronically generated key. (CNSSI-4009) (NISTIR)
Key Recovery – Mechanisms and processes that allow authorized parties to retrieve the cryptographic key used for data confidentiality. (CNSSI-4009) (NISTIR)
Key Resource – A publicly or privately controlled asset necessary to sustain continuity of government and/or economic operations, or an asset that is of great historical significance.
Related Term(s): critical infrastructure
(From: NCSD glossary) (NICCS)
Key Stream – Sequence of symbols (or their electrical or mechanical equivalents) produced in a machine or auto-manual cryptosystem to combine with plain text to produce cipher text, control transmission security processes, or produce key. (CNSSI-4009) (NISTIR)
Key Tag – Identification information associated with certain types of electronic key. (CNSSI-4009) (NISTIR)
Key Tape – Punched or magnetic tape containing key. Printed key in tape form is referred to as a key list. (CNSSI-4009) (NISTIR)
Key Transport – The secure transport of cryptographic keys from one cryptographic module to another module. SOURCE: FIPS 140-2; CNSSI-4009
Key Updating – Irreversible cryptographic process for modifying key. (CNSSI-4009) (NISTIR)
Key Wrap – A method of encrypting keying material (along with associated integrity information) that provides both confidentiality and integrity protection using a symmetric key algorithm. (SP 800-56A) (NISTIR)
Keyed-hash based message authentication code (HMAC) – A message authentication code that uses a cryptographic key in conjunction with a hash function. (FIPS 198; CNSSI-4009) (NISTIR)
Keying Material – Key, code, or authentication information in physical, electronic, or magnetic form. (CNSSI-4009) (NISTIR)
Keystroke Monitoring – The process used to view or record both the keystrokes entered by a computer user and the computer’s response during an interactive session. Keystroke monitoring is usually considered a special case of audit trails. (SP 800-12; CNSSI-4009) (NISTIR)
KMI-Aware Device – A user device that has a user identity for which the registration has significance across the entire KMI (i.e., the identity’s registration data is maintained in a database at the PRSN level of the system