Encryption & Network Security Concepts

HSM (Hardware Security Module)

A physical device that manages digital keys and performs encryption/decryption, often used for secure key storage and cryptographic processing.

TPM (Trusted Platform Module)

A hardware chip on the motherboard that provides secure cryptographic key storage and supports device authentication and integrity checks.

SED (Self-Encrypting Drive)

A data storage device with built-in hardware-level encryption that encrypts all data automatically as it’s written to the drive.

FDE (Full Disk Encryption)

Software technology that encrypts the entire contents of a storage device, protecting data at rest.

EFS (Encrypting File System)

A Windows feature that allows users to encrypt individual files or folders, protecting them from unauthorized access.

BitLocker

A Microsoft Windows tool for full disk encryption, protecting entire drives using TPM or a password.

GPG (GNU Privacy Guard)

Open-source encryption software that implements OpenPGP standard to encrypt, sign, and manage keys.

PGP (Pretty Good Privacy)

Encryption software used for securing emails, files, and communications through public-key cryptography.

HTTPS (HyperText Transfer Protocol Secure)

Secure version of HTTP that encrypts web traffic using SSL/TLS.

SFTP (Secure File Transfer Protocol)

A protocol for secure file transfer over SSH (not SSL/TLS) which encrypts both commands and data.

SSH (Secure Shell)

A cryptographic protocol for secure network communication, remote login, and command execution.

ESP (Encapsulating Security Payload)

A part of IPsec that provides authentication, integrity, and confidentiality for IP packets.

VPN (Virtual Private Network)

Creates encrypted 'tunnels' over public networks to connect remote systems securely.

SRTP (Secure Real-time Transport Protocol)

Protocol for secure, real-time delivery of audio and video over IP networks.

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)

Encryption protocol used in WPA2 Wi-Fi security, based on AES.

TLS (Transport Layer Security)

Successor to SSL, providing encryption and integrity for communications over networks.

Symmetric Encryption

Uses a single key for both encryption and decryption; fast and suitable for bulk data encryption.

Asymmetric Encryption

Uses a public key to encrypt and a private key to decrypt; used in PKI, digital signatures, and key exchange.

DHE (Diffie-Hellman Ephemeral)

Temporary key exchange protocol providing Perfect Forward Secrecy.

ECC (Elliptic Curve Cryptography)

Uses elliptic curve math for strong encryption with smaller key sizes; ideal for IoT and mobile devices.

RSA

Public-key cryptosystem based on large prime factorization; used for encryption, key exchange, and digital signatures.

KEK (Key Encryption Key)

A key used to encrypt or protect other cryptographic keys within a key management system.

IKE (Internet Key Exchange)

Protocol used in IPsec to securely exchange cryptographic keys and establish secure connections.

PFS (Perfect Forward Secrecy)

A property ensuring that compromise of one session key doesn’t affect past or future sessions.

ECDHE (Elliptic Curve Diffie-Hellman Ephemeral)

A key exchange method using elliptic curves to provide forward secrecy and efficiency.

AES (Advanced Encryption Standard)

Symmetric block cipher widely used for secure data encryption, available in multiple key sizes.

DES (Data Encryption Standard)

Older symmetric-key encryption algorithm, now deprecated and replaced by AES.

3DES (Triple DES)

An improvement on DES that applies encryption three times for increased security.

IDEA (International Data Encryption Algorithm)

Symmetric cipher once used in PGP; largely replaced by AES.

XOR (Exclusive OR)

Logical operation used in many encryption algorithms to combine plaintext with key material.

CBC (Cipher Block Chaining)

Block cipher mode where each ciphertext block depends on the previous block, providing diffusion.

CFB (Cipher Feedback)

Block cipher mode that turns a block cipher into a stream cipher for encrypting smaller units of data.

CTR / CTM (Counter Mode)

Block cipher mode that turns a block cipher into a stream cipher using counters for each block.

GCM (Galois/Counter Mode)

Combines CTR encryption with authentication for both confidentiality and integrity.

ECB (Electronic Codebook)

Simplest and weakest block cipher mode—encrypts each block independently, revealing patterns.

Key Size / Key Length

Number of bits in a key; longer keys mean more possible combinations and stronger security.

Computer Drive

physical component used for long-term storage of digital information, such as the OS, applications, and user files