Cryptography & Data Protection - Sec+

HIPPA

Regulation protecting PHI - Protected Health Information.

Homomorphic Encryption

Allows data to be processed without being decrypted, effectively securing data-in-use.

HSM

Hardware Security Module - a dedicated hardware device or appliance that provides secure storage, management, and use of cryptographic keys and sensitive data.

Key Stretching

A technique used in cryptography to enhance the security of passwords or cryptographic keys by increasing the time and computational effort required to derive the original plaintext from its hashed form. This process makes brute-force attacks and other password cracking techniques more difficult and time-consuming.

Tokenization

The process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token.

OCSP

Online Certificate Status Protocol, an Internet protocol used to obtain the real-time revocation status of a digital certificate.

Cryptographic Erasure

Encrypting the data on the storage media and then securely deleting the encryption key, rendering the encrypted data unreadable without the key.

CRL

Certificate Revocation List, a list of digital certificates that have been revoked before their scheduled expiration dates.

Nonce

Number used once is a cryptographic term referring to a random or semi-random number that is generated for a specific purpose, typically to ensure the freshness and uniqueness of data in cryptographic communications or protocols. Nonces are used to prevent replay attacks and to add randomness to cryptographic operations.

PCI

Payment Card Information, a type of regulated data.

Salting

A technique used in cryptography to strengthen the security of hashed passwords or other data by adding a random value (known as a salt) to the input before hashing. This random value ensures that even if two users have the same password, their hashed values will differ.

TPM

A specialized hardware component designed to provide a secure foundation for various security-related functions in computing devices, particularly in the context of system integrity and cryptographic operations.

RSA

RSA (Rivest-Shamir-Adleman) is Asymmetric.

PKP

Public Key Pinning, a security mechanism that associates a specific cryptographic public key with a web server to prevent impersonation using fraudulent certificates.

Public Key Infrastructure (PKI)

A framework of policies, procedures, and technologies used to manage digital certificates and public-key encryption, providing a secure way to verify the authenticity of digital entities such as users, devices, or servers.

MD5

MD5 (Message Digest Algorithm 5) is used for hashing.

RIPEMD

RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is used for hashing.

S/MIME

Secure Multipart Internet Message Extensions Leverages email certificates to both sign and encrypt email content, ensuring both authenticity and confidentiality.

PHI

Protected Health Information, a type of regulated data.

PII

Personally Identifiable Information, a type of regulated data.

Kernel Mode

Also known as Supervisor Mode or Ring 0, refers to a privileged mode of execution where the operating system's kernel has unrestricted access to the hardware and system resources.

MAC

Mandatory Access Control: Regulates access based on organization-set policies without user alteration.

Infrared Sensor

IR sensors can be either active or passive. Active IR sensors emit infrared light and measure the reflection, while passive IR sensors detect the infrared light naturally emitted by objects. Used in: Motion Detection, Remote Controls, Thermal Cameras, Temperature sensors.

Microwave Sensor

A microwave sensor uses microwave radar to detect objects and motion. These sensors emit microwaves and measure the time it takes for the waves to be reflected back after hitting an object. Used in: Automatic Doors, Speed Radars, Occupancy Sensing, Motion sensors.

MOA

Memorandum of Agreement: Formal document outlining specific responsibilities and roles of involved parties.

MOU

Memorandum of Understanding: Outlines a mutual agreement on project goals, often the first step toward collaboration.

3DES

3DES (Triple DES) is Symmetric.

AES

AES (Advanced Encryption Standard) is Symmetric.

DLP

Data Loss Prevention, a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.

Asymmetric Encryption

Uses a pair of keys: a public key and a private key. The public key is used to encrypt the data, while the private key is used to decrypt it. The public key can be shared openly, but the private key must be kept secure.

Asymmetric Encryption Algorithms

RSA (Rivest-Shamir-Adleman)
ECC (Elliptic Curve Cryptography)
DSA (Digital Signature Algorithm)

Block Cipher

An encryption algorithm that divides plaintext into fixed-size blocks, typically 64 or 128 bits, and then encrypts each block individually. The same key is used to encrypt and decrypt each block.

Chiper Lock

A Mechanical locking mechanism that uses a mechanical keypad for entry.

DES

DES (Data Encryption Standard) is Symmetric.

DH (Diffie-Hellman)

Diffie Hellman - Asymmetric algorithm commonly used for key exchange inside of VPN tunnels.

Digital Signature

A cryptographic mechanism used to verify the authenticity and integrity of digital messages or documents. It provides assurance that the message or document was created by a known sender (authentication) and has not been altered since it was signed (integrity).

Digital Signature Algorithms

Cryptographic mechanism used to verify authenticity and integrity using algorithms such as DSS (Digital Signature Standard), RSA (Rivest-Shamir-Adleman), and DSA (Digital Signature Algorithm)

DKIM

Domain Keys Identified Mail (DKIM) is a method of email authentication that helps prevent spammers and other malicious parties from impersonating a legitimate domain.

ECC

ECC (Elliptic Curve Cryptography) is Asymmetric.

Hash Attack Methods

Used to exploit weaknesses in hashing mechanisms, including Pass the Hash attacks and Birthday Attacks

Hashing Algorithms

MD5 (Message Digest Algorithm 5), SHA-1 (Secure Hash Algorithm 1), SHA-256 (Secure Hash Algorithm 256), SHA-3 (Secure Hash Algorithm 3), RIPEMD (RACE Integrity Primitives Evaluation Message Digest)

DMARC

DMARC tells mail servers what to do when DKIM or SPF fail, whether that is marking the failing emails as "spam," delivering the emails anyway, or dropping the emails altogether.

DSA

(DSA) Digital Signature Algorithm is Asymmetric.

SHA-1, SHA-256, SHA-3

SHA (Secure Hash Algorithm) 1,3, and 256 are used for hashing.

Stream Cipher

An encryption algorithm that encrypts plaintext one bit or byte at a time using a keystream. Unlike block ciphers, which process fixed-size blocks of data, stream ciphers encrypt data continuously, which can provide faster encryption for real-time communications.

Symmetric Encryption

Uses a single key for both encryption and decryption of data. The same key must be securely shared and kept secret between the communicating parties. This method is efficient and faster than asymmetric encryption.

Symmetric Encryption Algorithms

Advanced Encryption Standard (AES)
Data Encryption Standard (DES)
Triple DES (3DES)
Blowfish
RC Cipher Suite