Chapter 4. Security Architecture and Engineering Flashcards Preview

(ISC)2 Official Flashcards > Chapter 4. Security Architecture and Engineering > Flashcards

Flashcards in Chapter 4. Security Architecture and Engineering Deck (26)
Loading flashcards...

A mathematical function that is used in the encryption and decryption processes. It may be quite simple or extremely complex. Also defined as the set of instructions by which encryption and decryption is done.



Process that uses different keys for encryption than it does for decryption, and in which the decryption key is computationally infeasible to determine given the encryption key itself, from plaintext and corresponding ciphertext, or from knowledge of the key generation or encryption algorithm.

Asymmetric Encryption


Using fixed-length sequences of input plaintext symbols as the unit of encryption.

Block Mode Encryption


Size in symbols (usually bits or bytes) for a particular block mode encryption algorithm or process.

Block Size (Encryption)


The altered form of a plaintext message so as to be unreadable for anyone except the intended recipients. In other words, it has been turned into a secret.



This occurs when a hash function generates the same output for different inputs. In other words, two different messages produce the same message digest.



The study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services.



A process or function that transforms an input plaintext into a unique value called a hash (or hash value). These do not use cryptographic algorithms; the term "cryptographic" refers to the assertion that strong hash algorithms are one-way functions, that is, it is computationally infeasible to determine the input plaintext from the hash value and knowledge of the algorithm alone. Message digests are an example of the use of a cryptographic hash.

Cryptographic Hash, Cryptographic Hash Function


The study or applications of methods to secure or protect the meaning and content of messages, files, or other information, usually by disguise, obscuration, or other transformations of that content and meaning.



The science that deals with hidden, disguised, or encrypted communications, files, or other information. It consists of both cryptography and cryptanalysis.



The complete set of hardware, software, communications elements, and procedures that allows parties to communicate, store information, or use information that is protected by cryptographic means. The system includes the algorithm, key, and key management functions, together with other services that can be provided through cryptography.



One or more parameters that are inherent to a particular cryptographic algorithm and its implementation in a cryptosystem. Block size, key length, and number of iterations (or rounds) are examples of cryptovariables.



The reverse process from encoding, converting the encoded message back into its plaintext format.



The reverse process from encryption. It is the process of converting a ciphertext message back into plaintext through the use of the cryptographic algorithm and the appropriate key for decryption (which is the same for symmetric encryption, but different for asymmetric encryption). This term is also used interchangeably with "deciphering."



The action of changing a message or other set of information into another format through the use of a code. Unlike encryption, which obscures or hides the meaning, encoded information can still be read by anyone with knowledge of the encoding process.



The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are sometimes used interchangeably in literature and have similar meanings.



The total set of algorithms, processes, hardware, software, and procedures that taken together provide an encryption and decryption capability.

Encryption System


A form of cryptanalysis that uses the frequency of occurrence of letters, words, or symbols in the plaintext alphabet as a way of reducing the search space.

Frequency Analysis


A system that uses both symmetric and asymmetric encryption processes.

Hybrid Encryption System


Refers to transmitting or sharing control information, such as encryption keys and cryptovariables, over the same communications path, channel or system controlled or protected by that information.



The input that controls the operation of the cryptographic algorithm. It determines the behavior of the algorithm and permits the reliable encryption and decryption of the message.



A process by which keys (asymmetric or symmetric) are placed in a trusted storage agent's custody, for later retrieval. The trustworthiness of the encryption system(s) being used is thus completely placed in the escrow agent's control.

Key Escrow


The process of creating a new encryption (or decryption) key.

Key Generation


All processes used to create, store, distribute, and provide expiration and revocation of encryption and decryption keys, for all users of a particular encryption system.

Key Management


A matching set of one public and one private key, generally associated with only one person, organization, or identity.

Key Pair (Asymmetric Encryption)


A process of reconstructing an encryption key from the ciphertext alone, such as when the original key has been corrupted, lost, or forgotten. Requires a known way of reverse-engineering the algorithm (i.e., a successful means of conduction a ciphertext-based attack). By definition, a workable key recovery process for an algorithm means that the algorithm is not secure.

Key Recovery