This glossary contains definitions of special terms and abbreviations used in the user documentation of SSH Communications Security. For more information on terms related to Internet security, see RFC 2828.
AES is the new U.S. government standard for a symmetric encryption algorithm. AES uses the Rijndael block cipher and it is defined by the National Institute of Standards and Technology (NIST) in FIPS 197.
ASCII (American Standard Code for Information Interchange) is an 8-bit character encoding (including a parity bit) commonly used by computers to represent characters of the keyboard.
Arcfour is a symmetric stream cipher with a variable key size. It has been tested to be equivalent of the RC4 cipher by RSA Security.
Authentication is the process of verifying that the remote entity is who it claims to be. Authentication is not the same as authorization (access control), since it is not concerned with determining which rights the remote entity has. Authentication means, for example, verifying that the correct password for the given user account has been entered, but it does not mean determining what file system permissions the user has.
Authorization is the process of determining which rights an entity has, after the entity has been authenticated.
A security service that addresses the security concerns caused by attacks that deny or degrade a network service.
Badger is a message authentication code (MAC) algorithm introduced in 2005 by the Danish data security company Cryptico. It uses universal hashing as its design principle, allowing for a rigorous proof of its security under randomness assumptions for the keys. In addition, it uses some novel ways of combining the ingredients to make it one of the fastest known MAC algorithms.
A method of representing six-bit strings of binary data (values 0-63) using 64 ASCII characters. Base-64 encoding was originally used with Privacy Enhanced Mail (PEM), thus it is sometimes referred to as PEM encoding.
A representative of symmetric (secret-key) encryption algorithms that encrypts a fixed length block of plaintext (for example, 64 bits) at a time. With a block cipher, the same plaintext block will always encrypt to the same ciphertext block under the same key.
A symmetric block cipher designed by Bruce Schneier. Blowfish uses a block size of 64 bits and a key length of 32 to 448 bits.
A brute-force attack is an attempt to "guess", for example, a password by trying all possible values one by one. The determining factor for the likelihood of success of a brute-force attack is the number of possible values. This is important for cryptographic keys, since a large key will have a much smaller chance of being "broken" within a reasonable amount of time. If for example a key has a length of 128 bits, it means that there are a total of 2^128 = 3,4*10^38 possible values. Even with very large amounts of processing resources available, a key of this size is not likely to be broken within a reasonable amount of time. A processor capable of performing 1,000,000,000 such guesses per second would still need 3,4*10^29 seconds = 10^22 years to try all possible values, which is not practical.
A symmetric block cipher with a block size of 64 bits and a key length of up to 128 bits. CAST-128 is believed to be very strong. See RFC 2144 for more information.
Certificates are digital documents that are used for verifying the identity of communicating parties. In this documentation, the term certificate is commonly used to refer to X.509 public-key certificates. A public-key certificate binds identity information about an entity to the entity's public key for a certain validity period.
Certificate enrollment is an action in which a public key gets certified by a certification authority (CA). In this action a client provides the CA with a public key and some additional data in a certification request. The CA signs this key together with additional information with its own private key and returns the signed certificate to the client.
CMP defines online interactions between the end entities, the registration authorities, and the certification authority in a PKI. It is developed by the PKIX Working Group of the IETF and specified in RFC 4210.
A signed list containing the serial numbers of the certificates that have been revoked or suspended by the certificate issuer (the CA) before their expiration date. The CA usually issues new CRLs at frequent intervals. Current PKIX implementation of CRLs is the X.509 version 2 CRL. See RFC 3280 for more information.
An entity in a PKI that issues digital certificates (especially X.509 public-key certificates) and vouches for the binding between the data items in a certificate.
Certificate users (end entities) depend on the validity of information provided by a certificate. Thus, a CA should be someone that the end entities trust, and who usually holds an official position created by and granted power by a government, a corporation, or some other organization.
A certification request contains at least the public key and some identity information of the entity making the request, and it is signed with the private key of the entity. Certification requests are generated by end entities or RAs and sent to the CA. If allowed by the certificate policy of the CA, a certificate can be issued based on the request.
A security service that protects data from unauthorized disclosure. Usually, unauthorized disclosure of application level data is the primary concern, but the disclosure of the external characteristics of communication can also be a concern in some circumstances. The traffic flow confidentiality service addresses this latter concern by concealing source and destination addresses, message length, or frequency of communication.
CryptiCore was introduced in 2005 by the Danish data security company Cryptico. It is a set of algorithms consisting of the Rabbit stream cipher and Badger data integrity algorithm. CryptiCore enables very fast encryption and integrity checking performance, for example, when used with Secure Shell.
The branch of mathematics that studies the mathematical foundations of cryptographic methods.
DES is a U.S. Federal Information Processing Standard (FIPS) that defines the Data Encryption Algorithm (DEA). The term DES is also commonly used when referring to the algorithm.
The algorithm itself is a symmetric block cipher with a block size of 64 bits and a key length of 64 bits (of which 8 are parity bits). It was created in the 1970s by IBM, assisted by the U.S. National Security Agency (NSA).
Single DES is no longer considered secure. The controversy around DES key length and design issues has developed many variants of the original algorithm. 3DES (also known as triple-DES and Triple Data Encryption Algorithm or TDEA) is the most accepted. Most of what is known about block ciphers is due to analysis of DES. DEA and TDEA are defined in FIPS 46-3.
Denotes attacks that do not cause a security violation per se, but harm the availability of a service.
A dictionary attack is an attempt to guess, for example, a password by trying all words in a given dictionary (for example, of the English language) and simple permutations of those words. Even though the number of words and simple permutations of them is large, it will be significantly smaller than trying all possible values. For example, most modern computers would be able to run through all the words of an English dictionary in a few minutes. This makes dictionary attacks much more feasible, and if a password is very close to a word in a dictionary, it will not last long against a dictionary attack.
A method for key exchange between two parties. This method can be used to generate an unbiased secret key over an unsecured medium. The method has many variants. A well known attack called the man-in-the-middle attack forces the use of digital signatures or other means of authentication with the Diffie-Hellman protocol.
By encrypting a digest of a message with the private key, authentication can later be performed by applying the public key to an encrypted digest (digital signature) and comparing the result to the digest of the message.
DSA is a public-key algorithm for digital signatures. The DSA algorithm was invented by the U.S. National Security Agency (NSA) and it is defined by NIST in FIPS 186-2. For more information, see e.g. Bruce Schneier: "Applied Cryptography". See also DSS.
The U.S. digital signature standard defined by National Institute of Standards and Technology (NIST). It is a standard for digital signatures using the DSA public-key algorithm and the SHA-1 hash algorithm.
A domain name is a textual name for an Internet host, e.g.
www.ssh.com. The Domain Name System (DNS) infrastructure is used
to map domain names to IP addresses.
See STD 13 for more information.
A protocol that provides a means to dynamically allocate IP addresses to computers on local area networks (LANs). The system administrator assigns a range of IP addresses to DHCP, and each client computer on the LAN has its TCP/IP software configured to request an IP address from the DHCP server. The request and grant process uses a lease concept with a controllable time period. DHCP is defined in RFC 2131.
EBCDIC (Extended Binary Coded Decimal Interchange Code) is an 8-bit character encoding used by IBM mainframes and other platforms to represent text. EBCDIC was designed in 1964 by IBM and it was the predecessor to ASCII. All IBM mainframe operating systems still use EBCDIC.
A security mechanism used for the transformation of data from an intelligible form (plaintext) into an unintelligible form (ciphertext), to provide confidentiality. The inverse transformation process is called decryption.
An entity is a party in a security relationship. An entity could, for example, be one of the following: user, company, program or process (server process/program, client process/program), machine (computer), hardware device (router, gateway). An entity must be unique, and therefore it must have a unique identifier. Depending on the entity, an identifier can be a name, e-mail address, social security number, IP address, DNS name, process ID, hardware MAC address or something else.
FIPS is a series of U.S. Government technical standards published by the National Institute of Standards and Technology (NIST).
A node located on the perimeter of an administrative domain that implements the security policy of the domain. A firewall usually performs address and port-based packet filtering and usually has proxy servers for e-mail and other services.
GSSAPI is a function interface that provides security services for applications in a mechanism-independent way. This allows different security mechanisms to be used via one standardized API. GSSAPI is often linked with Kerberos, which is the most common mechanism of GSSAPI. GSSAPI provides support for Windows domain authentication with Active Directory on Windows and Unix. GSSAPI is described in RFC 2743.
A hashed message authentication code (HMAC) is a type of message authentication code (MAC) calculated using a cryptographic hash function in combination with a secret key. As with any MAC, it can be used to verify both the data integrity and data origin authenticity.
Any iterative cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC. The resulting MAC algorithm are termed HMAC-MD5 or HMAC-SHA-1, respectively. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function and on the size and quality of the key.
A host is an individual machine (computer). The term host is used for both client and server machines.
In SSH Tectia Manager, host key distribution is a mechanism for automatic distribution of the server host public keys that are used for server authentication when a Secure Shell client connects to a Secure Shell server.
HTTP is the protocol used to transfer web pages from a WWW server to the browser. The HTTP client sends requests to the server, and gets some data as a response. HTTP identifies objects on the server using URIs or URLs. For more information, see RFC 2068.
To work, the Management Agent of SSH Tectia Manager requires a data file called Initial Configuration Block (ICB). The ICB is created by the Management Server and it contains pre-configuration information that the Management Agent needs to operate, such as the address of the Management Server and the required authentication credentials.
A security service that ensures that data modifications are detectable. Integrity services need to match application requirements. Although authentication and integrity services are often cited separately, in practice they are intimately connected and almost always offered together.
An international standards body that has standardized the IP protocol and most of the other successful protocols used on the Internet. The IETF web pages are available at http://www.ietf.org/.
The network layer for the Transmission Control Protocol (TCP) protocol suite, defined in STD 5. IP is a connectionless, best-effort packet switching protocol. It provides packet routing, fragmentation, and re-assembly through the data link layer.
A protocol suite for protecting IP traffic at packet level defined by the Internet Engineering Task Force (IETF). IPSec can be used for protecting the data transmitted by any service or application that is based on IP. The IPSec protocols are defined in RFC 2401.
This is the current version of the Internet Protocol (IP).
This is a new version of the Internet Protocol (IP). Among other improvements it has an extended address space and better security. It is described in RFC 2460. There is no version five.
In IPv4, a 32-bit number that identifies the devices using the IP protocol. An IP address can be unicast, broadcast, or multicast. Please see STD 5 for more information.
A self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network. The Internet Protocol (IP) is defined in STD 5.
Keyboard-Interactive is a generic authentication method in Secure Shell, used to implement different types of authentication mechanisms. Any authentication method that requires only the user's input can be performed with Keyboard-Interactive. In SSH Tectia, currently supported methods include password, PAM, RADIUS, and RSA SecurID.
LDAP is a directory access protocol, defined in RFC 2251 and RFC 1777, for accessing directories that support the X.500 Directory model, while not incurring the resource requirements of the X.500 Directory Access Protocol (DAP). This protocol is especially targeted at management applications and browser applications that provide interactive read/write access to directories. The protocol is carried directly over Transmission Control Protocol (TCP) or other transport, bypassing much of the session/presentation overhead of X.500 DAP.
A software component which enables managing a host. Management Agent is responsible for communicating with the Management Server, installing, upgrading, monitoring, and controlling the SSH Tectia software on the host according to the management commands from the Management Server.
The Management Server runs the management logics, stores the configuration and environment information, and provides management communications to the managed hosts.
A message-digest algorithm developed by Ron Rivest of RSA Security. It computes a secure, irreversible, cryptographically strong 128-bit hash value for a document. The algorithm is documented in RFC 1321. Newer 160-bit algorithms such as SHA-1 are thought to be more secure than MD5.
A message authentication code (MAC) is a short piece of information used to authenticate a message. A MAC algorithm accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC. The MAC value protects the integrity and authenticity of the message, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.
MVS (Multiple Virtual Storage), first released in 1974, is an operating system used on the IBM mainframe computers. Although the original MVS was discontinued several years ago, the term MVS is still commonly used to refer to operating systems based on the same architecture, including OS/390 and the current z/OS.
MVS systems are traditionally accessed by 3270 terminals, or by PCs running TN3270 emulators.
NFS is a standard that implements a client/server architecture for file sharing on heterogeneous systems.
In some applications, such as banking and e-commerce, it may be necessary to obtain certificate revocation status that is more timely than is possible with CRLs. OCSP may be used to determine the current revocation status of a digital certificate, instead of or as a supplement to checking against a periodically published CRL. OCSP is described in RFC 2560.
A passphrase is a string of characters. Whereas a password is used for authentication directly, a passphrase is only used to protect the actual information used for authentication, the private key.
A password is a string of characters such as numbers, letters and special characters, used for authenticating an entity against another. The strength of a password is measured by its "randomness", called entropy. If a password has a high level of entropy, it is difficult to guess using dictionary attacks.
Refers to the notion that any single key being compromised will permit access to only data protected by that single key. In order for PFS to exist, the key used to protect transmission of data must not be used to derive any additional keys. If the key used to protect transmission of data was derived from some other keying material, that material must not be used to derive any more keys. Also referred to as public-key forward secrecy (PFS).
This standard defines the usage of the RSA algorithm in encryption and digital signatures. It contains explicit suggestions for the encoding of keys and algorithm input formatting.
This standard defines the general syntax for data that may have cryptography applied to it. This data includes digital signatures and recursive digital envelope encoding for cryptographic objects.
This standard describes the syntax for private-key information, including the private key and the set of attributes. The standard also describes the syntax for encrypted private keys.
This standard defines a format for certification requests.
This standard defines CryptoKi, which is an interface for cryptographic devices (for example, smart cards and cryptographic accelerators).
This standard defines a portable format for storing or transporting a user's private keys, certificates, and miscellaneous secrets. PKCS #12 is supported by common web browsers for importing and exporting user private keys.
This standard defines how keys, certificates, and application-specific data may be stored on an ISO/IEC 7816 compliant smart card.
Text which has not been encrypted. The opposite is ciphertext.
Pluggable Authentication Module is an authentication framework used in Unix systems. PAM allows stacking authentication modules and can be used to integrate login with different authentication mechanisms.
A suite of protocols for encryption, authentication, message integrity, and key management. For more information, see RFC 1421. PEM is commonly used to refer to an encoding method where binary objects such as certificates are converted to a printable format using a 64-character subset of the alphabet (this is also known as base-64 encoding).
In public-key cryptography the private key is only known to the holder, and it can be used to sign and decrypt messages.
Proxy is a cache server that acts as a firewall, protecting the local network. It allows an application inside the proxy to access resources on the global Internet.
In contrast to symmetric (secret-key) cryptography with just one cipher key, in public-key cryptography each person or host has two keys. One is the private key, which is used for signing outgoing messages and decrypting incoming messages, the other is the , which is used by others to confirm the authenticity of a signed message coming from that person and for encrypting messages addressed to that person. The private key must not be available to anyone but its owner, but the public key is spread via trusted channels to anyone.
The PKCS standards are a document series from RSA Laboratories. Some of the most important PKCS standards include PKCS #1 for RSA encryption and signature formats, PKCS #7 for cryptographic message encapsulation, PKCS #10 for certification requests, and PKCS #11 for a cryptographic token interface commonly used with smart cards.
PKI consists of end entities possessing key pairs, certification authorities, certificate repositories (directories), and all the other software, components, and entities required when utilizing public-key cryptography.
Rabbit is a symmetric stream cipher introduced in 2003 by the Danish data security company Cryptico. Based on iterating a set of coupled nonlinear functions, it uses a 128-bit key and provides high security while still being extremely fast.
RADIUS is a protocol for checking a user's authentication and authorization information from a remote server. It is originally intended for authenticating dial-in users, but it is also suitable for use with Secure Shell. RADIUS is described in RFC 2865.
An optional entity in a PKI, separate from the CA(s). The functions that the RA performs will vary from case to case but may include identity authentication and name assignment, key generation, token distribution, and revocation reporting.
A document of the Internet Society under standardization. RFCs can be located at http://www.ietf.org/rfc.html.
Resource Access Control Facility (RACF) is a security system by IBM that provides access control and auditing functionality for the z/OS operating system.
Designed by Joan Daemen and Vincent Rijmen, Rijndael is a symmetric block cipher with a block size of 128 bits and a variable key length of 128, 192, or 256 bits. Rijndael was chosen for the U.S. Advanced Encryption Standard (AES).
A public-key encryption and digital signature algorithm, invented by Ron Rivest, Adi Shamir, and Leonard Adleman. For more information, see e.g. Bruce Schneier: "Applied Cryptography". The RSA algorithm was patented by RSA Security, but the patent expired in September 2000.
A United States standard for a cryptographically strong hash algorithm, designed by National Security Agency (NSA) and defined by National Institute of Standards and Technology (NIST). See also MD5.
The Secure Shell (SecSh) protocol was originally developed in 1995 by Tatu Ylönen, the founder of SSH Communications Security. Secure Shell replaces other, unsecured terminal applications (such as Rlogin, Telnet, and FTP), and allows forwarding arbitrary TCP/IP ports over the secure channel, enabling secure connection, for example, to an e-mail service.
There are two versions of the Secure Shell protocol. The current version, Secure Shell version 2 (SecSh v2, SSH2) provides several security improvements as compared to the original Secure Shell version 1 (SecSh v1, SSH1). SSH Tectia is based on SecSh v2, and SSH Communications Security considers SecSh v1 deprecated and does not recommend nor support its use anymore. The SSH2 protocol is defined in RFCs 4250-4256.
RSA SecurID is a widely-used two-factor authentication method based on the use of SecurID Authenticator tokens. The Authenticator token generates a random numerical code that the user needs to enter when connecting to a system. RSA ACE/Agent is used to verify the code. RSA ACE/Server acts as the management component handling the authentication requests and managing the authentication policies for enterprise networks.
An intermediate system that acts as the communications interface between two networks. The internal subnetworks and host served by a security gateway are presumed to be trusted because of shared local security administration.
The purpose of a security policy is to decide how an organization is going to protect itself. The policy will generally require two parts: a general policy and specific rules (system-specific policy). The general policy sets the overall approach to security. The rules define what is and what is not allowed. In this document, the term security policy is typically used when referring to the latter. The security policy describes how data is protected, which traffic is allowed or denied, and who is able to use the network resources.
A strong block cipher designed by Korea Information Security Agency (KISA) and a group of experts in 1998. SEED uses a block size of 128 bits and a key length of 128 bits. SEED is a national standard encryption algorithm in South Korea. It has also been adopted as an ISO/IEC standard (ISO/IEC 18033-3) and an IETF RFC (RFC 4269).
A strong block cipher designed by Ross Anderson, Eli Biham, and Lars Knudsen. Serpent was one of the five final candidates for the United States government's new cipher standard, AES (Advanced Encryption Standard). It was probably the strongest of the candidates, but slower than the winning algorithm, Rijndael. Serpent uses a block size of 128 bits and a key length of 128, 192, or 256 bits.
Improved version of the original Secure Hash Algorithm (SHA). The algorithm produces a 160-bit message digest and it is considered very good. It is part of the U.S. Digital Signature Standard (DSS) and it is defined in FIPS 180-1.
A shared secret, also known as pre-shared key (PSK) or simply shared key, is similar to a password in the sense that it is also used for authentication, but shared keys are often used to authenticate both entities at the same time. If both entities know the shared secret, they are assured of each others' identities.
Shared keys can be used to give end entities the right to enroll certificates, in which case the shared key is created by an RA or a CA and distributed to the end entity by some out-of-band method. The end entity can then authenticate itself by using the shared key in the certificate enrollment. In this case, the key is often limited to a certain number of uses.
A smart card, or an integrated circuit card, is a device for secure identification of users of information systems. Typically smart cards contain a processor that can do a private-key operation using a private key on the card, some kind of a file system that can hold certificates, public keys, or other data relevant for the use of the card.
SOCKS is a protocol for traversing through application gateway firewalls. It allows an application inside the firewall to access resources on the global Internet. The protocol is defined in RFC 1928.
The SSH Tectia client/server solution consists of three products, SSH Tectia Server, SSH Tectia Client, and SSH Tectia Connector.
SSH Tectia Client provides secure interactive file transfer and terminal client functionality for remote users and system administrators to access and manage servers running SSH Tectia Server or other applications using the Secure Shell protocol. It also supports (non-transparent) static and dynamic tunneling of TCP-based applications.
SSH Tectia Connector is transparent, end-user desktop client software that provides dynamic tunneling of client/server connections without the need to re-configure the tunneled applications. It enables corporate end users to connect to business applications securely and automatically when an IP connection is established, while being fully transparent to the user.
SSH Tectia Manager is a security management platform designed to reduce the total cost of ownership of large multi-platform environments. It enables administrators to enforce consistent security policy and to more efficiently monitor the state of their security environments. SSH Tectia Manager provides centralized management for SSH Tectia managed security middleware solutions.
SSH Tectia Server is a server-side component for SSH Tectia Connector and Client. The most common and widespread usage scenario of SSH Tectia Server is the secure system administration of servers and other resources in corporate and educational networks.
A subseries of Request For Comments (RFC) that specify Internet standards. The standards in the STD series also retain their RFC numbers.
A representative of symmetric (secret-key) encryption algorithms that encrypt a single bit at a time. With a stream cipher, the same plaintext bit or byte will encrypt to a different bit or byte every time it is encrypted.
TN3270 is a remote-login protocol used by IBM 3270 mainframe computer terminal emulators. Like standard Telnet, TN3270 is natively unsecured.
The analysis of network traffic flow for the purpose of deducing information that is useful to an adversary. For example, frequency of transmission, the identities of the conversing parties, sizes of IP packets, and flow identifiers.
A widely used connection-oriented, reliable (but unsecured) communications protocol. This is the standard transport protocol used on the Internet. It is defined in STD 7 (RFC 793).
Transport Layer Security is a protocol providing confidentiality, authentication, and integrity for stream-like connections. It is typically used to secure HTTP connections. The protocol is being standardized by a working group of the IETF.
A strong and fast block cipher designed by Bruce Schneier. Twofish was one of the five final candidates for the United States government's new cipher standard, AES (Advanced Encryption Standard). Twofish uses a block size of 128 bits and a key length of up to 256 bits.
URIs identify resources or objects in the world or on the Internet. They are defined in RFC 2396. The most commonly used form of an URI is an URL.
URLs are used to describe the location of web pages, and
are also used in many other contexts. An example of an URL is
http://www.ssh.com/products/tectia/index.html. They are
defined in RFC 1738 and RFC 1808. URLs are a special case of URIs.
Unix System Services (USS) is a component of the IBM z/OS operating system. It allows Unix applications from other platforms to run on IBM mainframes.
A datagram-oriented unreliable communications protocol widely used on the Internet. It is a layer over the IP protocol. UDP is defined in STD 6 (RFC 768).
Virtual private networking is the use of encryption in the lower protocol layers to provide a secure connection through an otherwise unsecured network, typically the Internet. The encryption may be performed, for example, by firewall software, by a router, or by a dedicated VPN security gateway.
The family of joint ITU-T/ISO standards defining the X.500 Directory. The directory can be used for many applications, such as storing certificates, or information about people. LDAP is often used to access the X.500 Directory.
The ITU-T X.509 recommendation defines the formats for X.509 certificate and X.509 CRL. Different X.509 applications are further defined by the PKIX Working Group of the IETF. These include X.509 version 3 public-key certificates and X.509 version 2 CRLs.