Internet Security Glossary, Version 2

$ DAC

(N) See: Data Authentication Code, discretionary access control.

Deprecated Usage: IDOCs that use this term SHOULD state a definition for it because this abbreviation is ambiguous.

$ daemon

(I) A computer program that is not invoked explicitly but waits until a specified condition occurs, and then runs with no associated user (principal), usually for an administrative purpose. (See: zombie.)

$ dangling threat

(O) A threat to a system for which there is no corresponding vulnerability and, therefore, no implied risk.

$ dangling vulnerability

(O) A vulnerability of a system for which there is no corresponding threat and, therefore, no implied risk.

$ DASS

(I) See: Distributed Authentication Security Service.

$ data

(I) Information in a specific representation, usually as a sequence of symbols that have meaning.

Usage: Refers to both (a) representations that can be recognized, processed, or produced by a computer or other type of machine, and (b) representations that can be handled by a human.

$ Data Authentication Algorithm, data authentication algorithm

1. (N) /capitalized/ The ANSI standard for a keyed hash function that is equivalent to DES cipher block chaining with IV = 0. [A9009]

2. (D) /not capitalized/ Synonym for some kind of "checksum".

Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form "data authentication algorithm" as a synonym for any kind of checksum, regardless of whether or not the checksum is based on a hash. Instead, use "checksum", "Data Authentication Code", "error detection code", "hash", "keyed hash", "Message Authentication Code", "protected checksum", or some other specific term, depending on what is meant.

The uncapitalized term can be confused with the Data Authentication Code and also mixes concepts in a potentially misleading way. The word "authentication" is misleading because the checksum may be used to perform a data integrity function rather than a data origin authentication function.

$ Data Authentication Code, data authentication code

1. (N) /capitalized/ A specific U.S. Government standard [FP113] for a checksum that is computed by the Data Authentication Algorithm. Usage: a.k.a. Message Authentication Code [A9009].) (See: DAC.)

2. (D) /not capitalized/ Synonym for some kind of "checksum".

Deprecated Term: IDOCs SHOULD NOT use the uncapitalized form "data authentication code" as a synonym for any kind of checksum, regardless of whether or not the checksum is based on the Data Authentication Algorithm. The uncapitalized term can be confused with the Data Authentication Code and also mixes concepts in a potentially misleading way (see: authentication code).

$ data compromise

1. (I) A security incident in which information is exposed to potential unauthorized access, such that unauthorized disclosure, alteration, or use of the information might have occurred. (Compare: security compromise, security incident.)

2. (O) /U.S. DoD/ A "compromise" is a "communication or physical transfer of information to an unauthorized recipient." [DoD5]

3. (O) /U.S. Government/ "Type of [security] incident where information is disclosed to unauthorized individuals or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred." [C4009]

$ data confidentiality

1. (I) The property that data is not disclosed to system entities unless they have been authorized to know the data. (See: Bell- LaPadula model, classification, data confidentiality service, secret. Compare: privacy.)

2. (D) "The property that information is not made available or disclosed to unauthorized individuals, entities, or processes [i.e., to any unauthorized system entity]." [I7498-2].

Deprecated Definition: The phrase "made available" might be interpreted to mean that the data could be altered, and that would confuse this term with the concept of "data integrity".

$ data confidentiality service

(I) A security service that protects data against unauthorized disclosure. (See: access control, data confidentiality, datagram confidentiality service, flow control, inference control.)

Deprecated Usage: IDOCs SHOULD NOT use this term as a synonym for "privacy", which is a different concept.

$ Data Encryption Algorithm (DEA)

(N) A symmetric block cipher, defined in the U.S. Government's DES. DEA uses a 64-bit key, of which 56 bits are independently chosen and 8 are parity bits, and maps a 64-bit block into another 64-bit block. [FP046] (See: AES, symmetric cryptography.)

Usage: This algorithm is usually referred to as "DES". The algorithm has also been adopted in standards outside the Government (e.g., [A3092]).

$ data encryption key (DEK)

(I) A cryptographic key that is used to encipher application data. (Compare: key-encrypting key.)

$ Data Encryption Standard (DES)

(N) A U.S. Government standard [FP046] that specifies the DEA and states policy for using the algorithm to protect unclassified, sensitive data. (See: AES.)

$ data integrity

1. (I) The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner. (See: data integrity service. Compare: correctness integrity, source integrity.)

2. (O) "The property that information has not been modified or destroyed in an unauthorized manner." [I7498-2]

Usage: Deals with (a) constancy of and confidence in data values, and not with either (b) information that the values represent (see: correctness integrity) or (c) the trustworthiness of the source of the values (see: source integrity).

$ data integrity service

(I) A security service that protects against unauthorized changes to data, including both intentional change or destruction and accidental change or loss, by ensuring that changes to data are detectable. (See: data integrity, checksum, datagram integrity service.)

Tutorial: A data integrity service can only detect a change and report it to an appropriate system entity; changes cannot be prevented unless the system is perfect (error-free) and no malicious user has access. However, a system that offers data integrity service might also attempt to correct and recover from changes.

The ability of this service to detect changes is limited by the technology of the mechanisms used to implement the service. For example, if the mechanism were a one-bit parity check across each entire SDU, then changes to an odd number of bits in an SDU would be detected, but changes to an even number of bits would not.

Relationship between data integrity service and authentication services: Although data integrity service is defined separately from data origin authentication service and peer entity authentication service, it is closely related to them. Authentication services depend, by definition, on companion data integrity services. Data origin authentication service provides verification that the identity of the original source of a received data unit is as claimed; there can be no such verification if the data unit has been altered. Peer entity authentication service provides verification that the identity of a peer entity in a current association is as claimed; there can be no such verification if the claimed identity has been altered.

$ data origin authentication

(I) "The corroboration that the source of data received is as claimed." [I7498-2] (See: authentication.)

$ data origin authentication service

(I) A security service that verifies the identity of a system entity that is claimed to be the original source of received data. (See: authentication, authentication service.)

Tutorial: This service is provided to any system entity that receives or holds the data. Unlike peer entity authentication service, this service is independent of any association between the originator and the recipient, and the data in question may have originated at any time in the past.

A digital signature mechanism can be used to provide this service, because someone who does not know the private key cannot forge the correct signature. However, by using the signer's public key, anyone can verify the origin of correctly signed data.

This service is usually bundled with connectionless data integrity service. (See: "relationship between data integrity service and authentication services" under "data integrity service".

$ data owner

(N) The organization that has the final statutory and operational authority for specified information.

$ data privacy

(D) Synonym for "data confidentiality".

Deprecated Term: IDOCs SHOULD NOT use this term; it mixes concepts in a potentially misleading way. Instead, use either "data confidentiality" or "privacy" or both, depending on what is meant.

$ data recovery

1. (I) /cryptanalysis/ A process for learning, from some cipher text, the plain text that was previously encrypted to produce the cipher text. (See: recovery.)

2. (I) /system integrity/ The process of restoring information following damage or destruction.

$ data security

(I) The protection of data from disclosure, alteration, destruction, or loss that either is accidental or is intentional but unauthorized.

Tutorial: Both data confidentiality service and data integrity service are needed to achieve data security.

$ datagram

(I) "A self-contained, independent entity of data [i.e., a packet] carrying sufficient information to be routed from the source [computer] to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network." [R1983] Example: A PDU of IP.

$ datagram confidentiality service

(I) A data confidentiality service that preserves the confidentiality of data in a single, independent, packet; i.e., the service applies to datagrams one-at-a-time. Example: ESP. (See: data confidentiality.)

Usage: When a protocol is said to provide data confidentiality service, this is usually understood to mean that only the SDU is protected in each packet. IDOCs that use the term to mean that the entire PDU is protected should include a highlighted definition.

Tutorial: This basic form of network confidentiality service suffices for protecting the data in a stream of packets in both connectionless and connection-oriented protocols. Except perhaps for traffic flow confidentiality, nothing further is needed to protect the confidentiality of data carried by a packet stream. The OSIRM distinguishes between connection confidentiality and connectionless confidentiality. The IPS need not make that distinction, because those services are just instances of the same service (i.e., datagram confidentiality) being offered in two different protocol contexts. (For data integrity service, however, additional effort is needed to protect a stream, and the IPS does need to distinguish between "datagram integrity service" and "stream integrity service".)

$ datagram integrity service

(I) A data integrity service that preserves the integrity of data in a single, independent, packet; i.e., the service applies to datagrams one-at-a-time. (See: data integrity. Compare: stream integrity service.)

Tutorial: The ability to provide appropriate data integrity is important in many Internet security situations, and so there are different kinds of data integrity services suited to different applications. This service is the simplest kind; it is suitable for connectionless data transfers.

Datagram integrity service usually is designed only to attempt to detect changes to the SDU in each packet, but it might also attempt to detect changes to some or all of the PCI in each packet (see: selective field integrity). In contrast to this simple, one-at-a-time service, some security situations demand a more complex service that also attempts to detect deleted, inserted, or reordered datagrams within a stream of datagrams (see: stream integrity service).

$ DEA

(N) See: Data Encryption Algorithm.

$ deception

(I) A circumstance or event that may result in an authorized entity receiving false data and believing it to be true. (See: authentication.)

Tutorial: This is a type of threat consequence, and it can be caused by the following types of threat actions: masquerade, falsification, and repudiation.

$ decipher

(D) Synonym for "decrypt".

Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym for "decrypt". However, see usage note under "encryption".

$ decipherment

(D) Synonym for "decryption".

Deprecated Definition: IDOCs SHOULD NOT use this term as a synonym for "decryption". However, see the Usage note under "encryption".

$ declassification

(I) An authorized process by which information is declassified. (Compare: classification.)

$ declassify

(I) To officially remove the security level designation of a classified information item or information type, such that the information is no longer classified (i.e., becomes unclassified). (See: classified, classify, security level. Compare: downgrade.)

$ decode

1. (I) Convert encoded data back to its original form of representation. (Compare: decrypt.)

2. (D) Synonym for "decrypt".

Deprecated Definition: Encoding is not usually meant to conceal meaning. Therefore, IDOCs SHOULD NOT use this term as a synonym for "decrypt", because that would mix concepts in a potentially misleading way.

$ decrypt

(I) Cryptographically restore cipher text to the plaintext form it had before encryption.

$ decryption

(I) See: secondary definition under "encryption".

$ dedicated security mode

(I) A mode of system operation wherein all users having access to the system possess, for all data handled by the system, both (a) all necessary authorizations (i.e., security clearance and formal access approval) and (b) a need-to-know. (See: /system operation/ under "mode", formal access approval, need to know, protection level, security clearance.)

Usage: Usually abbreviated as "dedicated mode". This mode was defined in U.S. Government policy on system accreditation, but the term is also used outside the Government. In this mode, the system may handle either (a) a single classification level or category of information or (b) a range of levels and categories.

$ default account

(I) A system login account (usually accessed with a user identifier and password) that has been predefined in a manufactured system to permit initial access when the system is first put into service. (See: harden.)

Tutorial: A default account becomes a serious vulnerability if not properly administered. Sometimes, the default identifier and password are well-known because they are the same in each copy of the system. In any case, when a system is put into service, any default password should immediately be changed or the default account should be disabled.

$ defense in depth

(N) "The siting of mutually supporting defense positions designed to absorb and progressively weaken attack, prevent initial observations of the whole position by the enemy, and [enable] the commander to maneuver the reserve." [JP1]

Tutorial: In information systems, defense in depth means constructing a system's security architecture with layered and complementary security mechanisms and countermeasures, so that if one security mechanism is defeated, one or more other mechanisms (which are "behind" or "beneath" the first mechanism) still provide protection.

This architectural concept is appealing because it aligns with traditional warfare doctrine, which applies defense in depth to physical, geospatial structures; but applying the concept to logical, cyberspace structures of computer networks is more difficult. The concept assumes that networks have a spatial or topological representation. It also assumes that there can be implemented -- from the "outer perimeter" of a network, through its various "layers" of components, to its "center" (i.e., to the subscriber application systems supported by the network) -- a varied series of countermeasures that together provide adequate protection. However, it is more difficult to map the topology of networks and make certain that no path exists by which an attacker could bypass all defensive layers.

$ Defense Information Infrastructure (DII)

(O) /U.S. DoD/ The U.S. DoD's shared, interconnected system of computers, communications, data, applications, security, people, training, and support structures, serving information needs worldwide. (See: DISN.) Usage: Has evolved to be called the GIG.

Tutorial: The DII connects mission support, command and control, and intelligence computers and users through voice, data, imagery, video, and multimedia services, and provides information processing and value-added services to subscribers over the DISN. Users' own data and application software are not considered part of the DII.

$ Defense Information Systems Network (DISN)

(O) /U.S. DoD/ The U.S. DoD's consolidated, worldwide, enterprise level telecommunications infrastructure that provides end-to-end information transfer for supporting military operations; a part of the DII. (Compare: GIG.)

$ degauss

1a. (N) Apply a magnetic field to permanently remove data from a magnetic storage medium, such as a tape or disk [NCS25]. (Compare: erase, purge, sanitize.)

1b. (N) Reduce magnetic flux density to zero by applying a reversing magnetic field. (See: magnetic remanence.)

$ degausser

(N) An electrical device that can degauss magnetic storage media.

$ DEK

(I) See: data encryption key.

$ delay

(I) /packet/ See: secondary definition under "stream integrity service".

$ deletion

(I) /packet/ See: secondary definition under "stream integrity service".

$ deliberate exposure

(I) /threat action/ See: secondary definition under "exposure".

$ delta CRL

(I) A partial CRL that only contains entries for certificates that have been revoked since the issuance of a prior, base CRL [X509]. This method can be used to partition CRLs that become too large and unwieldy. (Compare: CRL distribution point.)

$ demilitarized zone (DMZ)

(D) Synonym for "buffer zone".

Deprecated Term: IDOCs SHOULD NOT use this term because it mixes concepts in a potentially misleading way. (See: Deprecated Usage under "Green Book".)

$ denial of service

(I) The prevention of authorized access to a system resource or the delaying of system operations and functions. (See: availability, critical, flooding.)

Tutorial: A denial-of-service attack can prevent the normal conduct of business on the Internet. There are four types of solutions to this security problem:

Awareness: Maintaining cognizance of security threats and vulnerabilities. (See: CERT.)

Detection: Finding attacks on end systems and subnetworks. (See: intrusion detection.)

Prevention: Following defensive practices on network-connected systems. (See: [R2827].)

Response: Reacting effectively when attacks occur. (See: CSIRT, contingency plan.)

$ DES

(N) See: Data Encryption Standard.

$ designated approving authority (DAA)

(O) /U.S. Government/ Synonym for "accreditor".

$ detection

(I) See: secondary definition under "security".

$ deterrence

(I) See: secondary definition under "security".

$ dictionary attack

(I) An attack that uses a brute-force technique of successively trying all the words in some large, exhaustive list.

Examples: Attack an authentication service by trying all possible passwords. Attack an encryption service by encrypting some known plaintext phrase with all possible keys so that the key for any given encrypted message containing that phrase may be obtained by lookup.

$ Diffie-Hellman

$ Diffie-Hellman-Merkle

(N) A key-agreement algorithm published in 1976 by Whitfield Diffie and Martin Hellman [DH76, R2631].

Usage: The algorithm is most often called "Diffie-Hellman". However, in the November 1978 issue of "IEEE Communications Magazine", Hellman wrote that the algorithm "is a public key distribution system, a concept developed by [Ralph C.] Merkle, and hence should be called 'Diffie-Hellman-Merkle' ... to recognize Merkle's equal contribution to the invention of public key cryptography."

Tutorial: Diffie-Hellman-Merkle does key establishment, not encryption. However, the key that it produces may be used for encryption, for further key management operations, or for any other cryptography.

The algorithm is described in [R2631] and [Schn]. In brief, Alice and Bob together pick large integers that satisfy certain mathematical conditions, and then use the integers to each separately compute a public-private key pair. They send each other their public key. Each person uses their own private key and the other person's public key to compute a key, k, that, because of the mathematics of the algorithm, is the same for each of them. Passive wiretapping cannot learn the shared k, because k is not transmitted, and neither are the private keys needed to compute k.

The difficulty of breaking Diffie-Hellman-Merkle is considered to be equal to the difficulty of computing discrete logarithms modulo a large prime. However, without additional mechanisms to authenticate each party to the other, a protocol based on the algorithm may be vulnerable to a man-in-the-middle attack.

$ digest

See: message digest.

$ digital certificate

(I) A certificate document in the form of a digital data object (a data object used by a computer) to which is appended a computed digital signature value that depends on the data object. (See: attribute certificate, public-key certificate.)

Deprecated Usage: IDOCs SHOULD NOT use this term to refer to a signed CRL or CKL. Although the recommended definition can be interpreted to include other signed items, the security community does not use the term with those meanings.

$ digital certification

(D) Synonym for "certification".

Deprecated Definition: IDOCs SHOULD NOT use this definition unless the context is not sufficient to distinguish between digital certification and another kind of certification, in which case it would be better to use "public-key certification" or another phrase that indicates what is being certified.

$ digital document

(I) An electronic data object that represents information originally written in a non-electronic, non-magnetic medium (usually ink on paper) or is an analogue of a document of that type.

$ digital envelope

(I) A combination of (a) encrypted content data (of any kind) intended for a recipient and (b) the content encryption key in an encrypted form that has been prepared for the use of the recipient.

Usage: In IDOCs, the term SHOULD be defined at the point of first use because, although the term is defined in PKCS #7 and used in S/MIME, it is not widely known.

Tutorial: Digital enveloping is not simply a synonym for implementing data confidentiality with encryption; digital enveloping is a hybrid encryption scheme to "seal" a message or other data, by encrypting the data and sending both it and a protected form of the key to the intended recipient, so that no one other than the intended recipient can "open" the message. In PKCS #7, it means first encrypting the data using a symmetric encryption algorithm and a secret key, and then encrypting the secret key using an asymmetric encryption algorithm and the public key of the intended recipient. In S/MIME, additional methods are defined for encrypting the content encryption key.

$ Digital ID(service mark)

(D) Synonym for "digital certificate".

Deprecated Term: IDOCs SHOULD NOT use this term. It is a service mark of a commercial firm, and it unnecessarily duplicates the meaning of a better-established term. (See: credential.)

$ digital key

(D) Synonym for an input parameter of a cryptographic algorithm or other process. (See: key.)

Deprecated Usage: The adjective "digital" need not be used with "key" or "cryptographic key", unless the context is insufficient to distinguish the digital key from another kind of key, such as a metal key for a door lock.

$ digital notary

(I) An electronic functionary analogous to a notary public. Provides a trusted timestamp for a digital document, so that someone can later prove that the document existed at that point in time; verifies the signature(s) on a signed document before applying the stamp. (See: notarization.)

$ digital signature

1. (I) A value computed with a cryptographic algorithm and associated with a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity. (See: data origin authentication service, data integrity service, signer. Compare: digitized signature, electronic signature.)

2. (O) "Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient." [I7498-2]

Tutorial: A digital signature should have these properties:

Be capable of being verified. (See: validate vs. verify.)

Be bound to the signed data object in such a way that if the data is changed, then when an attempt is made to verify the signature, it will be seen as not authentic. (In some schemes, the signature is appended to the signed object as stated by definition 2, but in other it, schemes is not.)

Uniquely identify a system entity as being the signer.

Be under the signer's sole control, so that it cannot be created by any other entity.

To achieve these properties, the data object is first input to a hash function, and then the hash result is cryptographically transformed using a private key of the signer. The final resulting value is called the digital signature of the data object. The signature value is a protected checksum, because the properties of a cryptographic hash ensure that if the data object is changed, the digital signature will no longer match it. The digital signature is unforgeable because one cannot be certain of correctly creating or changing the signature without knowing the private key of the supposed signer.

Some digital signature schemes use an asymmetric encryption algorithm (e.g., "RSA") to transform the hash result. Thus, when Alice needs to sign a message to send to Bob, she can use her private key to encrypt the hash result. Bob receives both the message and the digital signature. Bob can use Alice's public key to decrypt the signature, and then compare the plaintext result to the hash result that he computes by hashing the message himself. If the values are equal, Bob accepts the message because he is certain that it is from Alice and has arrived unchanged. If the values are not equal, Bob rejects the message because either the message or the signature was altered in transit.

Other digital signature schemes (e.g., "DSS") transform the hash result with an algorithm (e.g., "DSA", "El Gamal") that cannot be directly used to encrypt data. Such a scheme creates a signature value from the hash and provides a way to verify the signature value, but does not provide a way to recover the hash result from the signature value. In some countries, such a scheme may improve exportability and avoid other legal constraints on usage. Alice sends the signature value to Bob along with both the message and its hash result. The algorithm enables Bob to use Alice's public signature key and the signature value to verify the hash result he receives. Then, as before, he compares that hash result she sent to the one that he computes by hashing the message himself.

$ Digital Signature Algorithm (DSA)

(N) An asymmetric cryptographic algorithm for a digital signature in the form of a pair of large numbers. The signature is computed using rules and parameters such that the identity of the signer and the integrity of the signed data can be verified. (See: DSS.)

$ Digital Signature Standard (DSS)

(N) The U.S. Government standard [FP186] that specifies the DSA.

$ digital watermarking

(I) Computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data -- text, graphics, images, video, or audio -- and for detecting or extracting the marks later.

Tutorial: A "digital watermark", i.e., the set of embedded bits, is sometimes hidden, usually imperceptible, and always intended to be unobtrusive. Depending on the particular technique that is used, digital watermarking can assist in proving ownership, controlling duplication, tracing distribution, ensuring data integrity, and performing other functions to protect intellectual property rights. [ACM]

$ digitized signature

(D) Denotes various forms of digitized images of handwritten signatures. (Compare: digital signature).

Deprecated Term: IDOCs SHOULD NOT use this term without including this definition. This term suggests careless use of "digital signature", which is the term standardized by [I7498-2]. (See: electronic signature.)

$ DII

(O) See: Defense Information Infrastructure.

$ direct attack

(I) See: secondary definition under "attack". (Compare: indirect attack.)

$ directory, Directory

1. (I) /not capitalized/ Refers generically to a database server or other system that stores and provides access to values of descriptive or operational data items that are associated with the components of a system. (Compare: repository.)

2. (N) /capitalized/ Refers specifically to the X.500 Directory. (See: DN, X.500.)

$ Directory Access Protocol (DAP)

(N) An OSI protocol [X519] for communication between a Directory User Agent (a type of X.500 client) and a Directory System Agent (a type of X.500 server). (See: LDAP.)

$ disaster plan

(O) Synonym for "contingency plan".

Deprecated Term: IDOCs SHOULD NOT use this term; instead, for consistency and neutrality of language, IDOCs SHOULD use "contingency plan".

$ disclosure

See: unauthorized disclosure. Compare: exposure.

$ discretionary access control

1a. (I) An access control service that (a) enforces a security policy based on the identity of system entities and the authorizations associated with the identities and (b) incorporates a concept of ownership in which access rights for a system resource may be granted and revoked by the entity that owns the resource. (See: access control list, DAC, identity-based security policy, mandatory access control.)

Derivation: This service is termed "discretionary" because an entity can be granted access rights to a resource such that the entity can by its own volition enable other entities to access the resource.

1b. (O) /formal model/ "A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject." [DoD1]

$ DISN

(O) See: Defense Information Systems Network (DISN).

$ disruption

(I) A circumstance or event that interrupts or prevents the correct operation of system services and functions. (See: availability, critical, system integrity, threat consequence.)

Tutorial: Disruption is a type of threat consequence; it can be caused by the following types of threat actions: incapacitation, corruption, and obstruction.

$ Distinguished Encoding Rules (DER)

(N) A subset of the Basic Encoding Rules that always provides only one way to encode any data structure defined by ASN.1. [X690].

Tutorial: For a data structure defined abstractly in ASN.1, BER often provides for encoding the structure into an octet string in more than one way, so that two separate BER implementations can legitimately produce different octet strings for the same ASN.1 definition. However, some applications require all encodings of a structure to be the same, so that encodings can be compared for equality. Therefore, DER is used in applications in which unique encoding is needed, such as when a digital signature is computed on a structure defined by ASN.1.

$ distinguished name (DN)

(N) An identifier that uniquely represents an object in the X.500 Directory Information Tree (DIT) [X501]. (Compare: domain name, identity, naming authority.)

Tutorial: A DN is a set of attribute values that identify the path leading from the base of the DIT to the object that is named. An X.509 public-key certificate or CRL contains a DN that identifies its issuer, and an X.509 attribute certificate contains a DN or other form of name that identifies its subject.

$ distributed attack

1a. (I) An attack that is implemented with distributed computing. (See: zombie.)

1b. (I) An attack that deploys multiple threat agents.

$ Distributed Authentication Security Service (DASS)

(I) An experimental Internet protocol [R1507] that uses cryptographic mechanisms to provide strong, mutual authentication services in a distributed environment.

$ distributed computing

(I) A technique that disperses a single, logically related set of tasks among a group of geographically separate yet cooperating computers. (See: distributed attack.)

$ distribution point

(I) An X.500 Directory entry or other information source that is named in a v3 X.509 public-key certificate extension as a location from which to obtain a CRL that may list the certificate.

Tutorial: A v3 X.509 public-key certificate may have a "cRLDistributionPoints" extension that names places to get CRLs on which the certificate might be listed. (See: certificate profile.) A CRL obtained from a distribution point may (a) cover either all reasons for which a certificate might be revoked or only some of the reasons, (b) be issued by either the authority that signed the certificate or some other authority, and (c) contain revocation entries for only a subset of the full set of certificates issued by one CA or (d) contain revocation entries for multiple CAs.

$ DKIM

(I) See: Domain Keys Identified Mail.

$ DMZ

(D) See: demilitarized zone.

$ DN

(N) See: distinguished name.

$ DNS

(I) See: Domain Name System.

$ doctrine

See: security doctrine.

$ DoD

(N) Department of Defense.

Usage: To avoid international misunderstanding, IDOCs SHOULD use this abbreviation only with a national qualifier (e.g., U.S. DoD).

$ DOI

(I) See: Domain of Interpretation.

$ domain

1a. (I) /general security/ An environment or context that (a) includes a set of system resources and a set of system entities that have the right to access the resources and (b) usually is defined by a security policy, security model, or security architecture. (See: CA domain, domain of interpretation, security perimeter. Compare: COI, enclave.)

Tutorial: A "controlled interface" or "guard" is required to transfer information between network domains that operate under different security policies.

1b. (O) /security policy/ A set of users, their information objects, and a common security policy. [DoD6, SP33]

1c. (O) /security policy/ A system or collection of systems that (a) belongs to a community of interest that implements a consistent security policy and (b) is administered by a single authority.

2. (O) /COMPUSEC/ An operating state or mode of a set of computer hardware.

Tutorial: Most computers have at least two hardware operating modes [Gass]:

"Privileged" mode: a.k.a. "executive", "master", "system", "kernel", or "supervisor" mode. In this mode, software can execute all machine instructions and access all storage locations.

"Unprivileged" mode: a.k.a. "user", "application", or "problem" mode. In this mode, software is restricted to a subset of the instructions and a subset of the storage locations.

3. (O) "A distinct scope within which certain common characteristics are exhibited and common rules are observed." [CORBA]

4. (O) /MISSI/ The domain of a MISSI CA is the set of MISSI users whose certificates are signed by the CA.

5. (I) /Internet/ That part of the tree-structured name space of the DNS that is at or below the name that specifies the domain. A domain is a subdomain of another domain if it is contained within that domain. For example, D.C.B.A is a subdomain of C.B.A

6. (O) /OSI/ An administrative partition of a complex distributed OSI system.

$ Domain Keys Identified Mail (DKIM)

(I) A protocol, which is being specified by the IETF working group of the same name, to provide data integrity and domain-level (see: DNS, domain name) data origin authentication for Internet mail messages. (Compare: PEM.)

Tutorial: DKIM employs asymmetric cryptography to create a digital signature for an Internet email message's body and selected headers (see RFC 1822), and the signature is then carried in a header of the message. A recipient of the message can verify the signature and, thereby, authenticate the identity of the originating domain and the integrity of the signed content, by using a public key belonging to the domain. The key can be obtained from the DNS.

$ domain name

(I) The style of identifier that is defined for subtrees in the Internet DNS -- i.e., a sequence of case-insensitive ASCII labels separated by dots (e.g., "bbn.com") -- and also is used in other types of Internet identifiers, such as host names (e.g., "rosslyn.bbn.com"), mailbox names (e.g., "rshirey@bbn.com") and URLs (e.g., "http://www.rosslyn.bbn.com/foo"). (See: domain. Compare: DN.)

Tutorial: The name space of the DNS is a tree structure in which each node and leaf holds records describing a resource. Each node has a label. The domain name of a node is the list of labels on the path from the node to the root of the tree. The labels in a domain name are printed or read left to right, from the most specific (lowest, farthest from the root) to the least specific (highest, closest to the root), but the root's label is the null string. (See: country code.)

$ Domain Name System (DNS)

(I) The main Internet operations database, which is distributed over a collection of servers and used by client software for purposes such as (a) translating a domain name-style host name into an IP address (e.g., "rosslyn.bbn.com" translates to "192.1.7.10") and (b) locating a host that accepts mail for a given mailbox address. (RFC 1034) (See: domain name.)

Tutorial: The DNS has three major components:

Domain name space and resource records: Specifications for the tree-structured domain name space, and data associated with the names.

Name servers: Programs that hold information about a subset of the tree's structure and data holdings, and also hold pointers to other name servers that can provide information from any part of the tree.

Resolvers: Programs that extract information from name servers in response to client requests; typically, system routines directly accessible to user programs.

Extensions to the DNS [R4033, R4034, R4035] support (a) key distribution for public keys needed for the DNS and for other protocols, (b) data origin authentication service and data integrity service for resource records, (c) data origin authentication service for transactions between resolvers and servers, and (d) access control of records.

$ domain of interpretation (DOI)

(I) /IPsec/ A DOI for ISAKMP or IKE defines payload formats, exchange types, and conventions for naming security-relevant information such as security policies or cryptographic algorithms and modes. Example: See [R2407].

Derivation: The DOI concept is based on work by the TSIG's CIPSO Working Group.

$ dominate

(I) Security level A is said to "dominate" security level B if the (hierarchical) classification level of A is greater (higher) than or equal to that of B, and A's (nonhierarchical) categories include (as a subset) all of B's categories. (See: lattice, lattice model.)

$ dongle

(I) A portable, physical, usually electronic device that is required to be attached to a computer to enable a particular software program to run. (See: token.)

Tutorial: A dongle is essentially a physical key used for copy protection of software; that is, the program will not run unless the matching dongle is attached. When the software runs, it periodically queries the dongle and quits if the dongle does not reply with the proper authentication information. Dongles were originally constructed as an EPROM (erasable programmable read- only memory) to be connected to a serial input-output port of a personal computer.

$ downgrade

(I) /data security/ Reduce the security level of data (especially the classification level) without changing the information content of the data. (Compare: downgrade.)

$ downgrade attack

(I) A type of man-in-the-middle attack in which the attacker can cause two parties, at the time they negotiate a security association, to agree on a lower level of protection than the highest level that could have been supported by both of them. (Compare: downgrade.)

$ draft RFC

(D) A preliminary, temporary version of a document that is intended to become an RFC. (Compare: Internet-Draft.)

Deprecated Term: IDOCs SHOULD NOT use this term. The RFC series is archival in nature and consists only of documents in permanent form. A document that is intended to become an RFC usually needs to be published first as an Internet-Draft (RFC 2026). (See: "Draft Standard" under "Internet Standard".)

$ Draft Standard

(I) See: secondary definition under "Internet Standard".

$ DSA

(N) See: Digital Signature Algorithm.

$ DSS

(N) See: Digital Signature Standard.

$ dual control

(I) A procedure that uses two or more entities (usually persons) operating in concert to protect a system resource, such that no single entity acting alone can access that resource. (See: no-lone zone, separation of duties, split knowledge.)

$ dual signature

(O) /SET/ A single digital signature that protects two separate messages by including the hash results for both sets in a single encrypted value. [SET2]

Deprecated Usage: IDOCs SHOULD NOT use this term except when qualified as "SET(trademark) dual signature" with this definition.

Tutorial: Generated by hashing each message separately, concatenating the two hash results, and then hashing that value and encrypting the result with the signer's private key. Done to reduce the number of encryption operations and to enable verification of data integrity without complete disclosure of the data.

$ dual-use certificate

(O) A certificate that is intended for use with both digital signature and data encryption services. [SP32]

Usage: IDOCs that use this term SHOULD state a definition for it by identifying the intended uses of the certificate, because there are more than just these two uses mentioned in the NIST publication. A v3 X.509 public-key certificate may have a "key

Usage" extension, which indicates the purposes for which the public key may be used. (See: certificate profile.)

$ duty

(I) An attribute of a role that obligates an entity playing the role to perform one or more tasks, which usually are essential for the functioning of the system. [Sand] (Compare authorization, privilege. See: role, billet.)

C <- 4. Definitions -> E