H <- 4. Definitions -> J
I
$ IAB
(I) See: Internet Architecture Board.
$ IANA
(I) See: Internet Assigned Numbers Authority.
$ IATF
(O) See: Information Assurance Technical Framework.
$ ICANN
(I) See: Internet Corporation for Assigned Names and Numbers.
$ ICMP
(I) See: Internet Control Message Protocol.
$ ICMP flood
(I) A denial-of-service attack that sends a host more ICMP echo
request ("ping") packets than the protocol implementation can
handle. (See: flooding, smurf.)
$ ICRL
(N) See: indirect certificate revocation list.
$ IDEA
(N) See: International Data Encryption Algorithm.
$ identification
(I) An act or process that presents an identifier to a system so
that the system can recognize a system entity and distinguish it
from other entities. (See: authentication.)
Shirey Informational [Page 145]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ identification information
(D) Synonym for "identifier"; synonym for "authentication
information". (See: authentication, identifying information.)
Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
either of those terms; this term (a) is not as precise as they are
and (b) mixes concepts in a potentially misleading way. Instead,
use "identifier" or "authentication information", depending on
what is meant.
$ Identification Protocol
(I) A client-server Internet protocol [R1413] for learning the
identity of a user of a particular TCP connection.
Tutorial: Given a TCP port number pair, the server returns a
character string that identifies the owner of that connection on
the server's system. The protocol does not provide an
authentication service and is not intended for authorization or
access control. At best, it provides additional auditing
information with respect to TCP.
$ identifier
(I) A data object -- often, a printable, non-blank character
string -- that definitively represents a specific identity of a
system entity, distinguishing that identity from all others.
(Compare: identity.)
Tutorial: Identifiers for system entities must be assigned very
carefully, because authenticated identities are the basis for
other security services, such as access control service.
$ identifier credential
1. (I) See: /authentication/ under "credential".
2. (D) Synonym for "signature certificate".
Usage: IDOCs that use this term SHOULD state a definition for it
because the term is used in many ways and could easily be
misunderstood.
$ identifying information
(D) Synonym for "identifier"; synonym for "authentication
information". (See: authentication, identification information.)
Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
either of those terms; this term (a) is not as precise as they are
and (b) mixes concepts in a potentially misleading way. Instead,
Shirey Informational [Page 146]
RFC 4949 Internet Security Glossary, Version 2 August 2007
use "identifier" or "authentication information", depending on
what is meant.
$ identity
(I) The collective aspect of a set of attribute values (i.e., a
set of characteristics) by which a system user or other system
entity is recognizable or known. (See: authenticate, registration.
Compare: identifier.)
Usage: An IDOC MAY apply this term to either a single entity or a
set of entities. If an IDOC involves both meanings, the IDOC
SHOULD use the following terms and definitions to avoid ambiguity:
- "Singular identity": An identity that is registered for an
entity that is one person or one process.
- "Shared identity": An identity that is registered for an entity
that is a set of singular entities (1) in which each member is
authorized to assume the identity individually and (2) for
which the registering system maintains a record of the singular
entities that comprise the set. In this case, we would expect
each member entity to be registered with a singular identity
before becoming associated with the shared identity.
- "Group identity": An identity that is registered for an entity
(1) that is a set of entities (2) for which the registering
system does not maintain a record of singular entities that
comprise the set.
Tutorial: When security services are based on identities, two
properties are desirable for the set of attributes used to define
identities:
- The set should be sufficient to distinguish each entity from
all other entities, i.e., to represent each entity uniquely.
- The set should be sufficient to distinguish each identity from
any other identities of the same entity.
The second property is needed if a system permits an entity to
register two or more concurrent identities. Having two or more
identities for the same entity implies that the entity has two
separate justifications for registration. In that case, the set of
attributes used for identities must be sufficient to represent
multiple identities for a single entity.
Having two or more identities registered for the same entity is
different from concurrently associating two different identifiers
with the same identity, and also is different from a single
identity concurrently accessing the system in two different roles.
(See: principal, role-based access control.)
Shirey Informational [Page 147]
RFC 4949 Internet Security Glossary, Version 2 August 2007
When an identity of a user is being registered in a system, the
system may require presentation of evidence that proves the
identity's authenticity (i.e., that the user has the right to
claim or use the identity) and its eligibility (i.e., that the
identity is qualified to be registered and needs to be
registered).
The following diagram illustrates how this term relates to some
other terms in a PKI system: authentication information,
identifier, identifier credential, registration, registered user,
subscriber, and user.
Relationships: === one-to-one, ==> one-to-many, <=> many-to-many.
+- - - - - - - - - - - - - - - - - - - - - - - - - - +
| PKI System |
+ - - - - + | +------------------+ +-------------------------+ |
| User, | | |Subscriber, i.e., | | Identity of Subscriber | |
|i.e., one| | | Registered User, | | is system-unique | |
| of the | | | is system-unique | | +---------------------+ | |
|following| | | +--------------+ | | | Subscriber | | |
| | | | | User's core | | | | Identity's | | |
| +-----+ |===| | Registration | |==>| | Registration data | | |
| |human| | | | | data, i.e., | | | |+-------------------+| | |
| |being| | | | | an entity's | | | || same core data || | |
| +-----+ | | | |distinguishing|========|for all Identities || | |
| or | | | | attribute | | | || of the same User || | |
| +-----+ | | | | values | | +===|+-------------------+| | |
| |auto-| | | | +--------------+ | | | +---------------------+ | |
| |mated| | | +------------------+ | +------------|------------+ |
| |pro- | | | | +=======+ | |
| |cess | | | +-------v----|----------------------|------------+ |
| +-----+ | | | +----------v---+ +------------v----------+ | |
| or | | | |Authentication|<===>|Identifier of Identity | | |
|+-------+| | | | Information | | is system-unique | | |
|| a set || | | +--------------+ +-----------------------+ | |
|| of || | | Identifier Credential that associates unit of | |
|| either|| | | Authentication Information with the Identifier | |
|+-------+| | +------------------------------------------------+ |
+ - - - - + + - - - - - - - - - - - - - - - - - - - - - - - - - -+
$ identity-based security policy
(I) "A security policy based on the identities and/or attributes
of users, a group of users, or entities acting on behalf of the
users and the resources/objects being accessed." [I7498-2] (See:
rule-based security policy.)
Shirey Informational [Page 148]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ identity proofing
(I) A process that vets and verifies the information that is used
to establish the identity of a system entity. (See: registration.)
$ IDOC
(I) An abbreviation used in this Glossary to refer to a document
or other item of written material that is generated in the
Internet Standards Process (RFC 2026), i.e., an RFC, an Internet-
Draft, or some other item of discourse.
Deprecated Usage: This abbreviation SHOULD NOT be used in an IDOC
unless it is first defined in the IDOC because the abbreviation
was invented for this Glossary and is not widely known.
$ IDS
(I) See: intrusion detection system.
$ IEEE
(N) See: Institute of Electrical and Electronics Engineers, Inc.
$ IEEE 802.10
(N) An IEEE committee developing security standards for LANs.
(See: SILS.)
$ IEEE P1363
(N) An IEEE working group, Standard for Public-Key Cryptography,
engaged in developing a comprehensive reference standard for
asymmetric cryptography. Covers discrete logarithm (e.g., DSA),
elliptic curve, and integer factorization (e.g., RSA); and covers
key agreement, digital signature, and encryption.
$ IESG
(I) See: Internet Engineering Steering Group.
$ IETF
(I) See: Internet Engineering Task Force.
$ IKE
(I) See: IPsec Key Exchange.
$ IMAP4
(I) See: Internet Message Access Protocol, version 4.
$ IMAP4 AUTHENTICATE
(I) An IMAP4 command (better described as a transaction type, or
subprotocol) by which an IMAP4 client optionally proposes a
mechanism to an IMAP4 server to authenticate the client to the
server and provide other security services. (See: POP3.)
Shirey Informational [Page 149]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Tutorial: If the server accepts the proposal, the command is
followed by performing a challenge-response authentication
protocol and, optionally, negotiating a protection mechanism for
subsequent POP3 interactions. The security mechanisms that are
used by IMAP4 AUTHENTICATE -- including Kerberos, GSS-API, and
S/Key -- are described in [R1731].
$ impossible
(O) Cannot be done in any reasonable amount of time. (See: break,
brute force, strength, work factor.)
$ in the clear
(I) Not encrypted. (See: clear text.)
$ Ina Jo
(O) A methodology, language, and integrated set of software tools
developed at the System Development Corporation for specifying,
coding, and verifying software to produce correct and reliable
programs. Usage: a.k.a. the Formal Development Methodology. [Cheh]
$ incapacitation
(I) A type of threat action that prevents or interrupts system
operation by disabling a system component. (See: disruption.)
Usage: This type of threat action includes the following subtypes:
- "Malicious logic": In context of incapacitation, any hardware,
firmware, or software (e.g., logic bomb) intentionally
introduced into a system to destroy system functions or
resources. (See: corruption, main entry for "malicious logic",
masquerade, misuse.)
- "Physical destruction": Deliberate destruction of a system
component to interrupt or prevent system operation.
- "Human error": /incapacitation/ Action or inaction that
unintentionally disables a system component. (See: corruption,
exposure.)
- "Hardware or software error": /incapacitation/ Error that
unintentionally causes failure of a system component and leads
to disruption of system operation. (See: corruption, exposure.)
- "Natural disaster": /incapacitation/ Any "act of God" (e.g.,
fire, flood, earthquake, lightning, or wind) that disables a
system component. [FP031 Section 2]
$ incident
See: security incident.
$ INCITS
(N) See: "International Committee for Information Technology
Standardization" under "ANSI".
Shirey Informational [Page 150]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ indicator
(N) An action -- either specific, generalized, or theoretical --
that an adversary might be expected to take in preparation for an
attack. [C4009] (See: "attack sensing, warning, and response".
Compare: message indicator.)
$ indirect attack
(I) See: secondary definition under "attack". Compare: direct
attack.
$ indirect certificate revocation list (ICRL)
(N) In X.509, a CRL that may contain certificate revocation
notifications for certificates issued by CAs other than the issuer
(i.e., signer) of the ICRL.
$ indistinguishability
(I) An attribute of an encryption algorithm that is a
formalization of the notion that the encryption of some string is
indistinguishable from the encryption of an equal-length string of
nonsense. (Compare: semantic security.)
$ inference
1. (I) A type of threat action that reasons from characteristics
or byproducts of communication and thereby indirectly accesses
sensitive data, but not necessarily the data contained in the
communication. (See: traffic analysis, signal analysis.)
2. (I) A type of threat action that indirectly gains unauthorized
access to sensitive information in a database management system by
correlating query responses with information that is already
known.
$ inference control
(I) Protection of data confidentiality against inference attack.
(See: traffic-flow confidentiality.)
Tutorial: A database management system containing N records about
individuals may be required to provide statistical summaries about
subsets of the population, while not revealing sensitive
information about a single individual. An attacker may try to
obtain sensitive information about an individual by isolating a
desired record at the intersection of a set of overlapping
queries. A system can attempt to prevent this by restricting the
size and overlap of query sets, distorting responses by rounding
or otherwise perturbing database values, and limiting queries to
random samples. However, these techniques may be impractical to
implement or use, and no technique is totally effective. For
example, restricting the minimum size of a query set -- that is,
Shirey Informational [Page 151]
RFC 4949 Internet Security Glossary, Version 2 August 2007
not responding to queries for which there are fewer than K or more
than N-K records that satisfy the query -- usually cannot prevent
unauthorized disclosure. An attacker can pad small query sets with
extra records, and then remove the effect of the extra records.
The formula for identifying the extra records is called the
"tracker". [Denns]
$ INFOCON
(O) See: information operations condition
$ informal
(N) Expressed in natural language. [CCIB] (Compare: formal,
semiformal.)
$ information
1. (I) Facts and ideas, which can be represented (encoded) as
various forms of data.
2. (I) Knowledge -- e.g., data, instructions -- in any medium or
form that can be communicated between system entities.
Tutorial: Internet security could be defined simply as protecting
information in the Internet. However, the perceived need to use
different protective measures for different types of information
(e.g., authentication information, classified information,
collateral information, national security information, personal
information, protocol control information, sensitive compartmented
information, sensitive information) has led to the diversity of
terminology listed in this Glossary.
$ information assurance
(N) /U.S. Government/ "Measures that protect and defend
information and information systems by ensuring their availability
integrity, authentication, confidentiality, and non-repudiation.
These measures include providing for restoration of information
systems by incorporating protection, detection, and reaction
capabilities." [C4009]
$ Information Assurance Technical Framework (IATF)
(O) A publicly available document [IATF], developed through a
collaborative effort by organizations in the U.S. Government and
industry, and issued by NSA. Intended for security managers and
system security engineers as a tutorial and reference document
about security problems in information systems and networks, to
improve awareness of tradeoffs among available technology
solutions and of desired characteristics of security approaches
for particular problems. (See: ISO 17799, [SP14].)
Shirey Informational [Page 152]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ information domain
(O) See: secondary definition under "domain".
$ information domain security policy
(O) See: secondary definition under "domain".
$ information flow policy
(N) /formal model/ A triple consisting of a set of security levels
(or their equivalent security labels), a binary operator that maps
each pair of security levels into a security level, and a binary
relation on the set that selects a set of pairs of levels such
that information is permitted to flow from an object of the first
level to an object of the second level. (See: flow control,
lattice model.)
$ information operations condition (INFOCON)
(O) /U.S. DoD/ A comprehensive defense posture and response based
on the status of information systems, military operations, and
intelligence assessments of adversary capabilities and intent.
(See: threat)
Derivation: From DEFCON, i.e., defense condition.
Tutorial: The U.S. DoD defines five INFOCON levels: NORMAL (normal
activity), ALPHA (increased risk of attack), BRAVO (specific risk
of attack), CHARLIE (limited attack), and DELTA (general attack).
$ information security (INFOSEC)
(N) Measures that implement and assure security services in
information systems, including in computer systems (see: COMPUSEC)
and in communication systems (see: COMSEC).
$ information system
(I) An organized assembly of computing and communication resources
and procedures -- i.e., equipment and services, together with
their supporting infrastructure, facilities, and personnel -- that
create, collect, record, process, store, transport, retrieve,
display, disseminate, control, or dispose of information to
accomplish a specified set of functions. (See: system entity,
system resource. Compare: computer platform.)
$ Information Technology Security Evaluation Criteria (ITSEC)
(N) A Standard [ITSEC] jointly developed by France, Germany, the
Netherlands, and the United Kingdom for use in the European Union;
accommodates a wider range of security assurance and functionality
combinations than the TCSEC. Superseded by the Common Criteria.
Shirey Informational [Page 153]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ INFOSEC
(I) See: information security.
$ ingress filtering
(I) A method [R2827] for countering attacks that use packets with
false IP source addresses, by blocking such packets at the
boundary between connected networks.
Tutorial: Suppose network A of an internet service provider (ISP)
includes a filtering router that is connected to customer network
B, and an attacker in B at IP source address "foo" attempts to
send packets with false source address "bar" into A. The false
address may be either fixed or randomly changing, and it may
either be unreachable or be a forged address that legitimately
exists within either B or some other network C. In ingress
filtering, the ISP's router blocks all inbound packet that arrive
from B with a source address that is not within the range of
legitimately advertised addresses for B. This method does not
prevent all attacks that can originate from B, but the actual
source of such attacks can be more easily traced because the
originating network is known.
$ initialization value (IV)
(I) /cryptography/ An input parameter that sets the starting state
of a cryptographic algorithm or mode. (Compare: activation data.)
Tutorial: An IV can be used to synchronize one cryptographic
process with another; e.g., CBC, CFB, and OFB use IVs. An IV also
can be used to introduce cryptographic variance (see: salt)
besides that provided by a key.
$ initialization vector
(D) /cryptography/ Synonym for "initialization value".
Deprecated Term: To avoid international misunderstanding, IDOCs
SHOULD NOT use this term in the context of cryptography because
most dictionary definitions of "vector" includes a concept of
direction or magnitude, which are irrelevant to cryptographic use.
$ insertion
1. (I) /packet/ See: secondary definition under "stream integrity
service".
2. (I) /threat action/ See: secondary definition under
"falsification".
$ inside attack
(I) See: secondary definition under "attack". Compare: insider.
Shirey Informational [Page 154]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ insider
1. (I) A user (usually a person) that accesses a system from a
position that is inside the system's security perimeter. (Compare:
authorized user, outsider, unauthorized user.)
Tutorial: An insider has been assigned a role that has more
privileges to access system resources than do some other types of
users, or can access those resources without being constrained by
some access controls that are applied to outside users. For
example, a salesclerk is an insider who has access to the cash
register, but a store customer is an outsider.
The actions performed by an insider in accessing the system may be
either authorized or unauthorized; i.e., an insider may act either
as an authorized user or as an unauthorized user.
2. (O) A person with authorized physical access to the system.
Example: In this sense, an office janitor is an insider, but a
burglar or casual visitor is not. [NRC98]
3. (O) A person with an organizational status that causes the
system or members of the organization to view access requests as
being authorized. Example: In this sense, a purchasing agent is an
insider but a vendor is not. [NRC98]
$ inspectable space
(O) /EMSEC/ "Three-dimensional space surrounding equipment that
process classified and/or sensitive information within which
TEMPEST exploitation is not considered practical or where legal
authority to identify and/or remove a potential TEMPEST
exploitation exists." [C4009] (Compare: control zone, TEMPEST
zone.)
$ Institute of Electrical and Electronics Engineers, Inc. (IEEE)
(N) The IEEE is a not-for-profit association of approximately
300,000 individual members in 150 countries. The IEEE produces
nearly one third of the world's published literature in electrical
engineering, computers, and control technology; holds hundreds of
major, annual conferences; and maintains more than 800 active
standards, with many more under development. (See: SILS.)
$ integrity
See: data integrity, datagram integrity service, correctness
integrity, source integrity, stream integrity service, system
integrity.
Shirey Informational [Page 155]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ integrity check
(D) A computation that is part of a mechanism to provide data
integrity service or data origin authentication service. (Compare:
checksum.)
Deprecated Term: IDOCs SHOULD NOT use this term as a synonym for
"cryptographic hash" or "protected checksum". This term
unnecessarily duplicates the meaning of other, well-established
terms; this term only mentions integrity, even though the intended
service may be data origin authentication; and not every checksum
is cryptographically protected.
$ integrity label
(I) A security label that tells the degree of confidence that may
be placed in the data, and may also tell what countermeasures are
required to be applied to protect the data from alteration and
destruction. (See: integrity. Compare: classification label.)
$ intelligent threat
(I) A circumstance in which an adversary has the technical and
operational ability to detect and exploit a vulnerability and also
has the demonstrated, presumed, or inferred intent to do so. (See:
threat.)
$ interception
(I) A type of threat action whereby an unauthorized entity
directly accesses sensitive data while the data is traveling
between authorized sources and destinations. (See: unauthorized
disclosure.)
Usage: This type of threat action includes the following subtypes:
- "Theft": Gaining access to sensitive data by stealing a
shipment of a physical medium, such as a magnetic tape or disk,
that holds the data.
- "Wiretapping (passive)": Monitoring and recording data that is
flowing between two points in a communication system. (See:
wiretapping.)
- "Emanations analysis": Gaining direct knowledge of communicated
data by monitoring and resolving a signal that is emitted by a
system and that contains the data but was not intended to
communicate the data. (See: emanation.)
$ interference
(I) /threat action/ See: secondary definition under "obstruction".
$ intermediate CA
(D) The CA that issues a cross-certificate to another CA. [X509]
(See: cross-certification.)
Shirey Informational [Page 156]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Deprecated Term: IDOCs SHOULD NOT use this term because it is not
widely known and mixes concepts in a potentially misleading way.
For example, suppose that end entity 1 ("EE1) is in one PKI
("PKI1"), end entity 2 ("EE2) is in another PKI ("PKI2"), and the
root in PKI1 ("CA1") cross-certifies the root CA in PKI2 ("CA2").
Then, if EE1 constructs the certification path CA1-to-CA2-to-EE2
to validate a certificate of EE2, conventional English usage would
describe CA2 as being in the "intermediate" position in that path,
not CA1.
$ internal controls
(I) /COMPUSEC/ Functions, features, and technical characteristics
of computer hardware and software, especially of operating
systems. Includes mechanisms to regulate the operation of a
computer system with regard to access control, flow control, and
inference control. (Compare: external controls.)
$ International Data Encryption Algorithm (IDEA)
(N) A patented, symmetric block cipher that uses a 128-bit key and
operates on 64-bit blocks. [Schn] (See: symmetric cryptography.)
$ International Standard
(N) See: secondary definition under "ISO".
$ International Traffic in Arms Regulations (ITAR)
(O) Rules issued by the U.S. State Department, by authority of the
Arms Export Control Act (22 U.S.C. 2778), to control export and
import of defense articles and defense services, including
information security systems, such as cryptographic systems, and
TEMPEST suppression technology. (See: type 1 product, Wassenaar
Arrangement.)
$ internet, Internet
1. (I) /not capitalized/ Abbreviation of "internetwork".
2. (I) /capitalized/ The Internet is the single, interconnected,
worldwide system of commercial, governmental, educational, and
other computer networks that share (a) the protocol suite
specified by the IAB (RFC 2026) and (b) the name and address
spaces managed by the ICANN. (See: Internet Layer, Internet
Protocol Suite.)
Usage: Use with definite article ("the") when using as a noun. For
example, say "My LAN is small, but the Internet is large." Don't
say "My LAN is small, but Internet is large."
Shirey Informational [Page 157]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ Internet Architecture Board (IAB)
(I) A technical advisory group of the ISOC, chartered by the ISOC
Trustees to provide oversight of Internet architecture and
protocols and, in the context of Internet Standards, a body to
which decisions of the IESG may be appealed. Responsible for
approving appointments to the IESG from among nominees submitted
by the IETF nominating committee. (RFC 2026)
$ Internet Assigned Numbers Authority (IANA)
(I) From the early days of the Internet, the IANA was chartered by
the ISOC and the U.S. Government's Federal Network Council to be
the central coordination, allocation, and registration body for
parameters for Internet protocols. Superseded by ICANN.
$ Internet Control Message Protocol (ICMP)
(I) An Internet Standard protocol (RFC 792) that is used to report
error conditions during IP datagram processing and to exchange
other information concerning the state of the IP network.
$ Internet Corporation for Assigned Names and Numbers (ICANN)
(I) The non-profit, private corporation that has assumed
responsibility for the IP address space allocation, protocol
parameter assignment, DNS management, and root server system
management functions formerly performed under U.S. Government
contract by IANA and other entities.
Tutorial: The IPS, as defined by the IETF and the IESG, contains
numerous parameters, such as Internet addresses, domain names,
autonomous system numbers, protocol numbers, port numbers,
management information base OIDs, including private enterprise
numbers, and many others. The Internet community requires that the
values used in these parameter fields be assigned uniquely. ICANN
makes those assignments as requested and maintains a registry of
the current values.
ICANN was formed in October 1998, by a coalition of the Internet's
business, technical, and academic communities. The U.S. Government
designated ICANN to serve as the global consensus entity with
responsibility for coordinating four key functions for the
Internet: allocation of IP address space, assignment of protocol
parameters, management of the DNS, and management of the DNS root
server system.
$ Internet-Draft
(I) A working document of the IETF, its areas, and its working
groups. (RFC 2026) (Compare: RFC.)
Shirey Informational [Page 158]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Usage: The term is customarily hyphenated when used either as a
adjective or a noun, even though the latter is not standard
English punctuation.
Tutorial: An Internet-Draft is not an archival document like an
RFC is. Instead, an Internet-Draft is a preliminary or working
document that is valid for a maximum of six months and may be
updated, replaced, or made obsolete by other documents at any
time. It is inappropriate to use an Internet-Draft as reference
material or to cite it other than as a "work in progress".
Although most of the Internet-Drafts are produced by the IETF, any
interested organization may request to have its working documents
published as Internet-Drafts.
$ Internet Engineering Steering Group (IESG)
(I) The part of the ISOC responsible for technical management of
IETF activities and administration of the Internet Standards
Process according to procedures approved by the ISOC Trustees.
Directly responsible for actions along the "standards track",
including final approval of specifications as Internet Standards.
Composed of IETF Area Directors and the IETF chairperson, who also
chairs the IESG. (RFC 2026)
$ Internet Engineering Task Force (IETF)
(I) A self-organized group of people who make contributions to the
development of Internet technology. The principal body engaged in
developing Internet Standards, although not itself a part of the
ISOC. Composed of Working Groups, which are arranged into Areas
(such as the Security Area), each coordinated by one or more Area
Directors. Nominations to the IAB and the IESG are made by a
committee selected at random from regular IETF meeting attendees
who have volunteered. (RFCs 2026, 3935) [R2323]
$ Internet Key Exchange (IKE)
(I) An Internet, IPsec, key-establishment protocol [R4306] for
putting in place authenticated keying material (a) for use with
ISAKMP and (b) for other security associations, such as in AH and
ESP.
Tutorial: IKE is based on three earlier protocol designs: ISAKMP,
OAKLEY, and SKEME.
$ Internet Layer
(I) See: Internet Protocol Suite.
$ Internet Message Access Protocol, version 4 (IMAP4)
(I) An Internet protocol (RFC 2060) by which a client workstation
can dynamically access a mailbox on a server host to manipulate
Shirey Informational [Page 159]
RFC 4949 Internet Security Glossary, Version 2 August 2007
and retrieve mail messages that the server has received and is
holding for the client. (See: POP3.)
Tutorial: IMAP4 has mechanisms for optionally authenticating a
client to a server and providing other security services. (See:
IMAP4 AUTHENTICATE.)
$ Internet Open Trading Protocol (IOTP)
(I) An Internet protocol [R2801] proposed as a general framework
for Internet commerce, able to encapsulate transactions of various
proprietary payment systems (e.g., GeldKarte, Mondex, SET, Visa
Cash). Provides optional security services by incorporating
various Internet security mechanisms (e.g., MD5) and protocols
(e.g., TLS).
$ Internet Policy Registration Authority (IPRA)
(I) An X.509-compliant CA that is the top CA of the Internet
certification hierarchy operated under the auspices of the ISOC
[R1422]. (See: /PEM/ under "certification hierarchy".)
$ Internet Private Line Interface (IPLI)
(O) A successor to the PLI, updated to use TCP/IP and newer
military-grade COMSEC equipment (TSEC/KG-84). The IPLI was a
portable, modular system that was developed for use in tactical,
packet-radio networks. (See: end-to-end encryption.)
$ Internet Protocol (IP)
(I) An Internet Standard, Internet-Layer protocol that moves
datagrams (discrete sets of bits) from one computer to another
across an internetwork but does not provide reliable delivery,
flow control, sequencing, or other end-to-end services that TCP
provides. IP version 4 (IPv4) is specified in RFC 791, and IP
version 6 (IPv6) is specified in RFC 2460. (See: IP address,
TCP/IP.)
Tutorial: If IP were used in an OSIRM stack, IP would be placed at
the top of Layer 3, above other Layer 3 protocols in the stack.
In any IPS stack, IP is always present in the Internet Layer and
is always placed at the top of that layer, on top of any other
protocols that are used in that layer. In some sense, IP is the
only protocol specified for the IPS Internet Layer; other
protocols used there, such as AH and ESP, are just IP variations.
$ Internet Protocol security
See: IP Security Protocol.
Shirey Informational [Page 160]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ Internet Protocol Security Option (IPSO)
(I) Refers to one of three types of IP security options, which are
fields that may be added to an IP datagram for carrying security
information about the datagram. (Compare: IPsec.)
Deprecated Usage: IDOCs SHOULD NOT use this term without a
modifier to indicate which of the following three types is meant:
- "DoD Basic Security Option" (IP option type 130): Defined for
use on U.S. DoD common-use data networks. Identifies the DoD
classification level at which the datagram is to be protected
and the protection authorities whose rules apply to the
datagram. (A "protection authority" is a National Access
Program (e.g., GENSER, SIOP-ESI, SCI, NSA, Department of
Energy) or Special Access Program that specifies protection
rules for transmission and processing of the information
contained in the datagram.) [R1108]
- "DoD Extended Security Option" (IP option type 133): Permits
additional security labeling information, beyond that present
in the Basic Security Option, to be supplied in the datagram to
meet the needs of registered authorities. [R1108]
- "Common IP Security Option" (CIPSO) (IP option type 134):
Designed by TSIG to carry hierarchic and non-hierarchic
security labels. (Formerly called "Commercial IP Security
Option"; a version 2.3 draft was published 9 March 1993 as an
Internet-Draft but did not advance to RFC form.) [CIPSO]
$ Internet Protocol Suite (IPS)
(I) The set of network communication protocols that are specified
by the IETF, and approved as Internet Standards by the IESG,
within the oversight of the IAB. (See: OSIRM Security
Architecture. Compare: OSIRM.)
Usage: This set of protocols is popularly known as "TCP/IP"
because TCP and IP are its most basic and important components.
For clarity, this Glossary refers to IPS protocol layers by name
and capitalizes those names, and refers to OSIRM protocol layers
by number.
Tutorial: The IPS does have architectural principles [R1958], but
there is no Internet Standard that defines a layered IPS reference
model like the OSIRM. Still, Internet community literature has
referred (inconsistently) to IPS layers since early in the
Internet's development [Padl].
Shirey Informational [Page 161]
RFC 4949 Internet Security Glossary, Version 2 August 2007
This Glossary treats the IPS as having five protocol layers --
Application, Transport, Internet, Network Interface, and Network
Hardware (or Network Substrate) -- which are illustrated in the
following diagram:
OSIRM Layers Examples IPS Layers Examples
------------------ --------------- --------------- --------------
Message Format: P2 [X420] Message Format: ARPA (RFC 822)
+----------------+ +-------------+
|7.Application | P1 [X419] | Application | SMTP (RFC 821)
+----------------+ - - - - - - | |
|6.Presentation | [I8823] | |
+----------------+ - - - - - - | |
|5.Session | [I8327] +-------------+
+----------------+ - - - - - - | Transport | TCP (RFC 793)
|4.Transport | TP4 [I8073] | |
+----------------+ - - - - - - +-------------+
|3.Network | CLNP [I8473] | Internet | IP (RFC 791)
| | +-------------+
| | | Network | IP over IEEE
+----------------+ - - - - - - | Interface | 802 (RFC 1042)
|2.Data Link | +-------------+
| | LLC [I8802-2] - Network - The IPS does
| | MAC [I8802-3] - Hardware - not include
+----------------+ - (or Network - standards for
|1.Physical | Baseband - Substrate) - this layer.
+----------------+ Signaling [Stal] + - - - - - - +
The diagram approximates how the five IPS layers align with the
seven OSIRM layers, and it offers examples of protocol stacks that
provide roughly equivalent electronic mail service over a private
LAN that uses baseband signaling.
- IPS Application Layer: The user runs an application program.
The program selects the data transport service it needs --
either a sequence of data messages or a continuous stream of
data -- and hands application data to the Transport Layer for
delivery.
- IPS Transport Layer: This layer divides application data into
packets, adds a destination address to each, and communicates
them end-to-end -- from one application program to another --
optionally regulating the flow and ensuring reliable (error-
free and sequenced) delivery.
- IPS Internet Layer: This layer carries transport packets in IP
datagrams. It moves each datagram independently, from its
source computer to its addressed destination computer, routing
Shirey Informational [Page 162]
RFC 4949 Internet Security Glossary, Version 2 August 2007
the datagram through a sequence of networks and relays and
selecting appropriate network interfaces en route.
- IPS Network Interface Layer: This layer accepts datagrams for
transmission over a specific network. This layer specifies
interface conventions for carrying IP over OSIRM Layer 3
protocols and over Media Access Control sublayer protocols of
OSIRM Layer 2. An example is IP over IEEE 802 (RFD 1042).
- IPS Network Hardware Layer: This layer consists of specific,
physical communication media. However, the IPS does not specify
its own peer-to-peer protocols in this layer. Instead, the
layering conventions specified by the Network Interface Layer
use Layer 2 and Layer 3 protocols that are specified by bodies
other than the IETF. That is, the IPS addresses *inter*-network
functions and does not address *intra*-network functions.
The two models are most dissimilar in the upper layers, where the
IPS model does not include Session and Presentation layers.
However, this omission causes fewer functional differences between
the models than might be imagined, and the differences have
relatively few security implications:
- Formal separation of OSIRM Layers 5, 6, and 7 is not needed in
implementations; the functions of these layers sometimes are
mixed in a single software unit, even in protocols in the OSI
suite.
- Some OSIRM Layer 5 services -- for example, connection
termination -- are built into TCP, and the remaining Layer 5
and 6 functions are built into IPS Application-Layer protocols
where needed.
- The OSIRM does not place any security services in Layer 5 (see:
OSIRM Security Architecture).
- The lack of an explicit Presentation Layer in the IPS sometimes
makes it simpler to implement security in IPS applications. For
example, a primary function of Layer 6 is to convert data
between internal and external forms, using a transfer syntax to
unambiguously encode data for transmission. If an OSIRM
application encrypts data to protect against disclosure during
transmission, the transfer encoding must be done before the
encryption. If an application does encryption, as is done in
OSI message handling and directory service protocols, then
Layer 6 functions must be replicated in Layer 7. [X400, X500].
Shirey Informational [Page 163]
RFC 4949 Internet Security Glossary, Version 2 August 2007
The two models are most alike at the top of OSIRM Layer 3, where
the OSI Connectionless Network Layer Protocol (CLNP) and the IPS
IP are quite similar. Connection-oriented security services
offered in OSIRM Layer 3 are inapplicable in the IPS, because the
IPS Internet Layer lacks the explicit, connection-oriented service
offered in the OSIRM.
$ Internet Security Association and Key Management Protocol (ISAKMP)
(I) An Internet IPsec protocol [R2408] to negotiate, establish,
modify, and delete security associations, and to exchange key
generation and authentication data, independent of the details of
any specific key generation technique, key establishment protocol,
encryption algorithm, or authentication mechanism.
Tutorial: ISAKMP supports negotiation of security associations for
protocols at all IPS layers. By centralizing management of
security associations, ISAKMP reduces duplicated functionality
within each protocol. ISAKMP can also reduce connection setup
time, by negotiating a whole stack of services at once. Strong
authentication is required on ISAKMP exchanges, and a digital
signature algorithm based on asymmetric cryptography is used
within ISAKMP's authentication component.
ISAKMP negotiations are conducted in two "phases":
- "Phase 1 negotiation". A phase 1 negotiation establishes a
security association to be used by ISAKMP to protect its own
protocol operations.
- "Phase 2 negotiation". A phase 2 negotiation (which is
protected by a security association that was established by a
phase 1 negotiation) establishes a security association to be
used to protect the operations of a protocol other than ISAKMP,
such as ESP.
$ Internet Society (ISOC)
(I) A professional society concerned with Internet development
(including technical Internet Standards); with how the Internet is
and can be used; and with social, political, and technical issues
that result. The ISOC Board of Trustees approves appointments to
the IAB from among nominees submitted by the IETF nominating
committee. (RFC 2026)
$ Internet Standard
(I) A specification, approved by the IESG and published as an RFC,
that is stable and well-understood, is technically competent, has
multiple, independent, and interoperable implementations with
substantial operational experience, enjoys significant public
support, and is recognizably useful in some or all parts of the
Internet. (RFC 2026) (Compare: RFC.)
Shirey Informational [Page 164]
RFC 4949 Internet Security Glossary, Version 2 August 2007
Tutorial: The "Internet Standards Process" is an activity of the
ISOC and is organized and managed by the IAB and the IESG. The
process is concerned with all protocols, procedures, and
conventions used in or by the Internet, whether or not they are
part of the IPS. The "Internet Standards Track" has three levels
of increasing maturity: Proposed Standard, Draft Standard, and
Standard. (Compare: ISO, W3C.)
$ internetwork
(I) A system of interconnected networks; a network of networks.
Usually shortened to "internet". (See: internet, Internet.)
Tutorial: An internet can be built using OSIRM Layer 3 gateways to
implement connections between a set of similar subnetworks. With
dissimilar subnetworks, i.e., subnetworks that differ in the Layer
3 protocol service they offer, an internet can be built by
implementing a uniform internetwork protocol (e.g., IP) that
operates at the top of Layer 3 and hides the underlying
subnetworks' heterogeneity from hosts that use communication
services provided by the internet. (See: router.)
$ intranet
(I) A computer network, especially one based on Internet
technology, that an organization uses for its own internal (and
usually private) purposes and that is closed to outsiders. (See:
extranet, VPN.)
$ intruder
(I) An entity that gains or attempts to gain access to a system or
system resource without having authorization to do so. (See:
intrusion. Compare: adversary, cracker, hacker.)
$ intrusion
1. (I) A security event, or a combination of multiple security
events, that constitutes a security incident in which an intruder
gains, or attempts to gain, access to a system or system resource
without having authorization to do so. (See: IDS.)
2. (I) A type of threat action whereby an unauthorized entity
gains access to sensitive data by circumventing a system's
security protections. (See: unauthorized disclosure.)
Usage: This type of threat action includes the following subtypes:
- "Trespass": Gaining physical access to sensitive data by
circumventing a system's protections.
- "Penetration": Gaining logical access to sensitive data by
circumventing a system's protections.
Shirey Informational [Page 165]
RFC 4949 Internet Security Glossary, Version 2 August 2007
- "Reverse engineering": Acquiring sensitive data by
disassembling and analyzing the design of a system component.
- "Cryptanalysis": Transforming encrypted data into plain text
without having prior knowledge of encryption parameters or
processes. (See: main entry for "cryptanalysis".)
$ intrusion detection
(I) Sensing and analyzing system events for the purpose of
noticing (i.e., becoming aware of) attempts to access system
resources in an unauthorized manner. (See: anomaly detection, IDS,
misuse detection. Compare: extrusion detection.) [IDSAN, IDSSC,
IDSSE, IDSSY]
Usage: This includes the following subtypes:
- "Active detection": Real-time or near-real-time analysis of
system event data to detect current intrusions, which result in
an immediate protective response.
- "Passive detection": Off-line analysis of audit data to detect
past intrusions, which are reported to the system security
officer for corrective action. (Compare: security audit.)
$ intrusion detection system (IDS)
1. (N) A process or subsystem, implemented in software or
hardware, that automates the tasks of (a) monitoring events that
occur in a computer network and (b) analyzing them for signs of
security problems. [SP31] (See: intrusion detection.)
2. (N) A security alarm system to detect unauthorized entry.
[DC6/9].
Tutorial: Active intrusion detection processes can be either host-
based or network-based:
- "Host-based": Intrusion detection components -- traffic sensors
and analyzers -- run directly on the hosts that they are
intended to protect.
- "Network-based": Sensors are placed on subnetwork components,
and analysis components run either on subnetwork components or
hosts.
$ invalidity date
(N) An X.509 CRL entry extension that "indicates the date at which
it is known or suspected that the [revoked certificate's private
key] was compromised or that the certificate should otherwise be
considered invalid." [X509].
Tutorial: This date may be earlier than the revocation date in the
CRL entry, and may even be earlier than the date of issue of
earlier CRLs. However, the invalidity date is not, by itself,
Shirey Informational [Page 166]
RFC 4949 Internet Security Glossary, Version 2 August 2007
sufficient for purposes of non-repudiation service. For example,
to fraudulently repudiate a validly generated signature, a private
key holder may falsely claim that the key was compromised at some
time in the past.
$ IOTP
(I) See: Internet Open Trading Protocol.
$ IP
(I) See: Internet Protocol.
$ IP address
(I) A computer's internetwork address that is assigned for use by
IP and other protocols.
Tutorial: An IP version 4 address (RFC 791) has four 8-bit parts
and is written as a series of four decimal numbers separated by
periods. Example: The address of the host named "rosslyn.bbn.com"
is 192.1.7.10.
An IP version 6 address (RFC 2373) has eight 16-bit parts and is
written as eight hexadecimal numbers separated by colons.
Examples: 1080:0:0:0:8:800:200C:417A and
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210.
$ IP Security Option
(I) See: Internet Protocol Security Option.
$ IP Security Protocol (IPsec)
1a. (I) The name of the IETF working group that is specifying an
architecture [R2401, R4301] and set of protocols to provide
security services for IP traffic. (See: AH, ESP, IKE, SAD, SPD.
Compare: IPSO.)
1b. (I) A collective name for the IP security architecture [R4301]
and associated set of protocols (primarily AH, ESP, and IKE).
Usage: In IDOCs that use the abbreviation "IPsec", the letters
"IP" SHOULD be in uppercase, and the letters "sec" SHOULD NOT.
Tutorial: The security services provided by IPsec include access
control service, connectionless data integrity service, data
origin authentication service, protection against replays
(detection of the arrival of duplicate datagrams, within a
constrained window), data confidentiality service, and limited
traffic-flow confidentiality. IPsec specifies (a) security
protocols (AH and ESP), (b) security associations (what they are,
how they work, how they are managed, and associated processing),
Shirey Informational [Page 167]
RFC 4949 Internet Security Glossary, Version 2 August 2007
(c) key management (IKE), and (d) algorithms for authentication
and encryption. Implementation of IPsec is optional for IP version
4, but mandatory for IP version 6. (See: transport mode, tunnel
mode.)
$ IPLI
(I) See: Internet Private Line Interface.
$ IPRA
(I) See: Internet Policy Registration Authority.
$ IPS
(I) See: Internet Protocol Suite.
$ IPsec
(I) See: IP Security Protocol.
$ IPSO
(I) See: Internet Protocol Security Option.
$ ISAKMP
(I) See: Internet Security Association and Key Management
Protocol.
$ ISO
(I) International Organization for Standardization, a voluntary,
non-treaty, non-governmental organization, established in 1947,
with voting members that are designated standards bodies of
participating nations and non-voting observer organizations.
(Compare: ANSI, IETF, ITU-T, W3C.)
Tutorial: Legally, ISO is a Swiss, non-profit, private
organization. ISO and the IEC (the International Electrotechnical
Commission) form the specialized system for worldwide
standardization. National bodies that are members of ISO or IEC
participate in developing international standards through ISO and
IEC technical committees that deal with particular fields of
activity. Other international governmental and non-governmental
organizations, in liaison with ISO and IEC, also take part. (ANSI
is the U.S. voting member of ISO. ISO is a class D member of ITU-
T.)
The ISO standards development process has four levels of
increasing maturity: Working Draft (WD), Committee Draft (CD),
Draft International Standard (DIS), and International Standard
(IS). (Compare: "Internet Standards Track" under "Internet
Standard".) In information technology, ISO and IEC have a joint
technical committee, ISO/IEC JTC 1. DISs adopted by JTC 1 are
Shirey Informational [Page 168]
RFC 4949 Internet Security Glossary, Version 2 August 2007
circulated to national bodies for voting, and publication as an IS
requires approval by at least 75% of the national bodies casting a
vote.
$ ISO 17799
(N) An International Standard that is a code of practice, derived
from Part 1 of British Standard 7799, for managing the security of
information systems in an organization. This standard does not
provide definitive or specific material on any security topic. It
provides general guidance on a wide variety of topics, but
typically does not go into depth. (See: IATF, [SP14].)
$ ISOC
(I) See: Internet Society.
$ issue
(I) /PKI/ Generate and sign a digital certificate (or a CRL) and,
usually, distribute it and make it available to potential
certificate users (or CRL users). (See: certificate creation.)
Usage: The term "issuing" is usually understood to refer not only
to creating a digital certificate (or a CRL) but also to making it
available to potential users, such as by storing it in a
repository or other directory or otherwise publishing it. However,
the ABA [DSG] explicitly limits this term to the creation process
and excludes any related publishing or distribution process.
$ issuer
1. (I) /certificate, CRL/ The CA that signs a digital certificate
or CRL.
Tutorial: An X.509 certificate always includes the issuer's name.
The name may include a common name value.
2. (O) /payment card, SET/ "The financial institution or its agent
that issues the unique primary account number to the cardholder
for the payment card brand." [SET2]
Tutorial: The institution that establishes the account for a
cardholder and issues the payment card also guarantees payment for
authorized transactions that use the card in accordance with card
brand regulations and local legislation. [SET1]
$ ITAR
(O) See: International Traffic in Arms Regulations.
$ ITSEC
(N) See: Information Technology System Evaluation Criteria.
Shirey Informational [Page 169]
RFC 4949 Internet Security Glossary, Version 2 August 2007
$ ITU-T
(N) International Telecommunications Union, Telecommunication
Standardization Sector (formerly "CCITT"), a United Nations treaty
organization that is composed mainly of postal, telephone, and
telegraph authorities of the member countries and that publishes
standards called "Recommendations". (See: X.400, X.500.)
Tutorial: The Department of State represents the United States.
ITU-T works on many kinds of communication systems. ITU-T
cooperates with ISO on communication protocol standards, and many
Recommendations in that area are also published as an ISO standard
with an ISO name and number.
$ IV
(I) See: initialization value.
H <- 4. Definitions -> J