Internet.Security

Abstract Syntax Notation One

332

acceptable policy identifier

232

acceptable policy set

239, 240

access control

244

access location field

233

access method field

233

access-denied

301

ACK flag

44, 346

acknowledgement number

44

acquirer

356, 357, 359, 372

ADCCP

10

additive inverse

77

address mapping

31

address resolution 29

Address Resolution Protocol 27, 28

AddRoundKey()

114, 117, 119

Advanced Data Communication Control

Procedure

10

Advanced Encryption Standard

57, 58, 107

AES

57, 58, 107

AES algorithm

109, 111, 119

AES key expansion

115

AES S-box 112

aggressive exchange

271

AH

243, 244, 246

alarm

343

American National Standards Institute 10

animation

328

ANSI X9.30 CRL format

203

ANSI X9.30 standard

203

ANSI

3

ANSI X3.66 10

anti-clogging

260

anti-clogging token

261

anti-replay service

243, 252, 253

anycast address

35

Apple-Talk Datagram-Delivery Protocol 53

application layer 8, 11, 13

application proxy

342, 349

application/pgp-signature protocol 330

application-level gateway

339, 341, 342,

348, 349

application-level proxy

Armor checksum

310, 312

Armor tail

310, 312

ARP

15, 27, 28

ARP reply

29, 31

ARPANET

1

AS 54, 55

ASCII

11

ASCII Armor

208, 309, 310

Armor head line

311, 312

Armor headers

310, 311

Armor headers

310, 311

ASCII character

49, 309

ASCII-Amoured data 311

ASN.1

332

asymmetric key pairs

asynchronous modem link

3

Asynchronous Transfer Mode 4

ATM

4

ATM network

5

attenuation

6

Attribute certificate

332

attribute 221

audit

343

audit log

342, 343

authentication

33, 34, 341, 344, 355

authority key identifier extension

227, 228

authorization request

374, 375

authorization response

375, 376

Autonomous System

54, 55

backbone

55

bank’s signature verification

363

Base

64 encoding 327, 328, 329, 334

base exchange

271

basic constraints extension

231, 240

Basic Encoding Rule

332

basic path validation algorithm

238, 239

bastion host 341, 342, 350, 353

BER

332

BGP

7, 54, 55, 56

bit stream

10

bitwise parallel

139

bogus packet

259

Border Gateway Protocol

7, 54, 55, 56

Bourne Shell

49

branded payment card account

broadcast

32

broadcast-type protocol 45

browser

48

brute-force attack

60, 71, 172

buffer

11

bugs

340

CA

201, 210, 213, 217, 219, 229

CA certificate

240, 370, 372

CA name

241

CA’s private key

370, 372

CA’s public key

370, 372, 373

CA’s signature

370, 373

cache table

30

cache-control module

31

CAD/CAM

11

capture request

376

capture response

376

capture token

375, 376

cardholder

337, 356, 359, 368

cardholder account

355, 375

cardholder certificate

374

cardholder credit card number

355

cardholder payment instruction

374

cardholder’s private key

370, 374

cardholder’s public key

370, 374, 375

cardholder’s signature

370

Detection

2

cashing 48

CAST-128

306, 307

CBC mode

73

CDMA cellular system

124, 142, 148

cell 2, 4

certificate authority

357

certificate authority field

267, 274

certificate data field

266

certificate encoding field

266, 274

certificate path validation

220, 222

certificate payload

266, 267, 273

certificate policies extension

230, 240

certificate policy identifier

239

certificate request message

287, 288

certificate request payload

267, 274

certificate request

370, 372, 373

certificate response

370, 373

Certificate Revocation List

201, 218, 222,

233

certificate revocation request

213, 215, 218,

220

certificate verify message

288

Certification Authority

201, 219

certification path

201, 219, 231, 239

certification path constrain

223

certification path length constraint

231

certification path validation

238

certification revocation signature

317

CGI

49

chain of certificate 219

chain of trust 215, 216

change cipher spec message

278, 279, 289

Cheapernet

8

checksum

44

choke point

339, 340, 343

CIDR

32

cipher

107, 108

cipher key

107, 112, 113

Cipher-Block Chaining mode

73

ciphertext

67, 82, 99, 100, 103, 166

circuit proxy

342, 349

circuit-level gateway

339, 341, 342, 343, 348

classless addressing

32

Classless Interdomain Routing

32

client certificate message

288

client key exchange message

288

client socket address

42

ClientHello.random

290, 291

CLNS

53

closure alert

300

CMS

331, 332, 333

coaxial cable

2

code bits

44

codepoint

18

column-wise permutation

126

command channel

347

Common Gateway Interface

49

community operation

1

compressed message

308

compression algorithm 308

compression(zip)

208

concatenation

129, 130

confidentiality

355, 356, 358

congestion

17

congruence 138

connecting devices

5

bridge

5, 6

gateway

5, 8, 13

repeater

5, 6

router

5, 7

switch

5

connection reset

11

connectionless integrity

244

Connectionless Network Service 53

connectionless protocol

45

constraint

220

connectionless delivery

33

content tag

313

contiguous mask

26

contiguous string

26

cookie

260

coprime

166

CRC 4

credit card transaction

355, 356

credit limit

357

critical extended key usage field

232

CRL

CRL distribution points extension

232

CRL entry extensions

237

certificate issuer

238

Greenwich Mean Time (Zulu)

238

hold instruction code

238

invalidity date

238

reason code

237

CRL extensions

235

authority key identifier extension

236

CRL number field 236

delta CRL indicator

236

issuer alternative name extension

236

issuing distributing point

236, 238

CRL sign bit

229

cryptographic checksum

160

cryptographic message syntax 331, 332

CSMA/CD

2

current read state

278

current write state

278

Cyclic Redundancy Check

4

DARPA 1

data capture

357

data channel

data compression

11

data confidentiality

33

data content type

333

data diffusion

136

data encryption bit

229

Data Encryption Standard

57, 58

data expansion function

296

data formatting

11

data integrity

33, 40, 155

data link control protocol

10

data link layer

4, 10

data origin authentication

155, 243, 244

DDP

53

decimation process

129, 130

decipher only bit

229

decode-error

301

decrypt-error

301

decryption

58, 67, 107

decryption key

67, 71, 73, 168

decryption key sub-blocks

82

decryption-failed

301

delete payload

269, 275, 276

delta CRL indicator

203

DeMilitarized Zone

341, 343

demultiplexing

20, 47

dequeue

31

DER

332

DES

57, 58, 60, 62, 67

DES-CBC

73, 248

DES-like Message Digest Computation

123

destination address

3, 10, 40

destination extension

40

destination host

28

destination IP address

16, 21

destination physical address

28

destination port number

42, 43

DH-DSS

288

DH-RSA

288

differential cryptanalysis

86

differentiated services

18

Diffie-Hellman key exchange scheme

162

Diffie-Hellman parameters

287, 288

diffusion

77

digested-data content type

334

digital certificate

359

digital envelope

205, 206, 334, 358, 363,

365

digital signature

161, 205, 356, 358, 359,

363

Digital Signature Algorithm

149, 184

digital signature bit

229

Digital Signature Standard

184

direct delivery

28

Directory Access Protocol

233

Directory Information Tree

221

discrete logarithm

161, 162, 172, 179, 185

Distance-vector Multicast Routing Protocol

55

distance-vector routing

55

Distinguished Encoding Rule 332

DIT

221

DMDC

123, 133

DMZ network

339, 343, 353

DNS

14, 23, 48, 54, 347, 352

DNS name

230, 231

DOI

244, 246, 261, 268, 270, 273, 275

Domain Name System

23, 54

Domain Naming Service

14

Domain of Interpretation

244

doubling point

188, 193

DSA

149, 161, 184, 185, 208, 209, 210

DSS

184, 308

dual ring

3

dual signature

209, 359, 362, 374

dual-homed bastion host

341, 350, 351

DUT/SUT rule set

342

DVMRP

55

dynamic mapping

27. 28

dynamic table

7

eavesdropping

277

EBCDIC

11

EC

187, 188, 190, 191, 193, 197

EC domain parameter

198

ECC

187, 195

ECDSA 196, 198

ECDSA signature generation 198

EDE mode

72, 73

EDI address

230

electronic commerce

1

electronic funds transfer (EFT)

357

Electronic Funds Transfer

209

ElGamal

307

ElGamal authentication scheme

177

ElGamal encryption algorithm

173, 174, 195

ElGamal signature algorithm

175, 176

elliptic curve

187, 188, 190, 191, 193, 197

Elliptic Curve Cryptosystem

187, 196, 199

Elliptic Curve Digital Signature Algorithm

196

Encapsulating Security Payload

73, 243

encapsulation

47

encapsulation protocol

339, 340

encipher only bit 229

Encrypt-Decrypt-Encrypt mode

72

encrypted certificate request message

encrypted-data content type

334

encryption

34, 58, 67, 99, 104, 107, 161

encryption key

67, 73, 168

encryption key sub-blocks 82

end-entity certificate 239

end-to-end protocol

enveloped-data content type

334

ephemeral port

50

error alert

300

error control

10

error reporting message

41

ESMTP 347

ESP 73, 243, 244, 246

ESP header

253, 257

ESP payload data

258

ESP tailer

256

ESP transport mode

256

ESP tunnel mode

257

Ethernet

2, 8

Eudora

51

Euler’s criterion

191

Euler’s formula

166

Euler’s totient function

166, 172

excluded subtree state variable

240

excluded subtree

239

expanded key table 86, 88, 91

expiration timer

55

explicit policy identifier

239

explicit policy state variable

240

export-restriction

301

extended Euclidean algorithm

168, 173, 175,

177, 365

extended key usage field

232

exterior routing

54

external bastion host

341

eXternal Data Representation

51

external mail server

347

external screening router

351, 353

Fast Ethernet

8

fatal handshake failure alert

288

FDDI

2, 3

Federal Information Processing Standard

107, 149

Fermat’s theorem

179, 191

Fibre Distributed Data Interface

2, 3

fibre-optic cable

2

File Transfer Protocol

13, 22, 23, 50

File Transfer Protocol server

23

finished message

289, 290

finished-label

302

finite field

108, 162, 187

FIPS

107, 149

firewall 339, 342

flag field

19

flow control

5

flow label

37

four MD5 nonlinear functions

139

fragment size

19

fragmentation

33

fragmentation module

7

fragmentation offset field

19

frame

2, 6

frame fragmentation

10

Frame Relay 4

FTP

22, 45, 48, 50, 340, 342, 346

FTP active mode

FTP packet filtering

346

FTP passive mode

full-duplex service

42, 44

garbage collection timer

55

gateway authorisation request

375

gateway authorisation response

375

gateway capture response

377

gateway digital signature

375, 377

gateway private key

376

gateway public key

375, 376, 377

packet

317

generic payload header

263, 266, 267, 268,

269, 270

GetBulk operation

53

GetNext operation

53

GIF 327, 328, 329

Gopher

48

Graphics Interchange Format

327

hacker

51, 341, 343, 345, 347, 351

hash code

11, 128, 129, 149, 185, 197

hash function

123, 205

hash payload

267, 274

Hashed Message Authentication Code 248

HDLC

10

head length

44

header

5, 6

header checksum

20

header length field (HLEN)

17

heterogeneous platform

1

hexadecimal colon

34

hierarchical tree structure

216

higher-numbered port

High-level Data Link Control

10

HMAC

155, 248, 293

HMAC-MD5 249, 250, 293

HMAC-SHA-1 250, 293

hop count

7

hop limit

40

hostid

23, 24, 25, 34

HTML

48

HTML tag

49

ending tag

49

starting tag

49

HTTP

13, 45, 48, 339, 342

HTTP GET command

48

HyperText Markup Language

48

HyperText Transfer Protocol

13, 48

IA5String

233

IAB

1

IANA

22, 251

IANA-registered address

351

ICB

1

ICCB

1

ICMP

11, 13, 14, 15, 41

ICMP error message

19

ICV

251, 252, 259, 260

IDEA

75, 76, 306

IDEA decryption

82

IDEA encryption

77

IDEA encryption key

77

identification field

18

identification payload

266

identity authentication

359

identity protection exchange

271

IEEE token ring

13

IESG

1

IETF

1

IGMP

15, 41

IKE

243, 251, 254, 260

image scanning

11

IMAP

14, 51, 52

inbound traffic

341

indirect delivery

28

Inform operation

53

information acquisition

1

inhibited policy mapping

240

inhibited policy-mapping field

232

initial policy identifier

239

initial policy set

240

Initialisation Vector

73, 156, 159

initiate request

366, 368, 372, 373

initiate response

368, 369, 373

inner IP header

253, 257

inner padding

155, 156, 248

input module

31

input-byte array

108

inside signature

335, 336

insufficient-security

301

integer multiplication

96

integrated-salted S2K

322

integrity 355, 359

Integrity Check Value

251

interdomain routing

33

interior routing

54, 55

internal bastion host

341

internal mail server

347

internal screening router 353

8

Internet Activities Board

1, 202

Internet Architecture Board

1

Internet Assigned Numbers Authority

22,

251

Internet Configuration Control Board

1

Internet Control Message Protocol

11, 13, 41

Internet Draft

202

Internet Engineering Steering Group

1

Internet Engineering Task Force

1, 202

Internet Group Management Protocol

41

Internet Key Exchange

243

Internet layer

13

Internet Lightweight Directory Access

Protocol

202

Internet Mail Access Protocol (IMAP)

14

Internet Message Access Protocol

52

Internet Protocol

11, 13

Internet Protocol next generation

33

Internet Protocol version

4 (IPv4) 17

Internet Request for Comments 202

Internet Research Task Force

1, 202

Internet Society

1

Internet transaction protocol

355, 358

interoperability

256

intranet 339, 341

inverse cipher

107, 108, 119, 121

inverse S-box

119, 120

InvMixColumns()

119, 120

InvShiftRows()

119

InvSubBytes()

119

IP 11, 13, 15

IP address

22, 23, 24, 26, 28, 29, 42

IP address class

23, 24

IP address translator

349

IP addressing

22, 24, 25

IP authentication header 250

IP datagram

16, 42, 43, 45

IP destination address

246, 340

IP header

16, 20, 43, 44, 247, 253

IP header option

21

IP host 344

IP multicast traffic 340

IP packet

7

IP router

7

IP routing

27

IP source address

340

IP spoofing

340, 345, 353

IP subnet

340

ipad

155, 156, 248

IPng

33

IPsec AH Format

251

authentication data

252

next header

251

payload length

252

sequence number

252, 254

SPI

251

IPsec AH

264, 268

IPsec DOI

270

IPsec ESP format

254, 264, 268

authentication data

256

next header

256

pad length

256

padding

255

payload data

255

sequence number

255

SPI

255

IPv4 17, 33

IPv4 addressing

34

IPv4 context

256

IPv4 datagram 16

IPv4 header

16

IPv6

33

IPv6 addressing

34

IPv6 context

257

IPv6 extension headers

36

IPv6 header

36, 37

IPv6 header format

33

IPv6 packet format

36

IPX

53

IRTF

1

ISAKMP

ISAKMP exchanges

270

ISAKMP header

261, 269, 271, 275

exchange type

262

flags field 262

authentication only bit

262

commit bit 262

encryption bit

262

initiator cookie

261

length

263

major version

262

message ID

263

minor version

262

next payload

261

responder cookie

261

ISAKMP message

263, 265, 267, 268

ISAKMP payload

261, 265, 272

ISAKMP payload processing

272

authentication only bit

276

certificate payload processing

274

certificate request payload processing 274

delete payload processing

276

general message processing

272

272

hash payload processing

275

identification data field

274

274

ISAKMP header processing

272

274

nonce payload processing

275

notification payload processing

275

notify message type

275

proposal payload processing

273

security association payload processing

273

signature data field

275

signature payload processing

275

transform payload processing

273

ISAKMP SA

276

ISAKMP SPI

269

ISO

8

ISO Latin-5 311

issuer

357

issuer alternative name extension

230

issuer domain policy

230

ITU-T

3

Java 48, 49

Joint Photographic Experts Grout

327

JPEG

327

key agreement bit

229

key attribute information

223

key certificate signing bit

229

key encryption bit

229

key exchange method

287, 288, 290

key exchange payload

265

key expansion algorithm

85, 86, 91, 96

key expansion routine

107, 112, 113

key generation scheme

133

key identifier field

228

key material packet

319

key packet variant

319

public-key packet format 320

secret-key packet format

321

key revocation signature

317

key schedule algorithm

96

key usage extension

228, 232

Keyed-hashing Message Authentication Code

155, 248, 293

known-plaintext attack

71

Korn Shell

49

LAN

2, 42

LAP-B

10

LDAP

202, 203

legal issue

212

Legendre symbol

191

Link Access Procedure, Balanced

10

link activation

10

link address

22

link deactivation

10

link-state routing

55

literal data packet

318, 319

LLC

28

Local Area Network

2

log name

50

Logging

340, 341, 342, 343, 350

logging service

340

logging strategy

340

logical address

22, 28

logical function

150

Logical Link Control

28

logical network addressing

10

low-numbered port

LUCIFER

57

LZ77

309

LZFG

308

LZSS

308

MAC (Media Access Control address)

28

MAC (Message Authentication Code)

248

magic constants

86, 96

magic contents

99

mail order transaction

Mail Transport Agent

347

masking

26

masking pattern

26

master secret

290, 292, 302

Maximum Transfer Unit

7

MBONE

42

MD5 76, 248

MD5 algorithm

138, 183

Media Access Control address

28

merchant

356, 357

merchant account data

372, 373

Merchant Authentication

356, 375

merchant authorisation request

375

merchant capture request

377

merchant payment capture

376

merchant private key

372, 374, 375, 376

merchant public key

373, 374, 375

merchant purchase request

376

merchant registration

371, 372

merchant signature

373, 374

merchant’s point of sale system

357

merchant’s signature certificate

374

Message Authentication Code

248

message confidentiality

message contents

message digest

128, 129, 138, 148, 149,

151, 185, 205, 359, 366

message forgery

277

message integrity

344, 363

message integrity check 329, 365, 367

message padding

149, 360

Message Security Protocol

203

metric

7

MIC

329, 330

MIME

52, 53, 208, 305, 324, 325

MIME security content type 329

MixColumns()

114, 117

mobile station registration

124

modem

10

modular reduction

109

MOSAIC

208

MOSPF

55

Motion Picture Experts Group

327

MPEG

327

MPI

320, 321

MSP

203

MTU

7, 19, 39

MTU table

7

multicast

22

multicast address

23, 24, 35, 41, 42

multicast backbone 42

multicast host

24

Multicast Open Shortest Path First

55

multicast routers

41

multi-homed bastion host

341

multihomed host

28

multipart/encrypted content type

330, 331

multipart/signed content type

326, 329, 330,

331

multiplexing

20, 47

multiplication inverse

166

multiplicative identity

109

multiplicative inverse

78

Multipurpose Internet Mail Extension 52,

53, 305

name constraints extension

231

name subtree

231

Naming and Directory Services

NAT

340, 349, 351

National Bureau of Standards

57

National Institute of Standard and Technology

57

National Security Agency

57

NBS

57

netid

23, 24, 25, 34

network access layer

13

network address resolution

10

network address translator

340, 349

Network File System

50

network interface card

22

network layer

4, 10

network layer protocol

33

network management function

Network Management System

53

Network Virtual Terminal

56

Newhall ring

13

next header

38

authentication

40

encrypted security payload

39

fragmentation

39

hop-by-hop option

38

security parameter index

40

source routing

39

NFS

50

NIC

22

NIST

57