==== Domain 3: Security Architecture and Engineering ==== **Confidentiality** - Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. **Trusted platform module (TPM)** - A secure crypto processor and storage module * The primary scope of TPM is to **assure the integrity of a platform**. * In this context, "integrity" means "behave as intended", and a "platform" is any computer device regardless of its operating system. **Null cipher** - Hiding plaintext within other plaintext. A form of steganography. **Hash function** - Accepts an input message of any length and generates, through a one-way operation, a fixed-length output called a message digest or hash. **Key clustering** - When different encryption keys generate the same ciphertext from the same plaintext message. **Confusion** - Provided by **mixing (changing) the key value**s used during the repeated rounds of encryption. When the key is modified for each round, it provides added complexity that the attacker would encounter. **Diffusion** - Provided by **mixing up the location of the plaintext** throughout the ciphertext. The strongest algorithms exhibit a high degree of confusion and diffusion. **Confidentiality** - Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. **Substitution** - The process of exchanging one letter or bit for another. **Ciphertext** - The altered form of a plaintext message, so as to be unreadable for anyone except the intended recipients. Something that has been turned into a secret. **Key clustering** - When different encryption keys generate the same ciphertext from the same plaintext message. **Steganography** - Hiding something within something else, or data hidden within other data. **Key or cryptovariable** - The input that controls the operation of the cryptographic algorithm. It determines the behavior of the algorithm and permits the reliable encryption and decryption of the message. **asymmetric** - Not identical on both sides. In cryptography, key pairs are used, one to encrypt, the other to decrypt. **Cryptanalysis** - The study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services provided through cryptography. **Nonrepudiation** - Inability to deny. In cryptography, a service that ensures the sender cannot deny a message was sent and the integrity of the message is intact, and the receiver cannot claim receiving a different message. **Encoding** - The action of changing a message into another format through the use of a code. **Plaintext** - The message in its natural format has not been turned into a secret. **Digital Signatures** - Provide authentication of a sender and integrity of a sender's message and non-repudiation services. **Message authentication code (MAC)** - A small block of data that is generated using a secret key and then appended to the message, used to address integrity. **Work factor** - This represents the time and effort required to break a cryptography system. ----