The Security Lexicon


lila-art.net


 


P3P (Platform for Privacy Preferences)

is a proposal of W3C consortium. This standard allows sites to inform the user of their privacy policy. An P3P-enabled site communicates to the use the following information: who is collecting the data? What information is collected? For what purposes? With whom they are shared? Who is the data's recipient? Can user make changes in how the collected data are used? How are the disputes resolved? ... An P3P-enabled browser can then inform the user of the site's policy. For more details consult P3P site.

Palladium

was a project of Microsoft to develop a trusted platform for computing. Its objective was to ensure that all the elements (software, hardware) were trusted ones. The new name is Next Generation Secure Computing Base (NGSCB) . Palladium is very similar to TCPA.
Palladium suffered a terrible backlash from the public and some researchers.   The  fear was the creation of a new Big Brother and restricting the PC to a limited set of trusted applications.  Many people, wrongly, equated Palladium with DRM.   Palladium was the first step of Microsoft towards the End to End trust initiative.

PC/SC 

is the result of a workgroup of 5 companies (CP8 BULL, Hewlett-Packard, Microsoft, Schlumberger and Siemens Nixdorf) which have proposed a specification to facilitate the use of a smart card reader in a PC environment.

PCT (Private Communication Technology)

was a protocol developed by MICROSOFT and VISA International to provide security and privacy on the Internet. It was the competitor of SSL.

PGP (Pretty Good Privacy)

It is a widely available software package originally designed by P. ZIMMERMANN. It employs RSA signature, MD5 hashing and IDEA to cipher mail exchange. The current version is 6.5.8. Since version 5.0, it includes key escrowing facilities.

Pharming (or DNS poising)

is a type of hack on the Internet. The attacker redirects a legitimate URL to an illegal site that mimicks a legitimate site. Although being very simlilar to phising in the results and objectives, pharming is more insidious. Pharming modifies the DNS tables. The victim types regular legitimate URLs. In phising, the victim uses a non-legitimate URL.

Phising

is a type of hack on the Internet. The attacker builds a mirror site of a known large site such as a bank, e-commerce, or ISP. Then, she sends out random spams requesting the customer of the site to connect to the site to update his personal data. The spam will necessarily hit a customer of the real site who will connect to the mirror site. She can then collect data such as address, phione number or credit card number.

PKCS (Public Key Cryptography Standards)

is a set of standards for public key cryptography developed by RSA laboratories in cooperation with other companies such as APPLE, MICROSOFT, or DEC. It includes RSA and DIFFIE HELLMAN key exchange.
  • PKCS #1 defines mechanisms for using RSA.
  • PKCS #3 defines a DIFFIE HELLMAN key agreement protocol.
  • PKCS #5 defines a string encryption method with a secret key derived from a password.
  • PKCS #6 defines a format for extended certificates. Version 3 of X.509 is currently replacing PKCS #6.
  • PKCS #7 defines syntax for signal and encrypted messages.
  • PKCS #11 defines a cryptographic library together with its API.

PKI (Public Key Infrastructure)

is the complete organization needed to manage an information system based on public key cryptosystem. It compounds TTP, Certifying Authority , public key directories

PRBS

A Pseudo Random Binary Sequence generator generates a one bit wide sequence that appears to be chosen at random. They are at the heart of many scrambling systems for Pay TV.

PTS (Protocol Type Selection)

is a protocol defined in the ISO 7816 standard allowing to choose a  lower level protocol when communicating with a multi-protocol smart card. The current main possibilities are T=0, or T=1.

Power attack

is a category of attack trying to guess an embedded private key through the measurement of the consumed power. Depending of the implementation a part of the algorithm may require more operations, and power, depending on the value of a bit of the key.

PRNG (Pseudo Random Number Generator)

See Random number generator

Public keycryptography

(also called asymmetric cryptography): In this type of system, each person has a couple of two keys: the public key, and the private key. The public key is published and accessible to every body. User never issues the private key.
For digital signature, the sender uses his private key for the signature. The receiver uses the public key to validate the signature.
The advantages of public key cryptography versus secret key cryptography are:
  •  An increased security: The private keys have not to circulate.
  • It is not possible to repudiate an authentication with public key.
The disadvantages of public key cryptography versus secret key cryptography are:
  • Public key encryption is slower.
  • It is possible to impersonate.