Security

 

  • Access control
    • In digital electronics, refers to multiple mechanisms that are put in place to limit access to communication networks and data within the systems that they inter-connect. Concepts used in defining access control mechanisms include users (or user profiles), passwords, keys, resources, capacities and access rights. These are used in combination to authenticate a user before allowing access to a protected network connection or protected data.

  • Advanced Encryption Standard
    • Refers to a specification for data encryption established by the NIST (National Institute of Standards and Technology). It is also know by the name "Rijndael." The encryption algorithm originally described by AES was a symmetric key algorithm.

  • AES acronym for "Advanced Encryption Standard"

  • AES-128
    • Refers to encryption using the Advanced Encryption Standard and an encryption key of 128 bits in length.

  • AES-256
    • Refers to encryption using the Advanced Encryption Standard and an encryption key of 256 bits in length.

  • Asymmetric key algorithms
    • Refers to algorithms that use a combination of a public and a private key to encrypt, sign and decrypt data. The public key is used to encrypt and verify the signature of the encrypted data. The private key is used to decrypt and sign the data.

  • Brute-force attack
    • Refers to an attack on an encrypted data the consists of trying character combinations until the encryption key is found by chance. Brute-force attacks rely on the computing power that is required to try different combinations and verify the results as rapidly as possible.

      Note: A 2012 EETimes article calculated that using a super computer (at the time the article as written) is would take 1.02 x 1018 years (or "1 billion, billion years") to try all the combinations for an AES-128 key.

  • Data Encryption Standard
    • Refers to a symmetric key algorithm using a short 56-bit key for the encryption of electronic data. DES was developed by IBM in the 1970s.

  • DES acronym for "Data Encryption Standard"

  • Encryption
    • Refers to the process of encoding data so that it is only intelligible to an authorized user.  In this process the original intelligible data is encrypted using an algorithm and a key. The encrypted data is unintelligible until it is decrypted by an authorized user using the appropriate key, which is not held by unauthorized users.

      Note: encryption does not stop data from being impeded or intercepted. Encryption only renders the captured data unintelligible until it is decrypted.

  • Key
    • Refers to a string of characters which is used with an encryption/decryption algorithm to transform intelligible data into encrypted (unintelligible) data and vice versa. The key for encrypted data must only be held by users who are authorized to access the data. See also: symmetric key algorithms, asymmetric key algorithms  

  • Man In The Middle attack
    • Refers to a situation where an attacker on a communication channel actively eavesdrops an on-going communication and relays or alters messages between the communicating devices. To succeed the attacker impersonates the communicating devices well enough go undetected for the duration of the attack.

  • MITM acronym for "Man In The Middle."

  • Permission
    • Refers to types of access that can be attributed to a user type (a profile) for a resource. Types of access that can be attributed are read (retrieve and display the value associate with a resource) or read/write (retrieve, display and modify the value).

      Example: the software of a target system might contain a counter that is incremented every minute. Permission would be to give a "Supervisor" profile the right to read the value and to modify of this counter - a read/write permission. In the same app an operator profile might only be given a read permission - the possibility view the current value of the counter.

  • Profile 
    • Refers to a type of end-user for a system that an IoTize wireless module is integrated into. User profiles are used to limit and control access to the system's data.

      Example: an "anonymous" profile can be limited read only access to system data, where a "supervisor" profile can be given read and write access to system data. To gain supervisor access, the user will have to enter the correct login and password in the HMI on the mobile device.

  • Resource
    • Refers to a specific address or register where data used by a target system's software is stored. IoTize solutions provide means of accessing these data. Access control and security mechanisms provide means of controlling access and protecting the data from those who should not access it.

  • Salted Challenge Response Authentication Mechanism
    • Refers to a password-and-challenge-based authentication mechanism that secures access credentials (such as a login) when it is transferred from the issuer to the user. The credential is encrypted and so that the real intelligible password cannot be captured in a MIIM attack. The integration of a challenge in the credential also limits the usefulness of an intercepted credential to just one session.

  • SCRAM acronym for "Salted Challenge Response Authentication Mechanism."

  • Symmetric key algorithms
    • Refers to encryption algorithms that use the same key for encryption and decryption.