Car Security Glossary

0-9ABCDEFGHIJKLMNOPQRSTUVWXYZ

A

AES is a specification for the encryption of electronic data developed by two Belgians and ratified by NIST in 2002. It is a symmetric encryption algorithm – which means the same key is used for encryption and the reverse operation, decryption. This secret key must be securely shared between the sender and receiver. AES processes data in blocks of 128 bits. Using the key, a 128-bit block is encrypted by transforming it in a unique way into a new block of the same size. The same key is then used to decrypt the block. AES is viewed as a robust method that appears to resist all known attacks.

Authentication is the process of confirming the correctness of the claimed identity (of a person or a machine). Authentication techniques usually form the basis of all forms of access control to data, systems and restricted areas. User authentication is usually based on a username and password, often augmented by a second security factor such as a smart card.

 

C

A cryptographic algorithm for encryption and decryption.

Based on the ISO/IEC 15408 international standard (Information technology -- Security techniques -- Evaluation criteria for IT security), CC is a set of of internationally accepted semantic tools and constructs for describing the security needs of customers and the security attributes of products. It provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard and repeatable manner.

Refers to strategies, policies and standards aimed at enforcing security of communications and operations in cyberspace; in particular preventing criminal activity and unauthorized access across the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

D

Decryption is the process of transforming an encrypted message (ciphertext) into its original plaintext.

A digital signature is the electronic equivalent of an individual's hand-written signature. It authenticates the message to which it is attached and validates the authenticity of the sender. In addition, it assures the integrity of the message.

E

The process by which data (plaintext) is transformed into an unreadable or unintelligible form (ciphertext) for confidentiality, transmission or other security purposes.

EVITA is a project co-funded by the European Union within the Seventh Framework Programme for research and technological development. The objective of EVITA is to design, verify and prototype an architecture for automotive on-board networks where security-relevant components are protected against tampering and sensitive data is protected against compromise.

The European research and technological development programme EVITA has specified three hardware security module (HSM) variants in order to provide cost-sensitive solutions for automotive applications. The full HSM focuses on protecting external communication interfaces; the medium HSM on protecting on-board communication between electronic control units (ECUs); and the light HSM on protecting on-board communication between ECUs and sensors/ actuators.

H

An HSM is a physical computing engine (separate device, embedded module or even an integrated module on a microcontroller unit) that safeguards and manages digital keys for strong authentication, and provides hardware accelerators for crypto processing.

HSM implementations vary significantly in terms of performance, security and price.

A hash function is a function that maps a bit string of arbitrary length to a bit string of fixed length. The values returned by a hash function are called hash values, hash codes, hash sums, checksums or simply hashes.
Hashes play a role in security systems where they are used to ensure that transmitted messages have not been tampered with. The sender generates a hash of the message, encrypts it and sends it attached to the message. The recipient then decrypts the hash, computes the hash from the received message and compares the receive with the computed hash. If they match, there is a very high probability that the integrity of message was  preserved.

K

In cryptography, a key is an item of secret data that is used in cryptographic algorithms to create or verify digital signatures and encrypt or decrypt.

M

A MAC is a cryptographic checksum that uses cryptography to assure the authenticity and integrity of data. MAC algorithms require two input parameters. Firstly, the data to be protected and, secondly, a secret key. It then calculates a checksum of both – the MAC. The difference between an MAC and a digital signature is that verification of an MAC requires knowledge of the same secret key that was used to calculate it.

N

National Institute of Standards and Technology, a unit of the US Commerce Department. Formerly known as the National Bureau of Standards, NIST promotes and maintains measurement standards. It also has active programs for encouraging and assisting industry and science to develop and use these standards.

R

An algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman.

S

An SE is a tamper-resistant execution environment based on a one-chip security controller capable of securely hosting applications and their confidential and cryptographic data (e.g. key data).
Security controllers are used in smart cards where they secure applications like banking or electronic identification. Generally speaking, SEs are solderable versions of security controllers.

A subscriber identity module or subscriber identification module (SIM) is an integrated circuit that securely stores the international mobile subscriber identity (IMSI) and the related key used to identify and authenticate subscribers in cellular mobile networks

Symmetric cryptography algorithms use the same key for encryption and decryption. Symmetric cryptography is sometimes called "secret-key cryptography" (versus public-key cryptography) because the sender and recipient have to share a secret key.

T

Trusted Computing is a technology developed and promoted by the Trusted Computing Group. The aim is to make computers and other computer-controlled systems such as PCs safer and less prone to viruses and malware. The Trusted Platform Module (see TPM) is a fundamental element of Trusted Computing.

Trusted Computing can be used to improve security in many applications such as encrypting bulk data, storing and processing user credentials, authenticating machines in networks and establishing secure connections to other entities.

The TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable Trusted Computing platforms.