PAIIN security glossary & taxonomy

lynn.wheeler at firstdata.com lynn.wheeler at firstdata.com
Thu Jan 3 17:44:22 EST 2002 

PAIIN (& PAIN) were from some "security" standards organization and
http://www.garlic.com/~lynn/secure.htm

is a security taxonomy & glossary

http://ww.garlic.com/~lynn/x9f.htm

is somewhat more of a cryptography oriented glossary & taxonomy since it is
taken from the financial standards X9F committee ... which has a heavy
crypto focus. As an aside, X9.59 was done in the X9A10 working group under
the X9A committee ... which is a business process standards focus (while
X9F has security & cryptography focus) .... aka X9.59 is a "secure"
business process protocol as opposed to the more traditional X9F
cryptography protocol.

The source for  X9F taxonomy & glossary
Terms merged from X9F document glossaries: WD15782, X509, X9.8, X9.24,
X9.31, X9.42, X9.45, X9.49, X9.52, X9.62, X9.65, X9.69.
Terms from ABA/ASC X9 TR1-1999 replace terms from X9F TG-16 glossary
(identified by lower case x9 instead of upper-case X9). Original source
documents include: X3.92, X3.106, x9.1, x9.5, x9.6, x9.8, x9.9, x9.17,
x9.19, x9.23, x9.24, x9.26, x9.28, x9.30, x9.31, x9.41, x9.42, x9.44,
x9.45, x9.49, x9.52, x9.55, x9.57, x9.62, x9.69 x9.74, x9.76, x9.78, x9.80,
x9.82, and TG-17. (990710)

While the source for "security" taxonomy & glossary:
Terms merged from: AFSEC, AJP, CC1, CC2, FCv1, FIPS140, IATF, IEEE610,
ITSEC, Intel, JTC1/SC27/N734, KeyAll, MSC, NCSC/TG004, NIAP, RFC1983,
RFC2504, RFC2828, TCSEC, TDI, TNI, and misc. Updated 20010729 with glossary
from IATF V3.




reinhold at world.std.com on 1/3/2002 9:26 am wrote:

The PAIIN model (privacy, authentication, identification, integrity,
non-repudiation) is inadequate to represent the uses of cryptography.
Besides the distinction between privacy and confidentiality, I'd like
to point out some additional uses of cryptography which either don't
fit at all or are poorly represented in this model:

    Anonymity - the ability to communicate without messages being
attributed to the sender (e.g. remailers).

    Confidential verification -- the ability to verify information
without disclosing it (e.g. zero knowledge proofs).

    Fragmentation -- dividing control over information among several
parties.

    Invisibility -- the ability to communicate or store information
without being detected. This includes stegonography, low probability
of observation communication techniques such as low power spread
spectrum, and measures against traffic analysis such as link
encryption.

    Proof of trespass -- The ability to demonstrate that anyone having
access to data knew they were doing so without authorization, (e.g.
for trade secret and criminal evidence law).

    Remote randomization -- the ability for separated parties to
create fair and trusted random quantities.

    Resource taxing -- techniques to prove a minimum expenditure of
computing resources  e.g. hash-cash.

    Time delay -- making information available but not immediately.

    Transmission assurance -- anti-jam and anti censorship technology.

    Use control -- the whole digital rights management scene.


I'm not suggesting this is a complete list or the best breakdown, but
I hope is shows that the cryptographic imagination goes beyond PAIIN.

Arnold Reinhold









---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list