Skip to main content

Terminology

ACL system

An access control list (ACL) is a list of rules that specify which users or systems are granted or denied access to a particular object or system resource. Access control lists are also installed in routers or switches, where they act as filters, managing which traffic can access the network.

Adhoc Sharing

Allows users to effortlessly share files with other users.It is particularly useful for occasional collaboration.

Admins

tiCrypt users whom roles are Admin. These users are responsible for regular user management throughout the system and should have a complete understanding of the users within their department or team. They are responsible for activating new users, managing user groups, and monitoring activity for their respective groups. Additionally, they apply the signed orders of the site-key administrator, and initiate the escrow key mechanism.

AES encryption

Advanced Encryption Standard, also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology in 2001.

AES-256 Key

A key length of 256 bits, supports the largest bit size, and is practically unbreakable by brute force based on current computing power, making it the strongest encryption standard. Possible key combinations exponentially increase with the key size.

Cybersecurity Maturity Model Certification (CMMC)

Is an assessment framework and assessor certification program designed to increase the trust in measures of compliance to a variety of standards published by the National Institute of Standards and Technology.

Cyber threat hunting

Cyber threat hunting is a proactive cyber defense activity. It is "the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.

Context Menu

Menu that allows action selection for various resources. If available, it can be accessed using the right-click on the item.

Data Confinement

To isolate resources from each other. In particular, knowledge about accessing a resource should not indicate how to access another. Each file upon creation gets encrypted with a unique, independently generated AES-256 key.

Directories

Similarly to Windows and Mac OS X, tiCrypt uses directories to allow files to be organized hierarchically. Directories can contain other directories and files.

Drives

A virtual encrypted hard drive (otherwise known as drives within tiCrypt) is a container file that acts similarly to a physical hard drive. Like a physical hard drive, a virtual hard drive file contains a file system, and it can contain an operating system, applications and data. Virtual hard drive files are normally attached to virtual machines (VMs), and function as system or data drives for the VM.

Data Use Agreement (DUA)

Legally binding contract contractual document used for the transfer of data that has been developed by the nonprofit, government, or private industry, where the data is nonpublic or is otherwise subject to some restrictions on its use.

Default Certification Lifespan

The minimum number of days/years for a project member to have their membership certification active in a tiCrypt project.

Diffie–Hellman key exchange14

Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key.

DFARS13

Defense Federal Acquisition Regulation Supplement is a set of restrictions for the origination of raw materials intended to protect the US defense industry from the vulnerabilities of being overly dependent on foreign sources of supply. For those with government or defense-related contracts, compliance with DFARS is crucial.

End-to-End Encryption

Is a method of secure communication that prevents third parties from accessing data while it's transferred from one end system or device to another. In E2EE, the data is encrypted on the sender's system or device, and only the intended recipient can decrypt it.

Escrow Groups

Groups of escrow users organized in a secure manner. One of the site key administrator abilities is creating new escrow groups. Generally, escrow groups are created by each department of a company/university/business. For example, escrow groups might be Office of Research, IT, Legal, etc. These groups are meant to mimic the teams/groups of an organization to allow for familiar workflows.

Escrow Users

tiCrypt users whom belong to the escrow category. These users are responsible for recovering lost private keys for normal tiCrypt users. These users should not be administrators and should be used only for key recovery purposes. Note that the escrow user keys do not allow any tiCrypt user activities.

ePHI

Protected Health Information under U.S. law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity that can be linked to a specific individual. This includes any part of a patient's medical record or payment history.

FERPA

Protects many kinds of student educational data.

Federal Acquisition Regulation11115

Is the principal set of rules regarding Government procurement in the United States and is codified at Chapter 1 of Title 48 of the Code of Federal Regulations 48 CFR 1. It covers many of the contracts issued by the US military and NASA as well as US civilian federal agencies.

FISMA2

Federal Information Security Management Act of 2002.

File-pane

The file pane allows navigation through the directory structure and access to file and directory actions.

File Transfer

Process that occurs via the file pane or clicking and dragging a file to the user or group you wish to share with.

Files

Files are the basic resource manipulated by users. They are similar to the ones you are used to from Windows or Mac. Files can be organized into directories; and can be shared using either ad-hoc sharing or groups.

FIPS

Federal Information Processing Standards are a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies.

Groups

One of the great features of tiCrypt is the ability to not only share files with individual users, but to share files with entire groups. Sharing with groups allows for more collaboration within tiCrypt.

GLBA3

Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.

HIPAA5

Allows for the exchange of PHI for purposes of treatment, payment, and health care operations. The HIPAA Privacy Rule is intended to protect patient's health information, but not to impede or interfere with patient care or safety.

HITRUST CSF6

The Health Information Trust Alliance (HITRUST) has established a Common Security Framework (CSF) that can be used by all organizations that create, access, store, or exchange sensitive or regulated data.

HHS Title 45 CFR Part 464

Protection of Human Subjects which applies to research supported by a federal agency.

Hyper-threading

Is a process by which a CPU divides up its physical cores into virtual cores that are treated as if they are actually physical cores by the operating system. These virtual cores are also called threads.

Individuals

Outside persons who are not tiCrypt users and are not part of tiCrypt system infrastructure.

Institutions

Clients who actively use tiCrypt at large scale.

ITAR9

International Traffic in Arms Regulations is a US regulatory regime to restrict and control the export of defense and military-related technologies to safeguard U.S. national security and further US foreign policy objectives.

Keys

tiCrypt’s foundation is in the mathematically proven security of asymmetric (or public-private) key cryptography. This allows any user to encrypt data with the publicly accessible key, while only the private key holder can decrypt that data. This also means that each user’s private key file should be kept as safely and as closely as their password bound to it.

Licensing servers

A software license server is a centralized computer software system which provides access tokens, or keys, to client computers in order to enable licensed software to run on them.

Mailbox

A common problem encountered with an enclosed system is collaboration between third parties that do not have your system. Mailboxes are a solution to this problem. A directory can be made into a structure known as a mailbox, which allows the creation of links that transport uploaded files to the mailbox. An outside user can send in their data through a link provided by the receiver.

Main panel toolbox

A panel that provides file actions to a user. The main panel toolbox is shown by selecting a file or directory. It allows users the ability share, assign to project, view, download, rename, delete, compute disk usage, and check file history, or directory information.

Maximum Certification Lifespan

The maximum number of days/years for a project member to have their membership certification active in a tiCrypt project.

Network Lateral Movement12

Network Lateral Movement, or simply Lateral Movement, refers to the techniques that cyber attackers, or threat actors, use to progressively move through a network as they search for the key data and assets that are ultimately the target of their attack campaigns.

NIST7

National Institute of Standards and Technology.

Notifications

Are tiCrypt system messages that alert, confirm and warn the users of their changes in the system to enhance user experience.

NC GS 125-1910

Protects the privacy of library patrons' records.

NC Identity Theft Protection Act

Defines personal information and requires notification if a data breach occurs.

NIST SP 800-171 Compliance17

NIST Special Publication that provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI).

NIST SP 800-171A17

Assessing Security Requirements for Controlled Unclassified Information, provides assessment procedures and a methodology to conduct assessments of the CUI security requirements in NIST SP 800-171.

Organizations

Outside organizations that are not tiCrypt related.

Open Overlay

A master menu containing multiple sections and commands related to tiCrypt projects.

PCI

Protects credit card holder information.

Public-Key Cryptography

Involves a pair of keys known as a public key and a private key, which are associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data. Each public key is published and the corresponding private key is kept secret.

Projects

A security access-controlled tagging mechanism that tags files, directories, groups, drives, and VMs as classified. Once a resource has been tagged by a project label, the way it can be manipulated or accessed is significantly restricted.

Project Membership

Proof of access to an active project as a member or manager with or without restrictions.

Project Tag

A label that classifies a tiCrypt file/directory and imposes access restrictions via project membership and security requirements.

Realms

Realms allow multiple virtual machine backends to be integrated into the same system.

Rivest–Shamir–Adleman (RSA)

Is a public-key cryptosystem that is widely used for secure data transmission. It is also one of the oldest.

RSA-2048 key

Provides 112-bit of security. Given that TLS certificates are valid for two years maximum (soon to be decreased to one), 2048-bit RSA key length fulfills the NIST recommendation until late in this decade.

Researchers

Power-users who use the tiCrypt system frequently.

Review Board (IRB) Agreement8

Special agreement between two institutions who are engaged in human subjects research to establish the Single IRB reviewing (Exempt, Expedited, and Full).

Risk Assessment ID

A text serving tagging purposes when filtering teams in the management tab.

SHA-256

Is a set of cryptographic hash functions designed by the United States National Security Agency and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher.

SP 800-172

Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171, provides enhanced security requirements to help protect CUI associated with critical programs or high value assets in nonfederal systems and organizations from the advanced persistent threat (APT).

SP 800-172A

Assessing Enhanced Security Requirements for Controlled Unclassified Information, provides assessment procedures and a methodology to conduct assessments of the enhanced security requirements in NIST SP 800-172.

Secure WebSocket Browser Messages

WebSocket API is a cutting-edge technology that allows the opening of bidirectional interactive communication sessions between a user's browser and server. You can use this API to send messages to a server and obtain event-driven responses instead of polling the service.

Security Levels

A layer of security made of one or more security requirements granting project access. Example: An ITAR Security Level would contain multiple security requirements such as ITAR Training, US Citizen, and Export Training.

Security Requirements

Individual requirements that get grouped together to satisfy a project security level. Examples: US Citizen, individual training, or individual certifications.

Site-key Administrator

tiCrypt user who is special from whom the infrastructure roots. Determines who the escrow users are and how are they organized into escrow user groups.

Sub-admins

tiCrypt users whom roles are Sub-admin.

Subproject

A child project of a main project with similar properties.

Super-Admins

tiCrypt users whom roles are Super-Admin. This role is meant to be used for offline certification of escrow groups and escrow users. This user should not be a normal system administrator or an escrow user.

Teams

A management tool access-controlled by administrators to group users with similar interests commonly using a set of memory and hard disk resources. Users are placed in teams upon account activation. When a regular user is placed in their team they can only share resources with users within their team.

Universities

The institution type that actively uses tiCrypt.

User Certification

Proof of compliance with one or more security requirements with or without an expiration date.

User Permissions

A set of 160 permissions that allow certain operations in tiCrypt. User permissions show up in each user profile and can be edited only by a higher role in user hierarchy. Eg: An admin can change a user's permission.

Users

All users no matter the role who are part of the tiCrypt infrastructure. Users are most of the time researchers.

VM Hardware Setup

An organized hardware assembly containing a Libvirt Image, cores, memory, and devices associated with a team or user that serves the virtual machine's physical space.

Virtual Machine Configuration (VMs)

A configuration acting as an access gateway for a tiCrypt user to a virtual machine. Confugurations are templates based on individual user/department needs, that run virtual machines using their own encrypted drives.

Virtual Machines (VMs)

Virtual Machines are digital versions of a physical computers that emulate all actions of a real machine in a virtual environment. Virtual machines are permanently hidden from users.

VM Profiles

A managed group of VM users with the same VM permissions. Used for quick stamping when multiple VM users need the same permissions.

VNC16

Virtual Network Computing, allows graphical programs to be run remotely with the ability to reconnect to that session should the network connection fail.

  1. https://en.wikipedia.org/wiki/RSA_(cryptosystem)
  2. https://en.wikipedia.org/wiki/Title_48_of_the_Code_of_Federal_Regulations
  3. https://en.wikipedia.org/wiki/Code_of_Federal_Regulations
  4. https://en.wikipedia.org/wiki/NASA
  5. https://en.wikipedia.org/wiki/United_States_Armed_Forces
  6. https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act
  7. https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act
  8. https://www.cdc.gov/phlp/publications/topic/hipaa.html
  9. https://www.nist.gov/system/files/documents/2017/06/01/040913_hitrust.pdf
  10. https://en.wikipedia.org/wiki/Government_procurement_in_the_United_States
  11. https://en.wikipedia.org/wiki/International_Traffic_in_Arms_Regulations
  12. https://en.wikipedia.org/wiki/Network_Lateral_Movement
  13. https://csrc.nist.gov/glossary/term/nist#:~:textDefinitions%3A,Institute%20of%20Standards%20and%20Technology.
  14. https://www.ncleg.gov/enactedlegislation/statutes/html/bysection/chapter_125/gs_125-19.html#:~:textConfidentiality%20of%20library%20user%20records,for%20in%20subsection%20(b).
  15. https://www.nist.gov/blogs/manufacturing-innovation-blog/what-nist-sp-800-171-and-who-needs-follow-it-0
  16. https://www.hhs.gov/ohrp/register-irbs-and-obtain-fwas/forms/irb-authorization-agreement/index.html
  17. https://en.wikipedia.org/wiki/Virtual_Network_Computing