Skip to main content

Vocabulary

ACL system= An access control list (ACL) is a list of rules that specify which users or systems are granted or denied access to a particular object or system resource. Access control lists are also installed in routers or switches, where they act as filters, managing which traffic can access the network

Adhoc Sharing= allows users to effortlessly share files with other users.It is particularly useful for occasional collaboration.

Admins= Users who have the admin and super admins roles in tiCrypt. These users are responsible for regular user management throughout the system and should have a complete understanding of the users within their department or team. They are responsible for activating new users, managing user groups, and monitoring activity for their respective groups. Additionally, they apply the signed orders of the site-key administrator, and initiate the escrow key mechanism.

AES encryption= Advanced Encryption Standard, also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology in 2001

AES-256 Key= a key length of 256 bits, supports the largest bit size, and is practically unbreakable by brute force based on current computing power, making it the strongest encryption standard. Possible key combinations exponentially increase with the key size

Cybersecurity Maturity Model Certification (CMMC) = is an assessment framework and assessor certification program designed to increase the trust in measures of compliance to a variety of standards published by the National Institute of Standards and Technology

Cyber threat hunting= Cyber threat hunting is a proactive cyber defense activity. It is "the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions

Context Menu= Menu that allows action selection for various resources. If available, it can be accessed using the right-click on the item.

Data Confinement to isolate resources from each other. In particular, knowledge about accessing a resource should not indicate how to access another. Each file upon creation gets encrypted with a unique, independently generated AES-256 key

Directories= Similarly to Windows and Mac OS X, tiCrypt uses directories to allow files to be organized hierarchically. Directories can contain other directories and files.

Drives= A virtual encrypted hard drive (otherwise known as drives within tiCrypt) is a container file that acts similarly to a physical hard drive. Like a physical hard drive, a virtual hard drive file contains a file system, and it can contain an operating system, applications and data. Virtual hard drive files are normally attached to virtual machines (VMs), and function as system or data drives for the VM.

Data Use Agreement (DUA)= legally binding contract contractual document used for the transfer of data that has been developed by the nonprofit, government, or private industry, where the data is nonpublic or is otherwise subject to some restrictions on its use

Diffie–Hellman key exchange= published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key

DFARS = Defense Federal Acquisition Regulation Supplement is a set of restrictions for the origination of raw materials intended to protect the US defense industry from the vulnerabilities of being overly dependent on foreign sources of supply. For those with government or defense-related contracts, compliance with DFARS is crucial

End-to-End Encryption= is a method of secure communication that prevents third parties from accessing data while it's transferred from one end system or device to another. In E2EE, the data is encrypted on the sender's system or device, and only the intended recipient can decrypt it.

Escrow Groups= One of the site key administrator abilities is creating new escrow groups. Generally, escrow groups are created by each department of a company/university/business. For example, escrow groups might be Office of Research, IT, Legal, etc. These groups are meant to mimic the teams/groups of an organization to allow for familiar workflows.

Escrow Users= These users are responsible for recovering lost private keys for normal tiCrypt users. These users should not be administrators and should be used only for key recovery purposes. Note that the escrow user keys do not allow any tiCrypt user activities.

ePHI= Protected Health Information under U.S. law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity that can be linked to a specific individual. This includes any part of a patient's medical record or payment history.

FERPA= protects many kinds of student educational data

Federal Acquisition Regulation= is the principal set of rules regarding Government procurement in the United States and is codified at Chapter 1 of Title 48 of the Code of Federal Regulations 48 CFR 1. It covers many of the contracts issued by the US military and NASA as well as US civilian federal agencies

FISMA= Federal Information Security Management Act of 2002

File-pane= The file pane allows navigation through the directory structure and access to file and directory actions.

File Transfer= Process that occurs via the file pane or clicking and dragging a file to the user or group you wish to share with.

Files= Files are the basic resource manipulated by users. They are similar to the ones you are used to from Windows or Mac. Files can be organized into directories; and can be shared using either ad-hoc sharing or groups.

FIPS= Federal Information Processing Standards are a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies

Groups= One of the great features of tiCrypt is the ability to not only share files with individual users, but to share files with entire groups. Sharing with groups allows for more collaboration within tiCrypt.

GLBA= Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data

HIPAA= allows for the exchange of PHI for purposes of treatment, payment, and health care operations. The HIPAA Privacy Rule is intended to protect patient's health information, but not to impede or interfere with patient care or safety.

HITRUST CSF= The Health Information Trust Alliance (HITRUST) has established a Common Security Framework (CSF) that can be used by all organizations that create, access, store, or exchange sensitive or regulated data.

HHS Title 45 CFR Part 46= protection of Human Subjects which applies to research supported by a federal agency.

Hyper-threading= is a process by which a CPU divides up its physical cores into virtual cores that are treated as if they are actually physical cores by the operating system. These virtual cores are also called threads

ITAR=International Traffic in Arms Regulations is a US regulatory regime to restrict and control the export of defense and military-related technologies to safeguard U.S. national security and further US foreign policy objectives

Keys= tiCrypt’s foundation is in the mathematically proven security of asymmetric (or public-private) key cryptography. This allows any user to encrypt data with the publicly accessible key, while only the private key holder can decrypt that data. This also means that each user’s private key file should be kept as safely and as closely as their password bound to it.

Mailbox= A common problem encountered with an enclosed system is collaboration between third parties that do not have your system. Mailboxes are a solution to this problem. A directory can be made into a structure known as a mailbox, which allows the creation of links that transport uploaded files to the mailbox. An outside user can send in their data through a link provided by the receiver.

Main panel toolbox= a panel that provides file actions to a user. The main panel toolbox is shown by selecting a file or directory. It allows users the ability share, assign to project, view, download, rename, delete, compute disk usage, and check file history, or directory information.

Network Lateral Movement= Network Lateral Movement, or simply Lateral Movement, refers to the techniques that cyber attackers, or threat actors, use to progressively move through a network as they search for the key data and assets that are ultimately the target of their attack campaigns

NIST= National Institute of Standards and Technology

Notifications in tiCrypt = are system messages that alert, confirm and warn the users of their changes in the system to enhance user experience.

NC GS 125-19= protects the privacy of library patrons' records.

NC Identity Theft Protection Act= defines personal information and requires notification if a data breach occurs.

NIST SP 800-171 Compliance= NIST Special Publication that provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI)

NIST SP 800-171A= Assessing Security Requirements for Controlled Unclassified Information, provides assessment procedures and a methodology to conduct assessments of the CUI security requirements in NIST SP 800-171

Licensing servers= a software license server is a centralized computer software system which provides access tokens, or keys, to client computers in order to enable licensed software to run on them

Realms= Realms allow multiple virtual machine backends to be integrated into the same system.

Rivest–Shamir–Adleman (RSA)= is a public-key cryptosystem that is widely used for secure data transmission. It is also one of the oldest.

RSA-2048 key= provides 112-bit of security. Given that TLS certificates are valid for two years maximum (soon to be decreased to one), 2048-bit RSA key length fulfills the NIST recommendation until late in this decade

Researchers = power-users who use the tiCrypt system frequently

Review Board (IRB) Agreement= special agreement between two institutions who are engaged in human subjects research to establish the Single IRB reviewing (Exempt, Expedited, and Full)

PCI=protects credit card holder information.

Public-Key Cryptography= involves a pair of keys known as a public key and a private key, which are associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data. Each public key is published and the corresponding private key is kept secret

Projects= a security tagging mechanism that allows for any type of resource (file, directory, drive, VM) to be tagged and associated with one project. Once a resource or group has been tagged by a project label, the way it can be manipulated or accessed is significantly restricted. This is based on the security levels. The resource can be accessed only if the project is active in user's session. The resource can be shared only with users that belong to the project. Files extracted from a VM tagged by a project will be tagged by the same project. Anytime a project action is taken the session needs to be refreshed. This is because project permissions are checked at the start of the session.

SHA-256= is a set of cryptographic hash functions designed by the United States National Security Agency and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression function itself built using the Davies–Meyer structure from a specialized block cipher

SP 800-172= Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171, provides enhanced security requirements to help protect CUI associated with critical programs or high value assets in nonfederal systems and organizations from the advanced persistent threat (APT)

SP 800-172A= Assessing Enhanced Security Requirements for Controlled Unclassified Information, provides assessment procedures and a methodology to conduct assessments of the enhanced security requirements in NIST SP 800-172

Secure WebSocket Browser Messages= WebSocket API is a cutting-edge technology that allows the opening of bidirectional interactive communication sessions between a user's browser and server. You can use this API to send messages to a server and obtain event-driven responses instead of polling the service

Security Levels= Security levels are a collection of security requirements to make up a group. Example: An ITAR Security Level would contain multiple security requirements such as ITAR Training, US Citizen, and Export Training.

Security Requirements= Security requirements are individual requirements that get grouped together. Examples: US Citizen, individual training, or individual certifications.

Site-key Administrator=determines who the escrow users are and how are they organized into escrow user groups

Super-Admins= This role is meant to be used for offline certification of escrow groups and escrow users. This user should not be a normal system administrator or an escrow user.

Teams= a management tool used by administrators to group users. Users are placed in teams upon account activations. When a user is placed in a team he or she can only share with users within his or her team.

User Permissions= a set of 160 permissions that allow certain operations in tiCrypt. User permissions show up in each user profile and can be edited only by a higher role in user hierarchy. Eg: An admin can change a user's permission.

Users= Although everyone using the system is a user, the user refers to the user role of a user. Users are most of the time researchers.

Virtual Machines (VMs)= Virtual Machines are a special tool to aid users in manipulating their files/data in an OS-specific environment. Essentially, this tool provides the user to run very unique operating systems and corresponding applications based on their individual needs. Administrators are able to build virtual machine tem-plates based on individual user/department need, and users in turn will be able to run these virtual machines using their own encrypted drives.

VNC= Virtual Network Computing, allows graphical programs to be run remotely with the ability to reconnect to that session should the network connection fail

References: