AES (Advanced Encryption Standard): AES is a symmetric encryption scheme that uses a fixed block size of 128 bits and supports key lengths of 128, 192 and 256 bits.
Asymmetric encryption: Asymmetric encryption systems use a pair of keys, one for encryption and the other for decryption.
Eavesdropping: An attack that occurs when an adversary intercepts and keeps track of data or communications between two parties without either party’s awareness or consent.
End-to-end encryption (E2EE): A method of secure communication that encrypts content so that only the sender or recipient can access it. It prevents third parties (including the communications provider) from accessing the content while it’s transferred between users.
FIPS 140-3: Federal Information Processing Standard Publication 140-3; a security standard used to approve cryptographic modules.
FIPS 197: See ‘AES’.
HTTP Strict Transport Security (HSTS): A web security policy mechanism that helps to protect websites against man-in-the-middle attacks by ensuring browsers only interact with the site using HTTPS.
Hypertext Transfer Protocol Secure (HTTPS): An extension of HTTP that uses encryption to secure data transferred between a user’s browser and a website.
Man-in-the-middle (MITM) attack: A type of cyber attack where an attacker intercepts or alters data travelling between two communicating parties.
OpenPGP: A widely-used standard for encrypting and signing data, particularly email. OpenPGP uses public key cryptography to provide confidentiality and authentication for data.
Private key: A secret key used in cryptography that is kept confidential and used to decrypt data encrypted with the corresponding public key.
Public key: A cryptographic key that can be shared openly and is used to encrypt data, which can only be decrypted by the corresponding private key.
Ransomware: A type of malicious software designed to block access to a computer system or data until a ransom is paid.
Secure/Multipurpose Internet Mail Extensions (S/MIME): A standard for public key encryption and signing of MIME data, used to secure email communication by encrypting messages and providing digital signatures.
Software as a Service (SaaS): A software distribution model in which applications are hosted by a service provider and made available to customers over the internet.
SQL injection attack: A code injection technique that exploits a security vulnerability in an application’s software by inserting malicious SQL statements into an entry field for execution.
Secure Sockets Layer (SSL): A standard, now obsolete security technology for establishing an encrypted link between a server and a client, such as a web server and a browser. Superseded by TLS.
Symmetric encryption: Encryption techniques where the same key is used for both encryption and decryption.
Transport Layer Security (TLS): A cryptographic protocol designed to provide secure communication over a computer network, succeeding SSL.
Virtual Private Network (VPN): A service that encrypts a user’s internet connection and hides their IP address to provide a secure connection when online.