Public security parameter (PSP)
The PSP deals with security-related public information (e.g., public key) whose modification can compromise the security of a cryptographic module.
Public seed
A starting value for a pseudorandom number generator. The value produced by the random number generator (RNG) may be made public. The public seed is often called a “salt.”
Public switched telephone network (PSTN)
The PSTN is used in the traditional telephone lines. It uses high bandwidth and has quality-related problems. However, the physical security of a PSTN is higher. Voice over IP security (VoIP) is an alternative to the PSTN with reduced bandwidth usage and quality superior to the conventional PSTN.
Pull technology
Products and services are pulled by companies based on customer orders.
Pulverization
A physically destructive method of sanitizing media; the act of grinding to a powder or dust.
Purging
(1) The orderly review of storage and removal of inactive or obsolete data files. (2) The removal of obsolete data by erasure, by overwriting of storage, or by resetting registers. (3) To render stored application, files, and other information on a system unrecoverable. (4) Rendering sanitized data unrecoverable by laboratory attack methods.
Push technology
Technology that allows users to sign up for automatic downloads of online content, such as virus signature file updates, patches, news, and website updates, to their e-mail addresses or other designated directories on their computers. Products and services are pushed by companies to customers regardless of their orders.
Q
Q.931
A protocol used for establishing and releasing telephone connections (the ITU standard).
Quality assurance (QA)
(1) All actions taken to ensure that standards and procedures are adhered to and that delivered products or services meet performance requirements. (2) The planned systematic activities necessary to ensure that a component, module, or system conforms to established technical requirements. (3) The policies, procedures, and systematic actions established in an enterprise for the purpose of providing and maintaining a specified degree of confidence in data integrity and accuracy throughout the lifecycle of the data, which includes input, update, manipulation, and output.
Quality control (QC)
A management function whereby control of the quality of (1) raw materials, assemblies, finished products, parts, and components, (2) services related to production, and (3) management, production, and inspection processes is exercised for the purpose of preventing undetected production of defective materials or the rendering of faulty services.
Quality of protection (QoP)
The quality of protection (QoP) requires that overall performance of a system should be improved by prioritizing traffic and considering rate of failure or average latency at the lower layer protocols. For Web services to truly support QoS, existing QoS support must be extended so that the packets corresponding to individual Web service messages can be routed accordingly to achieve predictable performance. Two standards such as WS-Reliability and WS-Reliable Messaging provide some level of QoS because both of these standards support guaranteed message delivery and message ordering. Note that QoP is related to quality of service (QoS) and DoS which, in turn, related to DoQ.
Quality of service (QoS)
The quality of service (QoS) is the handling capacity of a system or service. (1) It is the time interval between request and delivery of a message, product, or service to the client or customer. (2) It is the guaranteed throughput level expressed in terms of data transfer rate. (3) It is the performance specification of a computer communications channel or system. (4) It is measured quantitatively in terms of performance parameters such as signal-to-noise ratio, bit error ratio, message throughput rate, and call blocking probability. (5) It is measured qualitatively in terms of excellent, good, fair, poor, or unsatisfactory for a subjective rating of telephone communications quality in which listeners judge the transmission quality. (6) It is a network property that specifies a guaranteed throughput level for end-to-end services, which is critical for most composite Web services in delivering enterprise-wide service-oriented distributed systems. (7) It is important in defining the expected level of performance a particular Web service will have. (8) It is the desired or actual characteristics of a service but not always those of the network service. (9) It is the measurable end-to-end performance properties of a network service, which can be guaranteed in advance by a service-level agreement (SLA) between a user and a service provider, so as to satisfy specific customer application requirements. Examples of performance properties include throughput (bandwidth), transit delay (latency), error rates, priority, security, packet loss, and packet jitter. Note that QoS is related to quality of protection (QoP) and DoS which, in turn, is related to DoQ.
Quick mode
Mode used in IPsec phase 2 to negotiate the establishment of an IPsec security association (SA).
Quantum computing
Performed with a quantum computer using quantum science concepts (for example, superposition and entanglement) to represent data and perform computational operations on these data. Quantum computing is based on a theoretical model such as a Turing machine and is used in military research and information security purposes (for example, cryptanalysis) with faster algorithms. It deals with large word size quantum computers in which the security of integer factorization and discrete log-based public-key cryptographic algorithms would be threatened. This would be a major negative result for many cryptographic key management systems, which rely on these algorithms for the establishment of cryptographic keys. Lattice-based public-key cryptography would be resistant to quantum computing threats.
Quantum cryptography
It is related to quantum computing technology, but viewed from a different perspective. Quantum cryptography is a possible replacement for public key algorithms that hopefully will not be susceptible to the attacks enabled by quantum computing.
Quarantine
To store files containing malware in isolation for future disinfection or examination.
R
Race conditions
Race conditions can occur when a program or process has entered into a privileged mode but before the program or process has given up its privileged mode. A user can time an attack to take advantage of this program or process while it is still in the privileged mode. If an attacker successfully manages to compromise the program or process during its privileged state, then the attacker has won the “race.” Common race conditions occur in signal handling and core-file manipulation, time-of-check to time-of-use (TOC-TOU) attacks, symbolic links, and object-oriented programming errors.
Radio frequency identification (RFID)
It is a form of automatic identification and data capture that uses electric or magnetic fields at radio frequencies to transmit information in a supply chain system.
Rainbow attacks
Rainbow attacks occur in two ways: using rainbow tables, which are used in password cracking, and using preshared keys (PSKs) in a wireless local-area network (WLAN) configuration. Password cracking threats include discovering a character string that produces the same encrypted hash as the target password. In PSK environments, a secret passphrase is shared between base stations and access points, and the keys are derived from a passphrase that is shorter than 20 characters, which are less secure and subject to dictionary and rainbow attacks.