A-Z of Cybersecurity
A glossary of must-know cybersecurity terms
The National Science Foundation grants hundreds of cybersecurity research awards each year. Based on active research in this area, we created a list of hot topics in the field, with working definitions and examples of each. See how many you know!
Anti-censorship
Methods for combatting censorship by developing accurate models of the capabilities of censors – for example blocked search results or interference with international network traffic – as well as how those capabilities will likely evolve. An NSF-funded team from UC Berkeley, Georgia Tech, the University of New Mexico is working to develop the science of censorship resistance.
Biometrics
Computer data obtained from sensors that identify a person based on unique physical characteristics and traits, such as fingerprints or retinal scans. Unlike passwords, which are based on what a person can remember and thus easier to guess, biometrics are nearly impossible to fool. A team at Texas State University San Marcos are making ocular biometrics more secure and reliable.
Cryptocurrency
A new form of digital currency where encryption techniques are used to regulate the generation of currency and verify its transfer, independent of a central bank. A new project supported by NSF with researchers at the University of Maryland, UC Berkeley and Princeton aims to establish a rigorous scientific foundation for crypto-currencies.
Differential privacy
A method that allows researchers to investigate data without revealing confidential information. Differential privacy provides approximate answers to queries that include enough “noise” so an adversary cannot find out information specific to any individual in the database. NSF supports a team at Harvard University that is putting the concept into practice to protect sensitive research data.
Education, cybersecurity
Training to ensure that ethical cybersecurity experts are available for service in government and industry. NSF funds basic research in cybersecurity together with research on learning, as well as a number of cybersecurity education programs, to address this challenge.
Forensics
Methods to understand what happened after a security incident to assure attacks aren’t repeated. Tools like the Bro Network Security Monitor, funded by NSF, let experts perform complex cyber-forensics to study the patterns of attacks, assess the damage and design better ways to block them in the future. Separately, faculty at Metropolitan State University and the University of Minnesota are exploring the use of augmented reality for cybersecurity forensics education.
Governance
The common rules, policies and procedures that allow the Internet to function. Governance ensures that participating entities use interoperable systems and technologies, and ensures that unique identifiers, like domain names, aren’t used by multiple parties. For decades, NSF research has helped stakeholders shape governance as the Internet developed; governance issues remain a major area of today’s NSF-supported work.
Hardware security
Processes and tools used to ensure semiconductors are not designed or manufactured in a way that allows them to behave in unintended or malicious ways. NSF partners with the Semiconductor Research Corporation to fund research at the circuit, architecture and system levels to decrease unintended behavior or access, increase resistance to tampering and improve authentication throughout the supply chain.
Indistinguishability obfuscation
A method that transforms a computer program into a “multilinear jigsaw puzzle”. Each piece of the program mixes in carefully chosen random elements so that the randomness cancels out and the pieces fit together to compute the correct output. The idea has the potential to transform cybersecurity and is supported by several NSF grants.
Jobs, cybersecurity
Protecting cyberspace requires a cybersecurity workforce that can rapidly detect and respond to threats and create ways to thwart attacks by design before they occur. More than ten thousand cybersecurity workers are needed by the government and many more are required by industry.
Keys (public key encryption)
A piece of information that specifies the particular transformation of plaintext into ciphertext, or vice versa, used for encryption and decryption. In the 1970s, researchers supported by NSF invented "public key" cryptographic algorithms that became a critical piece of the Internet’s cybersecurity infrastructure.
Law
Cybersecurity laws help protect our security and privacy, but there are trade-offs when engaging in cyber offense and defense. A more secure Internet encourages participation online and reduces citizens' exposure to cybercrime, but limits governments’ ability to gain intelligence and strategic advantage. With NSF funding, researchers from the University of Tulsa are constructing a taxonomy of offensive and defensive cyber-attack options and the possible collateral damage they may cause, helping policymakers assess the value of cyber operations against the unintended consequences.
Medical device security
Medical applications offer tremendous opportunities to improve individual wellness and public health, but are often not designed with security and privacy in mind. Researchers from Dartmouth, Johns Hopkins, and the University of Michigan are collaborating on the Trustworthy Health and Wellness project to develop mobile- and cloud-computing systems that respect the privacy of individuals and the trustworthiness of medical information.
Networks, Mobile
Increasingly, people are relying on their phones or other mobile devices, rather than computers, for Internet service. Those devices are convenient, but come with a host of security issues. NSF’s collaborative Future Internet Architecture’s Next-Phase grants seek to enhance security in these new network architectures.
Open source cybersecurity software
Cybersecurity software that is given away freely and that allows users to change its code to suit their purposes. The Department of Homeland Security and the National Security Agency have both embarked on efforts to assess the usefulness of such tools for cybersecurity and to release open source tools to the public. The NSF-supported Bro Network Security Monitor is an example of open source security software available for public use.
Power grid security
The electric power grid is a complex cyber-physical system with possible associated cybersecurity risks. Engineers are developing new protective countermeasures based on innovative algorithmic tools to detect and mitigate cyber intrusions before they disrupt critical systems.
Quantum cryptography
The use of the quantum mechanical properties of photons to perform cryptographic tasks that are believed to be impossible using only classical computing methods. NSF-supported researchers are designing a quantum cryptography protocol for securing optical burst switching networks.
Risk assessment
Improving cybersecurity by modeling and assessing real-world risks and developing risk mitigation methods to limit vulnerabilities. With NSF support, researchers from Iowa State have been applying this method to attacks on our electric power infrastructure.
Social media analysis
Social media communications can yield enormous amounts of data about communities – including hackers and cybercriminals. With NSF support, researchers at the University of Arizona are studying those social media channels to learn about hacker behaviors, markets, community structures and cultural differences. Researchers at Carnegie-Mellon University are testing to see if “nudges” on social media can be used to encourage users towards safer behaviors.
Testbeds
Experimental research infrastructures that help cybersecurity experts understand risks before they become problems. Testbeds may be for generalized use, like the DETER Project, or highly specialized, such as certain cyber physical testbeds. They may include specific physical apparatus, hardware tools, and simulators, and should integrate live and synthetic humans, as well as capabilities to ensure scientific validity. NSF recently funded a study to develop a roadmap for future cybersecurity experimentation.
Usability
Security features of digital environments can make them easier or harder to use. Poor usability translates into inadequate protection, thereby limiting the effectiveness of such features. Tools developed by researchers at Carnegie Mellon University extract key privacy policy features from website privacy policies and present these features to users in an easy-to-digest format. The tools enable individuals to make more informed privacy decisions as they interact with different websites.
Voting Security
Cybersecurity systems designed to ensure that electronic voting machines cannot be tampered with and that records remain private. With input from stakeholders such as local election officials and voters, researchers from Rice University are constructing a prototype voting system that is significantly more secure than current solutions, and at the same time makes it easier to participate in the election process.
White hat hackers
An ethical computer hacker, known as a “white hat”, who specializes in authorized testing of networks and software to ensure the security of an organization's information systems. Every year, through the CyberCorps: Scholarship for Service program, NSF trains hundreds of experts whose skills include ethical hacking and places them in positions within the government.
XRay
A personal data tracking tool for the Web that predicts which data in one’s Web accounts -- such as emails, searches, or viewed products – is being used to generate targeted ads, recommended products or personalized prices. Developed by a team at Columbia University, the XRay tool compares outputs from different accounts with similar, but not identical, subsets of data, to pinpoint targeting through correlation. The tool addresses the limited visibility we have into how our data is being used.
Your personal data
Personal data breaches have become parts of daily life. But do people change habits or behave any differently after receiving data breach notifications from banks or retailers? Researchers at Carnegie Mellon University, with NSF support, are asking questions that could help companies fine-tune their data breach notifications.
Zombie cyber-attacks
Spam and denial-of-service attacks coming from compromised computers (zombies) that have been infected with malware and are now controlled remotely by the attacker. NSF is supporting researchers who are developing methods to detect zombie cyber-attacks on a network and prevent future attacks.