Under the premise that security attacks, vulnerabilities and eventually breaches will occur; cybersecurity experts develop strategies and protocols to follow in the occurrence of these events. One way to organize and categorize these is by employing the so-called cyber defense matrix where among others, elements such as, risk, layer or stratum at which the incident occur or was detected, action to be taken, etc. are arranged.
One of the weakest element in any cybersecurity infrastructure is the so-called human factor, i.e. the employment of individuals to actually infiltrate and jeopardize systems. This can indeed take different forms, e.g. via email manipulation or impersonation --e.g. spam, phishing attempts--, or even convincing individuals of plugging-in physical devices such as USB sticks of unknown origin in their computers, etc. The most direct form of these attack techniques even target specific individuals by learning and correspondingly acting based on someone's typical preferences or behaviors. The generic term employed to describe this type of attacks is social engineering, as they are designed and calibrated to the specific idiosyncrasy of the victim's target. These attacks are still responsible for large number of cybersecurity breaches, and has been reported that even robust implementations, such as the utilization of MFA combined with other authentication mechanisms, could be overcome by convincing and carefully crafted manipulation. One of the best advises against this type of manipulative attacks is to always remain vigilant and suspicious, in particular do NOT trust any sources of unknown origin.
- "Social engineering in cybersecurity: The evolution of a concept", J.M.Hatfield; Computers & Security 73 (2018) https://doi.org/10.1016/j.cose.2017.10.008
With the recent advances of quantum computers, one of the potential applications and immediate concerns is the capability for "powerful" enough quantum devices to break the encryption algorithm used nowadays. At the beginning of 2017, the NIST launched a request for proposals to develop standards to develop Post-Quantum Cryptographic (PQC) algorithms. Further information about this ongoing effort can be found in the following links:
- "NIST / Post-Quantum Cryptography" - Accessed: June 14, 2023 https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022
- "Post-quantum cryptography", Bernstein, Lange; Nature 549 (2017) https://www.nature.com/articles/nature23461
- "Cisco / Post Quantum Security Brief" - Accessed: June 14, 2023 https://www.cisco.com/c/en/us/products/collateral/optical-networking/solution-overview-c22-743948.html
AESAdvanced Encryption Standard (symmetric)ARCAdvanced Research ComputingCVECommon Vulnerability and ExposureDESData Encryption Standard -- unsecure deprecated, replaced by AES (https://www.rfc-editor.org/rfc/rfc4772.txt)DHDiffie-Hellman algorithmDDoSDistributed DoS attackDoSDenial of Service attackECCElliptic Curve CryptographyECDHElliptic Curve Diffie-HellmanECDSAElliptic Curve Digital Signature AlgorithmEdDSAEdwards-curve Digital Signature AlgorithmECMQVElliptic Curve MQVHPCHigh Performance Computing, aka supercomputingHTTP|HTTPSHyperText Transfer Protocol, secure hypertext transfer protocolMFA|2FAMulti-Factor (or Two-Factor) Authentication, see MFAMQVMenezes-Qu-Vanstone, authentication protocol for key agreement based on DHOTPOne Time PasswordPGPPretty Good PrivacyPKCPublic Key Cryptography, aka asymmetric cryptographyPQCPost-Quantum CryptographyRSARivest-Shamir-Adelman algorithm (asymmetric)SHASecure Hash AlgorithmsshSecure Shell, see sshSSLSecure Sockets LayerTLSTransport Layer Security protocol, security protocols applied to communications within a computer networkVPNVirtual Private Network, see VPNVNCVirtual Network Computing, see VNC
Last Modified: Jun. 14, 2023 -- v 1.0