A process (or a device incorporating such a process) that is designed to detect, prevent, or recover from a security attack. The mechanisms are divided into those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol.
Encipherment: The use of mathematical algorithms to transform data into a form that is not readily intelligible.The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.
Data integrity: A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
Digital Signature: Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g., by the recipient).
Authentication exchange: A mechanism intended to ensure the identity of an entity by means of information exchange.
Traffic padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Routing control: Enables selection of particular physically secure routes for certain data and allows routing changes.
Notarization: The use of a trusted third party to assure certain properties of data exchange.
Access Control: A variety of mechanisms that enforce access rights to resources.