Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 2 of 26 PageID #: 8913
`
`VIRNETX EXHIBIT 2015
`Apple v. Virnetx
`Case IPR2013-00349
`
`

`

`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 3 of 26 PageID #: 8914
`Lingpfiggs9$gw09g§grlyED Document 194-7 Filed 12/30/08 Page 3 of 26 Pagellléigig:2 $9?
`
`Definitions
`
`3DES (Triple DES)
`Using three _D_E_S encryptions on a single data block, with at least two different keys, to get higher
`security than is available from a single DES pass. The three-key version of 3DES is the default
`encryption algorithm for Linux}?re_e§1§§{Alfl.
`
`IPSEC always does 3DES with three different keys, as required by RFC 2451. For an explanation
`
`sequence of operations.
`
`Single DES is Insecure
`
`Double DES is ineffective. Using two 56—bit keys, one might expect an attacker to have to do 2112
`work to break it. In fact, only 257 work is required with a meet;in;theflniddlenattack, though a
`large amount of memory is also required. Triple DES is vulnerable to a similar attack, but that just
`reduces the work factor from the 2168 one might expect to 2112. That provides adequate protection
`against brutefgrce attacks, and no better attack is known.
`
`3DES can be somewhat slow compared to other ciphers. It requires three DES encryptions per
`block. DES was designed for hardware implementation and includes some operations which are
`difficult in software. However, the speed we get is quite acceptable for many uses. See
`
`Active attack
`
`An attack in which the attacker does not merely eavesdrop (see pa551veajtack) but takes action to
`change, delete, reroute, add, forge or divert data. Perhaps the best-known active attack is man-1n—
`the—middle. In general, authentication is a usefifl defense against active attacks.
`AES """""""""""""
`
`The Advanced Encryption Standard, a new blockCIpher standard to replace DES being developed
`by HIST, the US National Institute of Standards and Technology. DES used 64—bit blocks and a
`56-bit key. AES ciphers use a 128-bit block and are required to support 128, 192 and 256-bit keys.
`
`Fifteen proposals meeting NIST's basic criteria were submitted in 1998 and subjected to intense
`discussion and analysis, "round one" evaluation. In August 1999, NIST narrowed the field to five
`"round two" candidates:
`. Mars from IBM
`
`0 1195 from RSA
`
`. sergeIIIII nt,a British-Norwegian-Israeli research collaboration
`q
`0 TWOfish fiom the consulting firm Counterpane
`We expect IPSEC will eventually use the AES Winner, and we expect to see a winner (or more
`than one; there is an ongoing discussion on that point) declared in the summer of 2000.
`
`Adding one or more AES ciphers to LinuxfreeS/KAN“ would be useful undertaking, and
`considerable freely available code exists to start from. One complication is that our code is built
`for a 64-bit block cipher and AES uses a 128—bit block. Volunteers via the mgflmghst would be
`
`http://1iberty.freeswan.org/freeswan_trees/freeswan-1.3/doc/glossary.html
`
`2/21 /2002
`
`VNET00221396
`
`

`

`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 4 of 26 PageID #: 8915
`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 4 of 26 PageID #: 8915
`Linux FreeS/WAN Glossary
`‘
`Page 3 of 25
`
`welcome.
`
`For more information, see the Mtfilhfifihgmepage or the 1-3.1oek.-.Qiph.er.Lgunge__A.E§..page. For
`code and benchmarks see Brian Gladman's page .
`
`AH
`
`The IPSEC Authentication Header, added after the IP header. For details, see our IBSEC
`Overview document and/or RFC 2402.
`Alice and Bob
`A and B, the standard example users in writing on cryptography and coding theory. Carol and
`Dave join them for protocols which require more players.
`
`BruceSchneier extends these with many others such as Eve the Eavesdropper and Victor the
`Verifier. His extensions seem to be in the process of becoming standard as well. See page 23 of
`Applied Cryptography
`
`Alice and Bob have an amusing biography on the web.
`
`' ARPA
`see DAREA.
`
`ASIO
`
`Australian Security Intelligence Organisation.
`Asymmetric cryptography
`See public key crypt_ogr_a h .
`Authentication
`Ensuring that a message originated from the expected sender and has not been altered on route.
`IPSEC uses authentication in two places:
`
`o authenticating the players in IKE's D_iffi_e;1:lellrnan key exchanges to prevent man-in-the-
`middle attack_s. This can be done in a number of ways. The methods supported by
`FreeS/WAN are discussed in our configuration document.
`0 authenticating packets on an established 519;, either with a separate authenticationheader or
`with the optional authentication in the ESE protocol. In either case, packet authentication
`uses a hashed message athentication code technique.
`
`Outside IPSEC, passwords are perhaps the most common authentication mechanism. Their
`function is essentially to authenticate the person's identity to the system. Passwords are generally
`only as secure as the network they travel over. If you send a cleartext password over a tapped
`phone line or over a network with a packet sniffer on it, the security provided by that password
`becomes zero. Sending an encrypted password is no better; the attacker merely records it and
`reuses it at his convenience. This is called a replay attack.
`
`r
`
`A common solution to this problem is a challengezresponse system. This defeats simple
`eavesdropping and replay attacks. Of course an attacker might still try to break the cryptographic
`algorithm used, or the randomnumber generator.
`
`Automatic keying
`A mode in which keys are automatically generated at connection establisment and new keys
`automaically created periodically thereafter. Contrast with mnpaflggymg in which a single stored
`key is used.
`
`httD://libertv.freeswan.org/freeswan_trees/freeswan—1 .3/doc/g10ssary.htm1
`
`2/21 /2002
`
`VNET00221397
`
`

`

`
`
`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 5 of 26 PageID #: 8916
`Case 6:07-cv-00080-LED Document 194-7 1 Filed 12/30/08 Page 5 of 26 Pa%e|D #: 8916
`Linux FreeS/WAN Glossary
`age 4 of 25
`
`IPSEC uses the Diffie—Hellman key exchange protocol to create keys. An authentication
`mechansim is required for this. The methods supported by FreeS/WAN are discussed in our
`
`Having .an attacker break the authentication is emphatically not a good idea. An attacker that
`breaks authentication, and manages to subvert some other network entities (DNS, routers or
`gateways), can use a man-rn-themiddlfiewattack to break the security of your IPSEC connections.
`
`However, having an attacker break the authentication in automatic keying is not quite as bad as
`losing'the key in manual keying.
`. An attacker who reads /etc/ipsec.conf and gets the keys for a manually keyed connection
`can, Without further effort, read all messages encrypted with those keys, including any old
`messages he may have archived.
`o Automatic keying has a property called perfect forward secrecy. An attacker who breaks the
`authentication gets none of the automatically generated keys and cannot immediately read
`any messages. He has to mount a successful man-in-the—middleattack in real time before he
`can read anything. He cannot read old archived messages at all and will not be able to read
`any future messages not caught by man-in-the—middle tricks.
`That said, the secrets used for authentication, stored in 1psecsecrets(5), should still be protected as
`tightly as cryptographic keys.
`Bay Networks
`A vendor of routers, hubs and related products, now a subsidiary of Northern Telecom.
`Interoperation between their IPSEC products and Linux FreeS/WAN was problematic at last
`report; see our compatibility document.
`benchmarks
`
`Our default block cipher, triple_12l§§, is slower than many alternate ciphers that might be used.
`Speeds achieved, however, seem adequate for many purposes. For example, the assembler code
`from the LLBQEfi library we use encrypts 1.6 megabytes per second on a Pentium 200, according
`to the test program supplied with the library.
`
`The University of Wales at Aberystwyth has done quite detailed tests and put their results on the
`web.
`
`Even a 486 can handle a T1 line, according to this mailing list message:
`
`IPSec Masquerade
`linux—ipsec:
`Subject: Re:
`Date: Fri, 15 Jan 1999 11:13:22 -0500
`From: Michael Richardson
`
`. A 486/66 has been clocked by Phil Karn to do
`.
`.
`10Mb/s encryption..
`that uses all the CPU, so half that to get some CPU,
`and you have SMb/s. 1/3 that for 3DES and you get l.6Mb/s....
`
`From an Internet Draft 77w ESP Triple DES Transform:
`
`Phil Karn has tuned DES—EDE3—CBC software to achieve 6.22 Mbps with a
`133 MHz Pentium. Other DES speed estimates may be found at
`[Schneier95, page 279]. Your milage may vary.
`
`If you want to measure the loads FreeS/WAN puts on a system, note that tools such as top or
`measurements such as load average are more—or—less useless for this. They are not designed to
`measure something that does most of its work inside the kernel.
`
`http://liberty.freeswan.org/fieeswan_trees/fieeswan-l .3/doc/glossary.html
`
`2/21 /2002
`
`VNET00221398
`
`

`

`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 6 of 26 PageID #: 8917
` Case 6:6777-cv-00080-LED Document 194-7 Filed 12/30/08 Page 6 of 26 PageID #: 8917
`Linux FreeS/VVAN Glossary
`2
`Page 5 of 25
`
`BIND
`
`Berkeley Internet Name Daemon, a widely used implementation of «DES (Domain Name Service).
`See our bibliography for a usefulreference. See the Bllfilflhgrnepgge for more information and
`the latest version.
`
`Birthday attack
`A cryptographic attack based on the mathematics exemplified by the birthda paradox This math
`turns up whenever the question of two cryptographic operations producing t e same result
`becomes an issue:
`
`. ccllisicns in messagedigest functions.
`0 identical output blocks from a blockeipher
`. repetition of a challenge in a challenggregsggng system
`Resisting such attacks is part of the motivation for:
`o hash algorithms such as SBA and RIPEMD-l60 giving a 160—bit result rather than the 128
`bits of MD4, MDS and RIPEMD—128.
`o AES block ciphers using a 128—bit block instead of the 64—bit block of most current ciphers
`o IPSEC using a 32-bit counter for packets sent on an autgrnatieallymkeyed SA and requiring
`that the connection always be rekeyed before the counter overflows.
`Birthday paradox
`Not really a paradox, just a rather counter-intuitive mathematical fact. In a group of 23 people, the
`chance of a least one pair having the same birthday is over 50%.
`
`The second person has 1 chance in 365 (ignoring leap years) of matching the first. If they don't
`match, the third person's chances of matching one of them are 2/365. The 4th, 3/365, and so on.
`The total of these chances grows more quickly than one might guess.
`
`Block cipher
`A smwjric cipher which operates on fixed-size blocks of plaintext, giving a block of ciphertext
`for each. Contrast with strearneipher. Block ciphers can be used in various mgges when multiple
`block are to be encrypted. _‘
`
`DES is among the the best known and widely used block ciphers, but is now obsolete. Its 56-bit
`key size makes it highly insecure today. TrlpleDES is the default transform for Linux
`EreeS/YLAM because it is the only cipher which is both required in the RE_C_s_ and apparently
`SCCUI'C.
`
`The current generation of block ciphers -- such as Blgwtish, EASE-1.28“ and IDEA -- all use 64-bit
`blocks and 128-bit keys. The next generation, AES, uses 128-bit blocks and supports key sizes up
`to 256 bits.
`
`The Block Cipher Lounge web site has more information.
`
`.
`Blowflsh
`A blgckeipher using 64-bit blocks and keys of up to 448 bits, designed by BrueeSehneier and
`used in several products.
`
`This is not required by the .IRSEQ RFCs and not currently used in L_1nuxFL62.LWA__.
`
`Brute force attack (exhaustive search)
`Breaking a cipher by trying all possible keys. This is always possible in theory (except against a
`9miirn_e_pa_d_), but it becomes practical only if the key size is inadequate. For an important
`
`* http://liberty.freeswan.org/freeswan_trees/fre68wan-1 .3/doc/glossary.html
`
`2/2 1/2002
`
`VNET00221399
`
`

`

`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 7 of 26 PageID #: 8918
`.,
`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 7 of 26 PageID #: 8918
`3 Linux FreeS/WAN' Glossary
`Page 6 of 25
`
`example, see our document on the insecurity of DES with its 56-bit key. For an analysis of key
`sizes required to resist plausible brute force attacks, see this paper.
`
`Longer keys protect against brute force attacks. Each extra bit in the key doubles the number of
`possible keys and therefore doubles the work a brute force attack must do. A large enough key
`defeats any brute force attack.
`
`For example, the EFF's DES Cracker searches a 56-bit key space in an average of a few days. Let
`us assume an attacker that can find a 64—bit key (256 times harder) by brute force search in a
`second (a few hundred thousand times faster). For a 96-bit key, that attacker needs 232 seconds,
`just over a century. Against a 128-bit key, he needs 23’2 centuries or about 400,000,000,000 years.
`Your data is then obviously secure against brute force attacks. Even if our estimate of the
`attacker's Speed is off by a factor of a million, it still takes him 400,000 years to crack a message.
`
`This is why
`. single DES is now considered dangerouslymsecure
`c any cipher we add to Linux FreeS/WAN will have at least a 90—bit key
`. all of the current generation of h19§l$§iph§¥$ use a 128—bit or longer key
`0 AES ciphers support keysizes 128, 192 and 256 bits
`Cautions:
`.
`Inadequate keylength always indicates a weak cipher but it is important to note that adequate
`keylength does not necessarily indicate a strong cipher. There are many attacks other than brute
`force, and adequate keylength only guarantees resistance to brute force. Any cipher, whatever its
`key size, will be weak if design or implementation flaws allow other attacks.
`
`Also, once you have adequatekeylength (somewhere around 90 or 100 bits), adding more key bits
`make no practical dijference,even against brute force. Consider our 128-bit example above that
`takes 400 billion years to break by brute force. Do we care if an extra 16 bits of key put that into
`the quadrillions? No. What about 16 fewer bits reducing it to the 112—bit security level of Triple,
`DES, which our example attacker could break in just over a billion years? No again, unless we're
`being really paranoid about safety margins.
`
`There may be reasons of convenience in the design of the cipher to support larger keys. For
`example Blowfish allows up to 448 bits and 11,94 up to 2048, but beyond lOO-odd hits it makes no
`difference to practical security.
`
`Bureau of Export Administration
`see BXA
`
`BXA
`
`CA
`
`The US Commerce Department's Bureau of Export AdminiStration which administers the EAR
`Export Administration Regulations controling the export of, among other things, cryptography.
`
`Certification Authority, an entity in a publickeymintitastructure that can certify keys by signing
`them. Usually CAs form a hierarchy. The top of this hierarchy is called the rootCA
`
`See Web of Trust for an alternate model.
`
`.
`CAST-1 28
`A block cipher using 64—bit blocks and 128—bit keys, described in RFC 2144 and used in products
`such as firings: and recent versions of 1292.
`
`http://libertv.freeswan.org/freeswan_trees/freeswan-1 .3/doc/glossary.htm1
`
`2/21 /2002
`
`VN ET002214OO
`
`

`

`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 8 of 26 PageID #: 8919
`Case 6:07fcv-00080-LED Document 194-7 Filed 12/30/08 Page 8 of 26 PageID #: 8919
`Linux FreeS/WAN Glossary
`_
`Page 7 of 25
`
`This is not required by the IPSEC RFCs and not currently used in Linux FreeS/WAN.
`
`CAST—256
`Entrust‘s candidate cipher for the Ajfitandgd, largely based on the CAST—128 design.
`CBC mode
`"‘
`Cipher Block Chaining mode, a method of using a blockucipher in which for each block except the
`first, the result of the previous encryption is XORed into the new block before it is encrypted.
`CBC is the mode used in IPSEC
`
`An ifli_ti§li_§§£iQQ.X§§LQE (IV) must be provided. It is XORed into the first block before encryption.
`The IV need not be secret but should be different for each message and unpredictable.
`
`Certification Authority
`see Q,
`
`Cipher Modes
`Different ways of using a block cipher when encrypting multiple blocks.
`
`Four standard modes were defined for DES in ELIE 81. They can actually be applied with any
`block cipher.
`Electronic
`E913 CodeBook
`Cipher Block
`.
`.
`Chaining
`
`.
`encrypt each block independently
`XOR previous block Ciphertext into new block plaintext before
`.
`encryptlng new block
`
`913$
`
`CFB Cipher FeedBack
`OFB Output FeedBack
`IPSEC uses CBC mode since this is only marginally slower than ECB and is more secure. In ECB
`mode the same plaintext always encrypts to the same Ciphertext, unless the key is changed. In
`CBC mode, this does not occur.
`’
`
`Various other modes are also possible, but none of them are used in IPSEC.
`
`Challenge-response authentication
`An authentication system in which one player generates a randgmpurnher, encrypts it and sends
`the result as a challenge. The other player decrypts and sends back the result. If the result is
`correct, that proves to the first player that the second player knew the appropriate secret, required
`for the decryption.
`
`Variations on this technique exist using publiculgey or symmggic cryptography. Some provide
`two—way authentication, assuring each player of the other's identity.
`
`Because the random number is different each time, this defeats simple eavesdropping and replay
`attacks. Of course an attacker might still try to break the cryptographic algoritth used, or the
`Landgm...n_urnb_er generator.
`
`Ciphertext
`The encrypted output of a cipher, as opposed to the unencrypted plaintggg; input.
`
`.
`
`Cisco
`
`A vendor of routers, hubs and related products. Their IPSEC products interoperate with Linux
`FreeS/WAN; see our compatlblhtydocument
`
`htm://1ibertv.freeswan.or2/freeswan trees/freeswan-l .3/d0c/glossary.htm1
`
`2/21/2002
`
`VN ET00221401
`
`

`

`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 9 of 26 PageID #: 8920
`.
`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 P
`Linux FreeS/W'AN Glossary
`age 9 0f 26 Fi’ggglgojfflggzo
`
`Conventional cryptography
`See's.
`,....etrig..9ryntggraphy
`
`Collision resistance
`The property of a messagegfiggst algorithm which makes it hard for an attacker to find or
`construct two inputs which hash to the same output.
`Copyleft
`see GNU GeneralPubthLcense
`
`CSE
`
`Commun
`nsSecuntyEstabhshment the Canadian organisation for signals....intelligenc§.
`
`
`DARPA (somet
`just ARPA)
`The US government's Defense Advanced Research Projects Agency. Projects they have funded
`over the years have included the Arpanet which evolved into the Internet, the TCP/IP protocol
`suite (as a replacement for the original Arpanet suite), the Berkeley 4.x BSD Unix projects, and
`Secure DNS.
`
`For current information, see their websrte
`
`Denial of service (DOS) attack
`An attack that aims at denying some service to legitimate users of a system, rather than providing
`a service to the attacker.
`0 One variant is a flooding attack, overwhelming the system with too many packets, to much
`email, or whatever.
`-
`o A closely related variant is a resource exhaustion attack. For example, consider a "TCP
`SYN flood" attack. Setting up a TCP connection involves a three-packet exchange:
`0 Initiator: Connection please (SYN)
`o Responder: OK (ACK)
`0 Initiator: OK here too
`If the attacker puts bogus source information in the first packet, such that the second is
`never delivered, the responder may wait a long time for the third to come back. If responder
`has already allocated memory for the connection data structures, and if many of these bogus
`packets arrive, the responder may run out of memory.
`0 Another variant is to feed the system undigestible data, hoping to make it sick. For example,
`IP packets are limited in size to 64K bytes and a fragment carries information on where it
`starts within that 64K and how long it is. The "ping of death" delivers fragments that say,
`for example, that they start at 60K and are 20K long. Attempting to re—assemble thse
`,
`without checking for overflow can be fatal.
`The two example attacks discussed were both quite effective when first discovered, capable of
`crashing or disabling many operating systems. They were also well—publicised, and today far
`fewer systems are vulnerable to them.
`The Data Encryption Standard, a blockmcipher with '64-bit blocks and a 56-bit key. Probably the
`most widely used symmetricmpher ever devised. DES has been a US government standard for
`their own use (only for unclassified data), and for some regulated industries such as banking, since
`the late 70's.
`'
`
`DES
`
`DES inscrinusly in...s__eeureagain§t_gnrrent.att.agks
`/WAN includes DES since the RFCs require it, but our default configuration refuses
`a connection using it. We strOneg recommend that single DES not be used.
`
`
`to negotia
`
`See also iQES and DESX, stronger ciphers based on DES.
`
`httn://libertv.freeswan.org/freeswanfitrees/freeswan—1 .3/doc/glossaryhtm1
`
`2/21/2002
`
`VN ET00221402
`
`

`

`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 10 of 26 PageID #: 8921
`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 10 of 26 PageID #: 8921
`Linux FreeS/WAN Glossary
`Page 9 of 25
`
`DESX
`
`An improved DES suggested by Ron Rivest of RSA Data Security. It XORs extra key material
`into the text before and after applying the DES cipher.
`
`This is not required by the IESEC RFCs and not currently used in LmuxFreeS/WAN. DESX
`would be the easiest additional transform to add; there would be very little code to write. It would
`be much faster than 3DES and almost certainly more secure than DES. However, since it is not in
`the RFCs other IPSEC implementations cannot be expected to have it.
`
`. DH
`
`Diffie-Hellriian (DH) ~lzey exchange protocol
`A protocol that allows two parties without any initial shared secret to create one in a manner
`immune to eavesdropping. Once they have done this, they can communicate privately by using
`that shared secret as a key for a block cipher or as the basis for key exchange.
`
`“middlmenattacks. If a third party can impersonate Bob to Alice and vice versa, then no useful secret
`can be created. Authentication is a prerequisite for safe Diffie-Hellman key exchange.
`
`IPSEC can use any of several authentication mechanisims. Those supported by FreeS/WAN are
`discussed in our configuratlon document.
`
`Digital signature
`Take a inessagedigest of a document and encrypt it with your private key for some publigk§y
`cryptgsystern. I can decrypt with your public key and verify that the result matches the digest I
`calculate. This proves that the encrypted digest was created with your private key.
`
`Such an encrypted message digest can be treated as a signature since it cannot be created without
`both the document and the private key which only you should possess. The legal issues are
`complex, but several countries are moving in the direction of legal recognition for digital
`signatures.
`
`DNS
`
`Domain Name Service, a distributed database through which names are associated with numeric
`addresses and other information in the Internet Protocol Suite. See also E11211), the Berkeley
`Internet Name Daemon which implements DNS services and SimiDNfi. See our bibliography
`for a useful reference on both.
`
`DOS attack
`see Denial Of Service attack
`
`EAR
`
`The US government's Export Administration Regulations, administered by the E
`Administration. These have replaced the earlier IIAE regulations as the controls
`cryptography.
`ECB mode
`
`
`
`Electronic CodeBook mode, the simplest way to use a block cipher. See _Q_ip_her_l\_/I__gd_es
`
`EDE
`
`The sequence of operations normally used in either the three-key variant of tnpleDES used in
`I_P___S_E_Q or the Mgzlgey variant used in some other systems.
`
`hfln://lihertv.fieeswan.m‘g/fi‘eeswan trees/freeswan—l .3/doc/glossarv.html
`
`2/21/2002
`
`VN ET00221403
`
`

`

`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 11 of 26 PageID #: 8922
`Case 6:07-cv-00080-LED D0
`-
`'
`-
`Linux FreeS/WAN Glossary
`cument 194 7 Flled 12/30/08 Page 11 of 26 Pagaeglglgbgggz
`
`The sequence is:
`o Encrypt with keyl
`o Decrypt with key2
`o Encrypt with key3
`For the two—key version, keyl=key3.
`
`The "advantage" of this EDE order of operations is that it makes it simple to interoperate with
`older devices offering only single DES. Set keyl=key2=key3 and you have the worst of both
`worlds, the overhead of triple DES with the security of single DES. Since singIeMDES__is_._insecure,
`this is a rather dubious "advantage".
`
`The EDE two—key variant can also interoperate with the EDE three—key variant used in IPSEC,
`just set k1=k3.
`
`Entrust
`A Canadian company offerring enterprise PKI products using CAST-128 symmetric crypto, RSA
`public key and )_(_._5_(fi directories.
`
`EFF
`
`Electronic FrontlerFoundatlon, an advocacy group for civil rights in cyberspace.
`Encryption
`Techniques for converting a readable message (plaintext) into apparently random material
`(giphertext) which cannot be read if intercepted. A key is required to read the message.
`
`Major variants include symmem encryption in which sender and receiver use the same secret key
`and publickey methods in which the sender uses one of a matched pair of keys and the receiver
`uses the other. Many current systems, including IESEQ, are hybrids combining the two
`techniques.
`
`ESP
`
`’
`
`Encapsulated Security Payload, the IPSEC protocol which provides mgyptim. It can also
`provide authentication service and may be used with null encryption (which we do not
`recommend). For details see our IPSECOVerV1ew document and/or RFC 2406.
`Extruded subnet
`-
`.
`A situation in which something IP sees as one network is actually in two or more places.
`
`For example, the Internet may route all traffic for a particular company to that firm's corporate
`gateway. It then becomes the company‘s problem to get packets to various machines on their
`subnets in various departments. They may decide to treat a branch office like a subnet, giving it IP
`addresses "on" their corporate net. This becomes an extruded subnet.
`
`Packets bound for it are delivered to the corporate gateway, since as far as the outside world is
`concerned, that subnet is part of the corporate network. However, instead of going onto the
`corporate LAN (as they would for, say, the accounting department) they are then encapsulated and
`sent back onto the Internet for delivery to the branch office.
`.
`
`For information on doing this with Linux FreeS/WAN, look in our anfiguratign file.
`
`Exhaustive search
`
`FIPS
`
`http://libertv.freeswan.or2/freeswan_trees/freeswan- 1 .3/doc/glossary.html
`
`2/21/2002
`
`VN ET00221404
`
`

`

`F
`
`l
`
`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 12 of 26 PageID #: 8923
`LinuxCaseeeg/WAcMapogggnleD Document 194-7 Filed 12/30/08 Page 12 of 26 nggéq {4&8323
`
`Federal Information Processing Standard, the US government's standards for products it buys
`
`NIST have a Ellis..,hor_n_e_.page
`Free Software Foundation (F SF)
`An organisation to promote free software, free in the sense of these quotes from their web pages
`
`"Free software" is a matter of liberty, not price. To understand the concept, you
`should think of "free speech", not "free beer. "
`
`"Free software" refers to the users' freedom to run, copy, distribute, study, change and
`improve the software.
`
`
`
`See also GNU GNUGeneralPubthicense and theFSFSIte
`FreeSWAN
`
`see LinuxFreeS/WAN
`
`FSF
`
`see Free software Foundation
`
`GCHQ
`Government CormnunicatlonsHeadquarters the British organisation for signalsintelligence
`
`GILC
`
`Global Internet LibertyCampaign, an international organisation advocating, among other things,
`free availability of b cryptography. They have a campaign to remove cryptographic software from
`the Wrassenaarfirrangement.
`Global Internet Liberty Campaign
`
`An attempt tocreate something like a root CA for PGP by publishing both as a book and on the
`_vmb the fingerprints of a- set of verified keys for well-known users and organisations.
`
`The GNU Multi—Precision library code, used in Linux FreeS/WAN by Pluto for public keyr
`calculations.
`
`GNU’s Not Unix, the Ereefigftwargfioundatiqnls project aimed at creating a free system with at
`least the capabilities of Unix. Linux uses GNU utilities extensively.
`
`GMP
`
`GNU
`
`GPG
`
`The license developedby the Fiecejgftjarfipundation under which Linux,Linux.Eree§/1VAN
`and many other pieces of software are distributed. The license allows anyone to redistribute and
`modify the code, but forbids anyone from distributing executables without providing access to
`source code. For more details see the file COPYING included with GPLed source distributions,
`
`including ouIS, or theGNUSItesGBLpage
`GNU__P_ri_‘LacL_G_uard
`An open source implementation of Open IZQIZ as defined in RFC 2440.
`
`GPL
`
`Hash
`
`see messaged1gest
`Hashed Message Authentication Code (HMAC)
`using keyed message digest functions to authenticate a message. This differs from other uses of
`these functions:
`
`http://libertv.freeswan.org/freeswan_trees/freeswan-1 .3/doc/glossary.html
`
`2/2 1/2002
`
`VN ET00221405
`
`

`

`LinumeWEpfigQQcfig-LED Document 194-7 Filed 12/30/08 Page 13 of 26 WID¢E23924
`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 13 of 26 PageID #: 8924
`
`o In normal usage, the hash function's internal variable are initialised in some standard way.
`Anyone can reproduce the hash to check that the message has not been altered.
`o For HMAC usage, you initialise the internal variables from the key. Only someone with the
`key can reproduce the hash. A successfiil check of the hash indicates not only- that the
`, message is unchanged but also thatthe creator knew the key.
`The exact techniques used in IPSEC are defined in RFC 2104. They are referred to as HMAC-
`MD5-96 and HMAC-SHA—96 because they output only 96 bits of the hash. This makes some
`attacks on the hash functions harder.
`HMAC
`see HashedMessage.Authenticatignflgde
`HMAC-MD5—96
`see flashed.MessageAuthenticatigngode
`HMAC-SHA-96
`see Hashed Message Authentication Code
`Hybrid cryptosystem
`A system using both publickey and symmetricc1pher techniques. This works well. Public key
`methods provide key management and _d_igi_tal signature facilities which are not readily available
`using symmetric ciphers. The symmetric cipher, however, can do the bulk of the encryption work
`much more efficiently than public key methods.
`
`IAB
`
`ICMP
`
`IDEA
`
`IESG
`
`IETF
`
`IKE
`
`Internet Architecture Board.
`
`Internet Control Message Protocol. This is used for various IP—connected devices to manage the
`network.
`
`International Data Encrypion Algorithm, developed in Europe as an alternative to exportable
`American ciphers such as DES which were too weak for serious use. IDEA is a block cipher using
`64-bit blocks and 128—bit keys, and is used in products Such as 11,313,.
`
`IDEA is not required by the IESEQ RFCs and not currently used in LlnuxFreefi/NVLAM .
`
`IDEA is patented and, with strictly limited exceptions for personal use, using it requires a license
`
`Internet Engineering. Steering Group.-
`
`Internet Engineering_Task Force, the umbrella organisation whose various working groups make
`most of the technical decisions for the Internet. The IETF IBfiEnyorkingmgrgup wrote the RFCs
`we are implementing.
`
`Internet Key Exchange, based on the Diffie-Hellman key exchange protocol. IKE is implemented
`in Linuxjreefiflam by the EhiLQdaernon.
`Initialisation Vector (IV)
`Some cipher modes, including the CBC mode which IPSEC uses, require some extra data at the
`beginning. This data is called the initialisation vector. It need not be secret, but should be different
`for each message. Its function is to prevent messages which begin with the same text from
`encrypting to the same ciphertext. That might give an analyst an opening, so it is best prevented.
`
`IP
`
`Internet Protocol.
`
`IP masquerade
`
`htt'p://libertv.freeswan.org/freeswan_trees/fi’eeswan-l .3/doc/glossary.html
`
`2/21/2002
`
`VN ET00221406
`
`

`

`Case 6:07-cv-00080-LED Document 194-7 Filed 12/30/08 Page 14 of 26 PageID #: 8925
`Linux?§r§e§fWAW8PO8G LED Document 194-7 Filed 12/30/08 Page 14 of 26 Page|D3#bf%%25
`ossary
`Pagel
`
`A method of allowing multiple machines to communicate over the Internet when only one IP
`address is available for their use. See the Linux masquerade resource page for details.
`
`The client machines are set up with reserved non—routable IP addresses defined in RFC 1918. The
`masquerading gateway, the machine with the actual link to the Internet, rewrites packet headers so
`that all packets going onto the Internet appear to come from one IP address, that of its Internet
`interface. It then gets all the replies, does some table lookups and more header rewriting, and
`delivers the replies to the appropriate client machines.
`
`To use masquerade with Linux FreeS/WAN, you must set lefifirewall=ye