`
`
`
`A.'«5.‘
`
`bimgzi‘srgegmkcxg 93%ED ‘ Document 194-? Filed :LZISOIOB Floge 2 of 26 Paggilatgiuelll: 0% 153
`
`This file is part ofthe documentation for the Linux FreeSfWAN project.
`See the documentation index or pmjectW for more information.
`
`Glossary for the Linux' FreeS/WAN project
`Entries are in alphabetical Order. Some antics an: only one line or one paragraph long. Others run to
`several paragraphs. I have nied to put the essential infin-naiion in the first paragraph so you can skip the
`other paragraphs if that soems appropriate.
`
`Jump to a letter in the glossary:
`
`
`numtioABQQEEGHIJKLMNQEQBSIHKEXKZ
`
`Other glossaries
`Other glossaries which overlap this one include:
`
`glossary portion of themm
`an extensive mytogtaphio glossary on 13111811311: page.
`The M'smm on them site.
`an Willi: Crypto Glossary
`flueIEIIE providoa glosmofihugnm as RFC 1983
`a small glossary for-Internet Secum'ty a! magma.
`The gm fiom Richard Smith's bookW
`More general glossary 0% dictionary information:
`
`.IIIIIO
`
`. Free Online Dictionary of Computing (FQLDOC)
`0 mm
`0 Ema:
`0 132m
`Them: are many more mirrors ofthis dictionary.
`. Mummmopmm ,
`o The Jargon File, the definitive tesomce for hacker slang and folklore
`0 Somalia
`0
`all 11
`0 W
`Thom are also many mirror; of this. See the home page for a list.
`A generalMargy)!
`An onlino djgjjonm more: pagg with pointm's to many dictionarioi for many languages
`Am that accesses several hundred onlino diofiooaries
`O'Reifly mgfifgflaxslmmanmmmlm
`
`W0
`
`.1.
`
`hm:://libcny.fi'oeswan.org/ficcswgn_troeslfi-oeswanw1.Sldodglossal‘j’h‘r—ml
`
`2121/2002
`
`VN ET00221395
`
`Page 1 of 25
`
`VIRNETX EXHIBIT 2008
`
`Apple V. VirnetX
`Trial IPR2015-00812
`
`VIRNETX EXHIBIT 2008
`Apple v. VirnetX
`Trial IPR2015-00812
`
`

`

`Lin8§§§§é9gffiwqgg§9ai§ED Document 194-? Filed 12/30/0S Page 3 of 26 Pagetggfiigéifié
`
`Definitions
`
`3DES (Triple DES)
`Using three Q13 encryptions on a Single data block, with at least two different keys, to get higher
`security than is available from a single DES pass. The three-key version of 313138 is the default
`encryption algorithm for LAELQSEISESLKALL
`
`ESEQ always does SDES with three different keys, as required by RFC 2451. For an explanation
`of the two—key variant, see mc__key_nipleDES. Both use an E1113 encrypt—decrypt—encrpyt
`sequence of operations.
`
`Single DES is Insecure
`
`Double DES is ineffective. Using two 56-bit keys, one might expect an attacker to have to do 2112
`work. to break it. In fact, only 257 work is required with a meet-inalieumiddle attack, though a
`large amount of memory is also required. Triple DES is vulnerable to a similar attack, but that just
`reduces the work factor from the 2168 one might expect to 2112. That provides adequate protection
`against Erotigfiorcg attacks, and no better attack is known.
`
`3DES can be somewhat slow compared to other ciphers. It requires three DES encryptions per
`block. DES was designed for hardware implementation and includes some operations which are
`difficult in software. However, the Speed we get is quite acceptable for many uses. See
`henchinarics below for details.
`
`Active attack
`An attack in which the attacker does not merely eavesdrop (see pas31veattagk) but takes action to
`change, delete, reroute, add, forge or divert data. Perhaps the best-known active attack is manna-
`
`AES '
`The Advanced Encryption Standard, a new blockcipher standard to replace ,QES being developed
`by ELISE, the US National Institute of Standards and Technology. DES used 64-bit blocks and a
`56—bit key. AES ciphers use a 128—bit block and are required to support 128, 192 and 256-bit keys.
`Some ofthem support other sizes as well. The larger bIOck size helps resist hir_th_day_auacks while
`the large key size prevents brutejggeattacks.
`
`'0'.
`
`Fifteen proposals meeting NIST’s basic criteria were submitted in 1998 and subjected to intense
`discussion and analysis, "round one" evaluation. In August 1999, NEST narrowed the field to five
`"round two" candidates:
`m from IBM
`ESQ fi‘om RSA
`Bjjnfiiafl from two Belgian researchers
`Serpent, a British—Norwegian—Israeli research collaboration
`‘
`. Twofish from the consulting firm Counterpane
`We expect I_l_’_S_EQ will eventually use the ABS winner, and we expect to see a winner (or more
`than one; there is an ongoing discussion on that point) declared in the summer of 2000.
`Adding one or more AES ciphers to Linux, EreeS/Ww would be useful undertaking, and
`considerable freely available code exists to start from. One complication is that our code is built
`for a 64-bit block cipher and ABS uses a 128-bit block. Volunteers via the mailinglist would be
`
`http:lilibertyfreeswan.org/fieeswan_trew/fieeswan—l.3/doc/glossary.hfml
`
`'
`
`2/21/2002
`
`Page 2 of 25
`
`VNET00221396
`
`

`

`
`
`Case 6:07-CV-00080-LED Document 1944’ Filed 1230108 Page 4 01‘26 PagelD #: 8915
`Linux FreeSfWAN Glossary
`.
`Page 3 of 25
`
`welcome.
`
`For more information, see the nglfirflisjonnapage ‘or the Bloclg,,§;iphe_r,_L_oungeAESzhsge. For
`code and benchmarks see Brian Gladman's page.
`
`AH
`
`The £135,139 Authentication Header, added after the IP header. For details, see our REEL:
`Overview document and/or RFC 2402.
`Alice and Bob
`.
`.
`A and B, the standard example users in writing on cryptography and coding theory. Carol and
`Dave join them for protocols which require more players.
`
`BruceSchneler extends these with many others such as Eve the Eavesdropper and Victor the
`Verifier. His extensions seem to be in the process ofbecoming standard as well. See page 23 of
`Applied Cryptography
`
`Alice and Bob have an arousing biography on the web.
`
`' ARPA
`
`ASIO
`
`Australian Security Intelligence Organisation.
`Asymmetric cryptography
`See mitotic keyucmmgrafiiy.
`Authentication
`Ensuring that a message originated from the expected sender and has not been altered on route.
`IPSEC uses authentication in two places:
`- authenticating the players in LKE's Dingflellntan key exchanges to prevent manna—the
`middle attacks. This can be done in a number ofways. The methods supported by
`FreeS/WAN are discussed in our configuration document.
`o authenticating packetson an established SA, either with a separate authenticationheader or
`with the optional authentication in the BS}: protocol. In either case, packet authentication
`uses a bashed messaggathentication code technique.
`
`4
`
`Outside IPSEC, passwords are perhaps the most common authentication mechanism. Their
`function is essentially to authenticate the person's identity to the system. l’asswords are generally
`only as secure as the network they travel over. If you send a cleartext password over a tapped
`phone line or over a network with a packet sniffer on it, the security provided by that password
`becomes zero. Sending an encrypted password is no better, the attacker merely records it and
`reuses it at his convenience. This is called a geplay attack.
`A common solution to this problem is a g;_,._a_llenge:respnnse system. This defeats simple
`eavesdropping and replay attacks. Ofcourse an attacker might still try to break the cryptographic
`algorithm used, or the randomnunjiber generator.
`
`Automatic keying
`-
`A mode in which keys are automatically generated at connection establisment and new keys
`automaically created periodically thereafter. Contrast with muuelheying in which a single stored
`key is used.
`
`http://libertv.freeswau.orsJ’freeswanflnees/freeswan—1.3/d00/glossaryhtm1
`
`2/21[2002
`
`Page 3 of 25
`
`VN ET00221397
`
`

`

` . Case 6:07-cv-00080-LED Document 194—7 ‘ Filed 12/30l08 Page 5 of 26 Pa eID #: 8916
`
`Linux FreeS/WAN Glossary _
`
`age 4 of 2.5
`
`IPSEC uses the Diffie-lj ellman key: exchange protocol to create keys. An authentication
`mechansim is required for this. The methods supported by FreeS/WAN are discussed in our
`
`Having an attacker break the authentication is emphatically not a good idea. An attacker that
`breaks authentication, and manages to subvert some other network entities (DNS, routers or
`gateways), can use a manlirgthemiddleafiagk to break the security of your IPSEC connections.
`
`However, having an attacker break the authentication in automatic keying is not quite as bad as
`losing'the key in manual keying.
`. An attacker who reads letc/ipsec.conf and gets the keys for a manually keyed connection
`can, Without further effort, read all messages encrypted with those keys, including any old
`messages he may have archived.
`o Automatic keying has a property called perfect forward secrecy. An attacker who breaks the
`authentication gets none of the automatically generated keys and cannot immediately read
`
`any messages. He has to mount a successful man;in;,t_he
`hack in real time before he
`
`can read anything. He cannot read old archived messages
`nd will not be able to read
`any future messages not caught by man—in-thevmiddle tricks.
`That said, the secrets used for authentication, stored in jpseefiecrentsgfi), should still be protected as
`tightly as cryptographic keys.
`same
`A vendor of routers, hubs and related products, now a subsidiary of Northern Telecom.
`Interoperation between their IPSEC products and Linux FreeS/WAN was problematic at last
`report; see our compatibility document.
`benchmarks
`Our default block cipher, triplejflfifi, is slower than many alternate ciphers that might be used.
`Speeds achieved, however, seem adequate for many purposes. For example, the assembler code
`from the LLBQEQ library we use encrypts 1.6 megabytes per second on a Pentium 200, according
`to the test program supplied with the library.
`
`The University ofWales at Ab erysrwyth has done quite detailed tests and put their results on the
`Vveb.
`
`Even a 486 can handle a T1 line, according to this mailing list message:
`
`IPSec Masquerade
`linuXuipsec:
`Subject: Re:
`Date: Fri, 15 Jan 1999 11:13:22 ~0500
`From : Michael Richards on
`
`. a 486/66 has been clocked by Phil Kern to do
`.
`10Mb/e encryption..
`that uses all the CPUr
`so half that to get some CPU,
`and you have 5Mb/s. 1/3 that for 3DES and you get 1,6Mb/e....
`
`From an Internet Draft The ESP Triple DES Transform:
`
`Phil Kern has tuned DES-EDE3—CBC software to achieve 6.22 Mbps with a
`133 MHz Pentium. Other DES speed estimates may be found at
`[Schneier95, page 279] . Your milage may vary.
`
`If you want to measure the loads FreeS/WAN puts on a system, note that tools such as top or
`measurements such as load average are more—or—less useless for this. They are not designed to
`measure something that does most of its work inside the kernel.
`
`http://liberty. freeswan.org/fi‘eeswanmtrees/fieeswan- 1 .3/doc/glossary.html
`
`2/21 [2002
`
`Page 4 of 25
`
`VNETOO221398
`
`

`

`
`
`Case SFoi-cvwoooao-LED Document 194-7 Filed 1230108 Page 6 of 25 PagelD #: 3917
`Linux FreeSfWAN Glossary
`_
`I
`Page 5 of 25
`
`BIND
`
`Berkeley Internet Name Daemon, a Widely used implementation of ELIE (Domain Name Service).
`See our bibliography for a use£u__1_re_ferenc_e_. See the BllfiDhornempage for more information and
`the latest version.
`
`Birthday attack
`A cryptographic attack based on the mathematics exemplified by the birwthclaywparadogg. This math
`turns up whenever the question of two cryptographic operations producing the same result
`becomes an issue:
`- collisions in messagedjgest functions.
`. identical output blocks from a h19§l§..§i.11h§1:
`- repetition of a challenge in a ghachugflespflise system
`Resisting such attacks is part of the motivation for:
`o hash algorithms such as fiflA and BjBEMQg-LQQ giving a 160~bit result rather than the 128
`bits of MD&, MDS and RIPEMD~128.
`.
`- flfifi block ciphers using a 128-bit block instead of the 64wbit block of most current ciphers
`. LRSEQ using a 32-bit counter for packets sent on an automaticaiiymheyed EA and requiring
`that the connection always be rekeyed before the counter overflows.
`Birthday paradox
`‘
`Not really a paradox, just a rather counter-intuitive mathematical fact. In a group of 23 people, the
`chance of a least one pair having the same birthday is over 50%.
`
`The second person has 1 chance in 365 (ignoring leap years) ofmatching the first. If they don't
`match, the third perSon's chances ofmatching one of them are 2/365. The 4th, 3/3 65, and so on.
`The total of these chances grows more quickly than one might guess.
`
`Block cipher
`A gymflr‘c cipher which operates on fixedesize blocks of plaintext, giving a block of ciphertext
`for each. Contrast with streamigipher. Block ciphers can be used in various modes when multiple
`block are to be encrypted. "
`
`DES is among the the best known and widely used block ciphers, but is now obsolete. Its 56-bit
`key size makes it highl insecure today. 'Imrjpiemflflfi is the default transform for Llnux
`EreeS/WAN because i
`is the only cipher which is both required in the gigs and apparently
`
`The current generatiori of block ciphers —— such as Eioflflsh, QASI:_I_;§ and lDEA. —- all use 64ebit
`blocks and 128-bit keys, The next generation, AES, uses 128—bit blocks and supports key sizes up
`to 256'bits.
`
`The Block Cipher Lounge web site has more information.
`
`Blowfish
`,
`A blgpmlgciphgr using 64ubit blocks and keys ofup to 448 bits, designed by Brggefichneier and
`used in several products.
`
`This is not required by the LESEQ RFCs and not currently used in LinuggfinefimeAgfl.
`
`Brute force attack (exhaustive search}
`Breaking a cipher by trying all possible keys. This is always possible in theory (except against a
`
`one-timepad), but it becomes practical only if the key size is inadequate. For an important
`
`rhttp:I’/liberty.freeswan.org/freeswanfltrees/fieeswan—l .3/doc/glossaryhtml
`
`2/21/2002
`
`
`
`Page 5 of 25
`
`VN ET00221399
`
`

`

`
`
`Case 6:07-cv-00080-LED Document 194-7 Filed 1280/08 Page 7 of 26 PagelD #: 8918
`3 Linux FreeS/‘WAN Glossary
`Page 6 of 25
`
`example, see our document on the insecurity of DES with its 56—bit key. For an analysis of key
`sizes required to resist plausible brute force attacks, see this paper.
`
`Longer keys protect against brute force attacks. Each extra bit in the key doubles the number of
`possible keys and therefore doubles the work a brute force attack must do. A large enough key
`defeats any brute force attack.
`
`For example, the EFF‘s DES Cracker searches a 56—bit key space in an average of a few days, Let
`us assume an attacker that can find a 64~bit key (256 times harder) by brute force search in a
`second (a few hundred thousand times faster). For a 96—bit key, that attacker needs 232 seconds,
`just over a century. Against a 128—bit key, he needs 232 centuries or about 400,000,000,000 years.
`Your data is then obviously secure against brute force attacks. Even if our estimate of the
`attacker‘s speed is offby a factor of a million, it still takes him 400,000 years to crack a message.
`
`This is Why
`. single DEE is now considered dangerously,_insec_u_r_e
`- any cipher we add to Linux FreeS/WAN will have at least a 90~bit key
`. all of the current generation of Elockeiphers use a 128—bit or lenger key
`. _A_EE ciphers support kcysizes 128, 192 and 256 bits
`Cautions:
`.
`Inadequate keyiength always indicates a weak cipher but it is important to note that adequate ‘
`keylength does not necessarily indicate a strong cipher. There are many attacks other than brute
`force, and adequate keylength only guarantees resistance to brute force. Any cipher, Whatever its
`key size, will be weak if design or implementation flaws allow other attacks.
`
`Also, once you have adequatekeylength (somewhere around 90 or 100 bits), adding more key bits
`make no practical difi‘brencgeyen against brute force. Consider our 128—bit example above that
`takes 400 billion years to break by brute force. Do we care if an extra 16 bits of key put that into
`the quadrillions? No. What about 16 fewer bits reducing it to the 1 12-bit security level of rage
`QEE, which our example attacker could break in just over a billion years? No again, unless we're
`being really paranoid about safety margins.
`
`There may be reasons of convenience in the design of the cipher to support larger keys. For
`example Elgyyfgh allows up to 448 bits and 39A up to 2048, but beyond IOU-odd hits it makes no
`difference to practical security.
`
`Bureau of Export Administration
`see BXA
`
`BXA
`
`The US Commerce Department‘s Bureau of Export Administration which administers the EAE
`Export Administration Regulations controling the export of, among other things, cryptography.
`
`CA
`
`Certification Authority, an entity in a Eublicmkeyjnfrastructuge that can certify keys by signing
`them. Usually CAs form a hierarchy. The top of this hierarchy is called the moLQA.
`
`See Web of Trust for an alternate model.
`
`CAST—128
`A block cjpm using 64—bit blocks and 128—bit keys, described in RFC 2144 and used in products
`such as Entrust and recent versions of 13.92.
`
`http:/flibertv.freeswan.org/freeswanEtrees/freeswan-1 .3/doc/glossaryhtm1
`
`7
`
`2/21/2002
`
`Page 6 of 25
`
`VN ET002214OO
`
`

`

`Case 6:07fcv-00080—LED Document 194-? Filed 1280/08 Page 8 of 26 PagelD #: 8919
`Linux FreeSfWAN Glossary
`Page 7 of25
`
`This is not required by the EEG RFCs and not currently used in Linux FreeS/WAN.
`
`.
`CAST-256
`Quinn's candidate cipher for the fl§flgdmd, largely based 0n the QASTJ 28 design.
`CBC mode
`de, a method of using a blockmpher in which for each block except the
`Cipher Block Chaining to
`tion is XORed into the new block before it is encrypted.
`first, the result of the previous 'encryp
`CBC is the mode used in lEEEQ.
`
`An initialisatunixector (IV) must be provided. It is XORed into the first block before encryption.
`The IV need not be secret but should be different for each message and unpredictable-
`
`Certification Authority
`see git
`
`Cipher Modes
`Different ways of using a block cipher when encrypting multiple blocks.
`
`Four standard modes Were defined for DES in ELEE 81. They can actually be applied with any
`block cipher.
`Electronic
`ELLE CodeBook
`CBC Cipher Block
`"WW“ Chaining
`CFB Cipher FeedB ack
`OFB Output FeedB ack
`IREEQ uses QEQ mode since this is only marginally slower than E08 and is more secure. In ECB
`mode the same plaintext always encrypts to the same ciphertext, unless the key is changed. In
`CBC mode, this does not occur.
`'
`
`.
`encrypt each block independently
`XOR previous block ciphertext into new block plaintext before
`encrypting new block
`
`Various other modes are also possible, but none of them are used in 1? SEC.
`
`Challenge—response authentication
`randwnuniber, encrypts'it and sends
`An authentication system in which one player generates a
`nds back the result. If the result is
`the result as a challenge. The other player decrypts and se
`knew the appropriate secret, required
`correct, that proves to the first player that the second player
`for the decryption.
`
`ique exist using publichey or syrnrlreme cryptography. Some provide
`Variations on this techn
`assuring each player of the other's identity.
`two—way authentication,
`number is different each time, this defeats simple eavesdropping and replay
`Because the random
`glut still try to break the cryptographic algorithm used, or the
`attacks. Of course an attacker mi
`Landomnsunber generator.
`
`Ciphertext
`output of a cipher, as opposed to the unencrypted plaintext input.
`The encrypted
`A vendor ofrouters, hubs and related products. Their IPSEC products interoperate'with Linux
`
`..§.I.t:.
`FreeSfWAN; see our compatibilitxdo
`
`slim
`.
`
`httn://lihertv.Freeswanercffreeswan tree
`
`s/ti‘eeswan-l .3fdoc/glossaryhtml
`
`2/21/2002
`
`Page 7 of 25
`
`VN ET0022 1 401
`
`

`

`
`
`.
`
`Case 6:07—cv-00080-LED Document 194 7 Fil
`—
`
`Linux FreeSfWAN Glossary
`
`ed 12/30/08
`
`Page 9 0f 26 ith'QUi-zigzo
`-
`
`Conventional cryptography
`See symmetriccryptosraphy
`Collision resistance
`The property of a messagicflgest algorithm which makes it hard for an attacker to find or
`construct two inputs which hash to the same output.
`Copyleft
`see GNU Gemlwublichense
`hmrmt the Canadian organisation for signalsiatelligence-
`ComumcatlonssecuntyEsta
`DARPA (sometimes just ARPA)
`The US government's Defense Advanced Research Projects Agency. Projects they have funded
`over the years have included the Arpanet which evolved into the Internet, the TCP/lP protocol
`suite (as a replacement for the original Arpanet suite), the Berkeley 4.x BSD Unix projects, and
`
`Secure DN S.
`'
`
`CSE
`
`For current information, see their web site,
`
`Denial of service (DOS) attack
`An attack that aims at denying some service to legitimate users of a system, rather than providing
`a service to the attacker.
`0 One variant is a flooding attack, overtvhelming the system with too many packets, to much
`email, or whatever.
`-
`o A closely related variant is a resource exhaustion attack. For example, consider a "TCP
`SYN flood" attack. Setting up a TCP connection involves a threeapacket exchange:
`0 Initiator: Connection please (SYN)
`o Responder: OK (ACK)
`0 Initiator: OK here too
`Ifthe attacker puts bogus source information in the first packet, such that the second is
`never delivered, the seeponder may wait a long time for the third to come back. Ifresponder
`has already allocated memory for the connection data structures, and ifmany of these bogus
`packets arrive, the responder may run out of memory.
`- Another variant is to feed the system undigest'ble data, hoping to make it sick. For example,
`IP packets are limited in size to 64K bytes and a fragment carries information on where it
`starts within that 64K and how long it is. The "ping of deat " delivers fragments that say,
`for example, that they start at 60K and are 20K. long. Attempting to reassemble thse
`without checking for overflow can be fatal.
`.
`The two example attacks discussed were both quite effective when first discovered, capable of
`crashing or disabling many operating systems. They were also well—publicised, and today far
`fewer systems are vulnerable to them.
`The Data Encryption Standard, ahlochcipfiher with 64-bit blocks and a 56—bit key. Probably the
`most widely used synnrretriccrpher ever devised. DES has been a US government standard for
`their cum use (only for unclassified data), and for some regulated industries such as banking, since
`the late 70‘s.
`‘
`'
`
`DES
`
`DhSissericnslyinsesmeaaainstcunentmtaqhs.
`Linus,Emee§MAhl includes DES since the RFCs require it, but our default configuration refuses
`to negotiate a connection using it. We strengly recommend that single DES not be used.
`See also 3DE_S_- and 91352:, stronger ciphers based on DES.
`
`httozl/libertv.freeswan.oralfreeswanjreesffreeswan—1 .3[doc/glossaryhtml
`
`2121/2002
`
`Page 8 of 25
`
`VNETOD221402
`
`

`

`
`
`Case 6:07wcv-00080-LED Document 194-? Filed 12f30/08 Page 10 of 26 PageID #: 8921
`Linux FreeS/WAN Glossary
`Page 9 of25
`
`DESX
`An improved D_E_S suggested by Ron Rivest of RSA Data Security. It. XORs extra key material
`into the text before and after applying the DES cipher.
`
`This is not required by the laser; RFCs and not currently used in Lihfl.,£EQE_SM$N- DESX
`would be the easiest additional transform to add; there would be very little code to write. It would
`be much faster than 3DES and almost certainly more secure than DES, However, since it is not in
`the RFCs other IPSEC implementations cannot be expected to have it.
`
`- DH
`
`'
`566 Difimzflellmfian
`Diffie—Hellman (DH) key exchange protocol
`A protocol that allows two parties without any initial shared secret to create one in a manner
`immune to eavesdropping. Once they have done this, they can communicate privately by using
`that shared secret as a key for a block cipher or as the basis for key exchange.
`
`The protocol is secure against all passive attacks, but it is not at all resistant to active man—iu—the;
`mndddleamttaclgs. if a third party can impersonate Bob to Alice and vice versa, then no useful secret
`can be created. Authentication is a prerequisite for safe Dime-Hellman key exchange.
`
`IPSEC can use any of several authentication mechanisirns. Those supported by FreeS/WAN are
`discussed in our configuration document.
`
`Digital signature
`Take a messagedigest of a document and encrypt it with your private key for some publiclgey
`cryptosystem. I can decrypt with your public key and verify that the result matches the digest I
`calculate. This proves that the encrypted digest was created with your private key.
`
`Such an encrypted message digest can be treated as a signature since it cannot be created Without
`both the document and the private key which only you should possess. The legal issues are
`complex, but several countries are moving in the direction of legal recognition for digital
`signatures.
`
`DNS
`
`Domain Name Service, a distributed database through which names are associated with numeric
`addresses and other information in the Internet Protocol Suite. See also BIND, the Berkeley
`Internet Name Daemon which unplements DNS services and SmeLS. See our bibliography
`for a useful reference on both.
`DOS attack
`see Denial Of Sci-M attack
`
`EAR
`
`The US government's Export Administration Regulations, administered by the Bureaufiofiflxport
`Administration. These have replaced the earlier flail; regulations as the controls on export of
`cryptography.
`ECB mode
`Electronic Code-Book mode, the simplest way to use a block cipher. See Qipherbzmdeg.
`
`EDE
`
`The sequence of operations normally used in either the three—key variant of tripleDES used in
`IESEC; or the pygL—Eg—ey variant used in some other systems.
`
`hflnzftlihartv.Freeswannre/fieeswan trees/freeswan-l.3/doc/alossarv.htrnl
`
`2/21/2002
`
`Page 9 of 25
`
`VNET00221403
`
`

`

`
`
`Case 6:07-cv-00080-LED D
`Linux FreeSfWAN Glossary
`
`-
`‘
`'
`-
`ocument194 7 Filed 12130108 Page 11 of 26 PagaeglglfibpggZ
`
`The sequence is:
`o Encrypt with keyl
`o Decrypt with key2
`.
`— Encrypt with key3
`For the twowkey version, keylikeyB.
`
`The "advantage" of this EDE order of operations is that it makes it simple to interoperate with
`older devices offering only single DES. Set key1=key23key3 and you have the worst of both
`worlds, the overhead of triple DES with the security of single DES. Since singlcpl-:15"isninseourc,
`this is a rather dubious "advantage".
`
`The EDE two—key variant can also interoperate with the EDE three—key variant used in IRSEQ;
`just set k1=k3.
`
`Entrust
`A Canadian company offerring enterprise PKI products using Q.AST<1,_2S symmetric crypto, RSA
`public key and 21,592 directories.
`
`EFF
`
`Elegtronic,_E_rontier£pundation, an advocacy group for civil rights in cyberspace.
`Encryption
`.
`Techniques for converting a readable message (piainteggt) into apparently random material
`(,ciphertegt) which cannot be read if intercepted. A key is required to read the message.
`
`Major variants include symmetric encryption in which sender and receiver use the same secret key
`and publicise); methods in which the sender uses one of a matched pair of keys and the receiver
`uses the other. Many current systems, including Efifig, are hyhgids combining the two
`techniques.
`
`ESP
`
`'
`Encapsulated Security Payload, the LPS EC protocol which provides myption. It can also
`provide audienticafion service and may be used with null encryption (which we do not
`
`recommend). For details see our 135.1399
`document and/or RFC 2406.
`Extruded subnet
`.
`_
`A situation in which something IP sees as one network is actually in two or more places.
`
`For example, the Internet may route all traffic for a particular company to that firm's corporate
`gateway. It then becomes the company‘s problem to get packets to various machines on their
`filmets in various departments. They may decide to treat abranch office like a subnet, giving it IP
`addresses “on" their corporate net. This becomes an extruded subnet.
`
`Packets bound for it are delivered to the corporate gateway, since as far as the outside world is
`concerned, that subnet is part of the corporate network. However, instead of going onto the
`corporate LAN (as they would for, say, the accounting department) they are then encapsulated and
`sent back onto the Internet for delivery to the branch office.
`-
`
`For information on doing this with Linux FreeSfWAN, look in our gonfigiratmn file.
`
`Exhaustive search
`See bnnetorccattadc.
`
`FIP S
`
`httoz/flibertv.freeswan.org/fleeswan__trees/freeswan—1.3/doc/glossaryhtml
`
`2/21/2002
`
`Page 10 of 25
`
`VNET00221404
`
`

`

`
`
`F - LmugfigegwAeg—8?O%§Q%ED Document 194-? Filed 12.80/08 Page 12 of 26 Peggyfi‘bf8g23
`
`Federal Information Processing Standard, the US government’s standards for products it buys.
`These are issued by ELISE. Among other things, DES and Elia, are defined in FIPS documents.
`NIST have a Elffihomepage.
`Free Software Foundation (FSF)
`An organisation to promote free software, free in the sense of these quotes from their web pages
`
`"Free software“ is a matter of liberty, not price. To understand the concept, you
`should think of "free speech", not "free beer. "
`
`"Free software“ refers to the users' freedom to run, copy, distribute, study, change and
`improve the software.
`-
`-
`
`
`
`FSF
`
`see Free sofiwarefppndm
`GCHQ
`-
`GovernmentCommunicauonsHeadquarters the British organisation for signals..,i.n1elligenc.e.
`
`GILC
`
`Global Internet Libermgaflpaign, an international organisation advocating, among other things,
`free availability of b cryptography. They have a campalgn to remove cryptographic software from
`the Hasssnaernrnangsrncnt.
`-
`Global Internet Liberty Campaign
`
`G_lob_al_lru.stlisgist_er
`An attempt to create something like a root CA for E by publishing both as a book and on the
`web the fingerprints of a set of verified keys for well—known users and organisations.
`'
`-
`The GNU Multi—Precision library code, used in Limz fleeS/‘WAN by Pluto for public key
`calculations.
`
`GMP
`
`GNU
`
`GPG
`
`.
`GNU‘S Not Unix, the fireefiofifiyyarefigpndafignls project aimed at creating a free system with at
`least the capabilities of Unix. Linux uses GNU utilities extensively.
`'
`
`see QMinjyacyfinard
`.
`GNU General Public mm (GPL, copyleft)
`The license developed by the Ensigojtmaflgnndation under which Linus, Lintnc_E_reeSB_N__Al\l
`and many other pieces of software are distributed. The license aliows anyone to redistribute and
`modify the code, but forbids anyone fi‘om distributing executables Without providing access to
`source code. For mOre details see the filewe included with (3le source distributions,
`including ours, or the.QHLJ...S.LI§5§.§.EL.R§E§-
`
`Hash
`
`see msssasedigcsi
`Hashed Message Authentication Code (HMAC)
`using keyed messagedigest functions to authenticate a message. This differs from other uses of
`these functions:
`
`http://libertvfi'eeswan.org/treeswan_trees/freeswan—1 .3/docfglossaryhtml
`
`2/2 1/2002
`
`Page 11 of 25
`
`VNET00221405
`
`

`

`
`
`Linux‘iipefiWfigggggngED Document 194—? Filed 12/30l08- Page 13 of 26 m1?) at28924
`
`a In normal usage, the hash function's internal variable are initialised in some standard way.
`Anyone can reproduce the hash to check that the message has not been altered.
`- For HMAC usage, you initiaiise the internal variables from the key. Only someone with the
`key can reproduce the hash. A successful check of the hash indicates not only- that the
`. message is unchanged but also that the creator knew the key.
`The exact techniques used in IPSEC are defined in RFC 2104. They are referred to as HMAC-
`MD5—96 and HMAC-SHA-96 because they output only 96 bits of the hash. This makes some
`attacks on the hash functions harder.
`HMAC
`.......................... Q A.....__._._.w..4c_......._._..__Wv._..__.
`see flashed Message Authentication Code
`HMACuMDS—Qo
`see Bastions/lessens.Authenticaticngcde
`HNIAC—SHAw96
`see Hashed Message Authentication Code
`Hybrid cryptosystem
`A system using both pfihlicwlgey and syinmetnccrpher techniques. This works well. Public key
`methods provide key management and digital signature facilities which are not readily available
`using symmetric ciphers. The symmetric cipher, however, can do the bulk of the encryption work
`much more efficiently than public key methods.
`
`IAB
`
`ICMP
`
`IDEA
`
`mmgmmhitecture Board.
`
`Internet Control Message Protocol. This is used for various IP—oonnected devices to manage the
`network.
`
`International Data Encrypion Algorithm, developed in Europe as an alternative to exportable
`American ciphers such as DEB which were too weak for serious use. IDEA is a block cipher using
`64—bit blocks and 128-bit keys, and, is used in products Such as BQB.
`
`IDEA is not required by the IP SEQ RFCs and not currently used in LinuxFieeS/WAN
`
`IDEA is patented and, with strictly limited exceptions for personal use, using it requires a license
`from Astana.
`
`IESG
`
`{ETF
`
`IKE
`
`Liston Engineering. Steeringfirbup.
`'
`7
`
`Internet Eng'mceringj‘ask Force, the umbrella organisation whose various working groups make
`most of the technical decisions for the Internet. The IETF lESBQchrkinggrgug wrote the BEQs
`we are implementing.
`Internet Key Exchange, based on the Bifiiegflellman key exchange protocol. IKE is implemented
`in Linuanflesfiflafi by the flatndaenien.
`-
`Initialisation Vector (IV)
`Some cipher mcdgs, including the QBQ mode which IPSEC uses, require some extra data at the
`beginning. This data is called the initialisation vector. It need not he secret, but should be different
`for each message. Its function is to