8:55 X @ bio Rey cS) ab (enc ae (Z el ue RU mol} block cipher An ideal block cipher is a theoretical model of a perfect encryption system where every plaintext block maps to a unique ciphertext block in a random and unpredictable way, but with a deterministic relationship defined by the key. Despite its theoretical strength, practical implementations of block ciphers face several problems: PCM CUEl uta * Problem: Ideal block ciphers require a unique key for each possible mapping of plaintext to ciphertext. * Issue: Managing, distributing, and securely storing such a large number of keys is impractical 2. Key Space Size * Problem: The key space for an ideal block cipher is extremely large (e.g., for Ui 1a ele a EL eae EL mappings). Vv CRC eesti Col MC Lfe (Rll Lolo} TW eeTer’ J ra) (& scanned with OKEN Scanner855 X @ GB 5c* 4 890% = ChatGPT G ETM Tia) ele amt LIL mappings) PEST -Smsle (oR Tel) cS) computationally infeasible to represent or process. Paes g Problem: Ideal block ciphers assume Tae MAI) y Nite MCM-D e Lee g Pele Issue: Implementing true randomness PIR RRL Ries MUR eof Ryle Mules ARS ile Deterministic Nature Trl) me eal aD Cierny 1M URES Ale kee elec) SRS Tan Rel) Lk ee) (ole [ee Tee Rec Rer in ted elite) CRORE s Puree ol Tlccae Block Size Limitation ced) y of an ideal block Corot oMN on the block size. Message (& scanned with OKEN Scanner8:55 X @ bio Rey SMa Cat 1d aa 5. Block Size Limitation * Problem: The security of an ideal block cipher relies heavily on the block size. * Issue: Smaller block sizes can lead to Croll Mut Xela ao while larger block sizes increase mmc ne Rest Tm OM Le Lt [eo * Problem: Real-world attackers may ote) el atoll toed implementation, not just theoretical CIES * Issue: Side-channel attacks (e.g., timing Cae Re nt mul eumaertt flaws can compromise security. AICS * Problem: Ideal block ciphers are not scalable for systems requiring frequent updates or dynamic encryption fates OSC te) el ele) a Message J i) (& scanned with OKEN Scanner855 X @ Ria ES = ChatGPT G TC re Se oT CIES * Issue: Side-channel attacks (e.g., timing or power analysis) and implementation flaws can compromise security. Veer Dog * Problem: Ideal block ciphers are not scalable for systems requiring frequent updates or dynamic encryption iu * Issue: The need for massive key storage and processing power limits scalability. 8. Randomness Assumption * Problem: The assumption of perfect randomness in the mapping between plaintext and ciphertext is theoretical. SEU oe Ne iT CRU Lo practical systems is almost impossible. ECR Ce ees me Pee ea ee SRC CIC Urs LC SEU MCE ture UCC eng CUNT Coli elt ae em Ase T} CeCe ACCC Se Message (& scanned with OKEN ScannerDigital Signature for Authentication Mee Re Reece ene agua ek ORO RCE uC uae NAS eli repudiation of a digital message or document. It is akin to a handwritten signature or a stamped seal Pee RC mR eet Key Objectives of Digital Signatures: BR leet RR aL elm a ee OM rein el even ea teeta ag erate eect d eee ec sant ute SM eas Sete eid eet eae at ik aaa eat ie Reels Digital Signature Algorithm (DSA) Meee RST Cr ella nee Rule ae ol ile map yoo at elas fer eR meme Clea aioe eer me R BUC. oe Chemie cele] Technology (NIST) in 1991. eT eo ey Ot Se Coals eae Ree eters OR id em Bom cei © scanned with OKEN ScannerPe elite gett ME a Cece ce mecne Racers pM dead Choose a large prime number, p, and a smaller prime q such that q divides p — 1. ee oe ee ee ae Oe Me eed oe lee ari ae a Calculate the public key y as: PAR Mle * Use a hash function (e.g., SHA-256) to hash the original message and produce a digest H(m) EMC atid * Choose a random number k such that 0 < k < q. Ce lata r=(g* mod p) mod q Cee et og Pei ear) mel] 4. Send the Signature and Message: oh * Send the message m. along with the signature pair (1, 8) to the receiver. © scanned with OKEN ScannerOO Advantages of DSA: (= Mi se alte ele alta Mite volgen lar oe ¢ Efficient key generation and verification processes. pits te ir liit- ||) Py b * Slower signature generation compared to RSA. * Vulnerable if poor random numbers are used for k. © scanned with OKEN ScannerX.509 Certificate Format Oe Tea eR Re ACU Rog ee MCU aa) Roki eae k) public key to an entity (like a user, device, or organization). It provides a standard format for public key fecal w 1. X.509 Certificate Structure An X.509 certificate typically contains the following key fields: Certificate Fields and Their Description SRT * Specifies the version of the X.509 standard (e.g, vi, v2, v3). ee Tiss * Aunique identifier assigned by the Certificate Authority (CA) to each certificate. EM ey. ead ind Oe se eee RO Ru Re elt Me eek ee age Cd * The name of the Certificate Authority (CA) that issued the certificate. © scanned with OKEN ScannerCages Col aR eRe od Ode eu Meade CER emu ee CER CI OM eV eM eee CER ee ae elem aot ra * The entity associated with the public key (e.g., domain name, email address, company). 7. Subject Public Key Info: Rae ee Rae elo lee as CM Cee AUR eRe lec Cie) ier etal acs * Key Usage: Specifies the intended purpose of the key (e.g., digital signature, key encipherment). * Subject Alternative Name (SAN): Allows multiple domains or emails. SMP ee OR RRs ome eres Lee Cae CMR eae Ce ew Csr rtd SS eerie ten ie ee carcc imate Were n oti l ora © scanned with OKEN Scanner3. Certificate Revocation When an X.509 certificate is no longer valid before its expiration date (e.g., due to compromise or misuse), it needs to be revoked by the Certificate Authority (CA). Reasons for Revocation: * Compromise of the private key. Ce ieee) ae-le(cnl e Mae lene mille Sea lel R a8 * CA improperly issued the certificate. ee mere ella 1. Certificate Revocation List (CRL): Ce Me Mae nea eR mene Mellel er ee ees) el shat] oe * Clients check the CRL to verify if a certificate is revoked. * CRs are updated periodically.2. Online Certificate Status Protocol (OCSP): ¢ OCSP is a real-time protocol that allows clients to check a certificate’s revocation status. se Male R ieee * Clients query an OCSP responder, which provides the revocation status (Good, Revoked, Unknown). Key Differences: CRL vs OCSP feat cRL Le) oi) 2 erie are cua Periodically updated Real-time checking Efficiency Less efficient More efficient Py ere Lela] ATR suid More complex © scanned with OKEN Scanner4. Certificate Revocation Steps: 1. The certificate holder notifies the CA about the compromise or invalidity. 2. The CA verifies the request. MAO Eee Bin Rachie CR oR nO Mel CHa Laie coke, Gale 4. Clients check the revocation status during authentication. Peer ire) * \509 certificates are essential for securing communications and verifying identities in digital Bye * Revocation mechanisms (CRL and OCSP) ensure that compromised or invalid certificates do not } Scanned with OKEN ScannerPere mull | Arrealm generally refers to a domain, territory, or scope of authority or knowledge. Its specific Ra kun Re ane na ett 1. In General Terms * Arealm can mean a kingdom, domain, or region over which someone (e.g., a monarch) has Prati Cs eel Ree 2. In Computer Science and Networking * In computer systems and networks, a realm refers to a logical boundary or domain used for Peau oe OMS ate Tn eu saa eg ee Key Example in Networking: * Kerberos Authentication Realm: fi Se ee ee ae ne et Rect © scanned with OKEN ScannerRR ea iB B Pie) OPEL ¢ Realm is an open-source database management system (DBMS) used primarily in mobile and desktop applications for offline storage and data syncing. Cs clans aie Pa Mayle) ol) eo eB es ona Ro oa mee ee) ae Meise alata) ee cun RRC r Mune emia eRe a cache ome lowes] Daley Example: “The hero journeyed to the enchanted realm to defeat the dragon.” PPM) amar amet cy Arealm can refer to a sphere of thought or knowledge, such as the realm of science or realm of imagination. Scanned with OKEN ScannerServices Provided by PGP (Pretty Good Privacy) PGP (Pretty Good Privacy) is a widely used encryption program designed to secure communications, data integrity, and authentication for email and file sharing. Developed by Phil Zimmermann in 1991, ee ee Ree Rue egy me M elie meg sree mel cede) Catia em pi eli a Sree aR Mele eo Re ARR Cu R io ula Cae ee say ke Me ROR eg RR le ME Ue Coa cic d is encrypted using the recipient's public key. « Example: Sensitive email content is encrypted so only the recipient with the correct private key can eae ton } Scanned with OKEN Scanner