1.       Go to a popular online e-commerce site like Amazon.com. Place several items in your shopping cart, and then go to check out. When you reach the screen that asks for you credit card number, right-click on the Web browser and select “Properties.” What can you find out about the cryptosystems and protocols in use to protect this transaction?

Amazon uses encryption to hide the information and then can decrypt that information if they need. They do the encryption using S3-managed encryption keys.

4.    Perform a Web search for “Announcing the Advanced Encryption Standard (AES).” Read this document which is a FIPS 197 standard. Write a short overview of the development and implementation of this cryptosystem.

FIPS is Federal Processing Standard. It was designed as an algorithm that is capable of protecting government information from getting out. This system is designed to be very secure and hard to crack into without help.

Case Exercises

Discussion Questions

1.      Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using brute force?

No, he wasn’t exaggerating about the time required.  To crack an encryption key would take a very long time with even the fastest of computers. It would be very long and would take a lot of processing power to do it.

2.      Are there any tools that someone like peter could use safely, other than a PKI based system that implements key recovery, to avoid losing his passphrase?

There are tons of apps or programs that will store and keep your passwords safe. Forgetting passphrase makes it very hard to recover if someone were to take control of the account or system using the leaked passphrase.

 

Ethical Decision Making

1.      Would a use of such a tool be an ethical violation on Charlie’s part? Is it illegal?

Yes, she stole and copied a company encryption key. This would be ethically wrong and goes against her company’s policy.

 

2.      Suppose that Charlie had implemented the key logger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information entered on company systems. Two days after Peter’s call, Charlie calls back to give Peter his key: “We got lucky and cracked it early.” Charlie says this to preserve Peter’s illusion of privacy. Is such a “little white lie” an ethical action on Charlie’s part?

No, lying is not ethical especially in the corporate setting. Peter trusted Charlie to do her job a certain way. She then proceeds to do it a different way and lie about what she did.