1. Go to a popular online e-commerce site like Amazon.com. Place several items in your shopping cart, and then go to check out. When you reach the screen that asks for your credit card number, right-click on the Web browser and select “Properties.” What can you find out about the cryptosystems and protocols in use to protect this transaction?
I used Amazon for this assignment. When I got to the screen that was asking for payment data, I realized they used a cryptosystem like RSA. There is a public key using public encryption that is only decipherable by the host. There is also a private key for the host of the transaction. This is a system that replaced the NBS algorithm. There are 4 steps to the process.
1. Key generation
2. Key distribution
2. Repeat Exercise 1 on a different Web site. Does this site use the same or different protocols? Describe them.
I did the same project but this time I used Target’s website. I was not surprised to find that they had very similar security protocols that functioned in the same way just with a different look. Once again there was a public and private key and it followed the same steps.
Case Exercises – Discussion Questions
1. Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack?
Charlie was not exaggerating when he was saying that would take a hundred trillion years or so, while the number may not be exact it’s a pretty accurate estimation. If you look at even a 98-bit key with modern computing power, you would still be looking at a couple billion years. To move up to the 256-bit key you could easily expect it to take hundreds of trillions of years.
2. Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase?
They can implement a central system operated by a CA or RA which can generate strong keys. It can also function for uses such as private-key backup, key recovery, and key revocation.
Ethical Decision Making
1. Would the use of such a tool be an ethical violation on Charlie’s part? Is it illegal?
This would be an ethical violation on the part of Charlie. Putting a key logger onto company computers especially when you’re doing it without company knowledge is illegal and unethical. The potential for Charlie to have access to confidential material and exploit it is too high.
Is such a “little white lie” an ethical action on Charlie’s part?
I still don’t think this is an ethical decision on the part of Charlie. While the rest of the employees have signed waivers and the senior executives are aware of the key logger, it is unethical to keep Peter in the dark even if it is to “protect his illusion of privacy.”