1. Go to a popular online e-commerce site like Amazon.com. Place several items in your shopping cart, and then go to check out. When you reach the screen that asks for you credit card number, right-click on the Web browser and select “Properties.” What can you find out about the cryptosystems and protocols in use to protect this transaction?
On Amazon.com, I found that there are a few cryptosystems and protocols in place. The most interesting thing I found was that there were 12,292 blank lines of code before anything was actually written. Amazon ensures a secure transaction by encrypting the users information on the users end, and then decrypts their information on their end.
2. Repeat Exercise 1 on a different Web site. Does this site use the same or different protocols? Describe them.
Instead of going to Amazon, for this exercise I went to eBay. I noticed that eBay has a similar system to Amazon. The user’s information is encrypted and then sent to one of eBays servers. Once it reaches an eBay server, the server will decrypt the information and charge the users desired account. Essentially, sites like Amazon and eBay use an encryption system known only to themselves, and make minor switches to the encryption system regularly to ensure that no information is lost, stolen, or misused by their company.
3. Perform a Web search for “Symantec Desktop Email Encryption (powered by PGP Technology).” Download and install the trial version. Using the tool and your favorite e-mail program, send a PGP-signed email to your instructor. What looks different in this e-mail compared to your other e-mails?
This email looked more large and confusing compared to any other email I have ever sent. Since I was confused, I decided not to encrypt the email, but to just email my professor the encryption key. I hope that she accepts the key as proof that I at least tried this exercise. This exercise took me about 30 minutes to do since I was so confused and had to Google what I was doing about 5 times.
4. Perform a Web search for “Announcing the Advanced Encryption Standard (AES).” Read this document which is a FIPS 197 standard. Write a short overview of the development and implementation of this cryptosystem.
Although this excersie prompted me to read all of “Announcing the Advanced Encryption Standard (AES)”, I found the document to be quite long and quite confusing as well. From what I read the development of this system was spearheaded by the NIST. The Advanced Encryption Standard is implemented in 14 very specific steps. If one wishes to use this cryptosystem, they must follow all 14 steps very carefully in order to comply with the Advanced Encryption Standard.
5. Search the Web for “steganographic tools.” What do you find? Download and install a trail version of one of the tools. Embed a short text file within an image. In a side-by-side comparison, can you tell the difference between the original image and the image with the embedded file?
During my research, I found that steganographic tools allow a user to embed hidden data inside a carrier file, such as an image or video, and later extract that data. According to Wikipedia “It is not necessary to conceal the message in the original file at all. Thus, it is not necessary to modify the original file and thus, it is difficult to detect anything. If a given section is subjected to successive bitwise manipulation to generate the cyphertext, then there is no evidence in the original file to show that it is being used to encrypt a file.” After downloading a trial version of StegFS, and embedding a short text file in an image, I was not able to identify a difference between the original image and the image with the embedded file.