Chapter 8 Exercises
1. Go to a popular online e-commerce site, like Amazon.com. Place several items in your shopping cart, and then go to check out. When you reach the screen that asks you for your credit card number, rick-click on the Web browser and select “Properties”. What can you find out about the cryptosystems and protocols in use to protect this transaction?
When I was trying to put item in my cart at amazon.com and trying to proceeding to check out, I find out there is a security button in the properties setting. This setting has the information about all the connection to this website. Including the server certificate issued by symantee class S secure server CA-G4, this site was encrypted by some protocol. And in the website dialog box, there is an icon like a shield, and this is meaning that this website is safe and the real website, my information won’t be stolen, this function can really help us in finding out the real website from the fake one.
2. Repeat Exercise 1, this time on a different online e-commerce site. Does this site use the same or different protocols? Describe them.
E bay is mostly the same function with the amazon, they both using the server certificate issued by Symantec class S secure server CA-G4, and was encrypted by some protocol. and I also discovered a really interesting common point, with every big and company’s website open, the browser I was using: Chrome was always shows up a locked green icon, and a word Secure next to it, also in the address it also turns the HTTP:// part to green. To inform you that the website you are now visiting is safe, then I tried the website I was build and this icon doesn’t shows up but only a gray “!” sign shows up saying this website’s safety is yet to be proved.
3. Perform a Web search for “Symantec Desktop Email Encryption (powered by PGP Technology).” Download and install the trial version. Using the tool and your favorite e-mail program, send a PGP-signed email to your instructor. What looks different in this e-mail compared with your other e-mails?
I was trying to search for “Symantec Desktop Email Encryption (powered by PGP Technology).” There is bunch of ad result pops out, many of the result are just seems similar, and I clicked the most upper website, it lead me to an Symantec website and then I clicked the trail option, and a dialog just asked me to enter my email, country, name, phone number, address. Even the job function and the job level just for a download. Now as far as I have suffered, even the big company like google or baidu could steal you personal information and sell it to other and give you the search result as long as whoever pays most, so as an information security student. I still got doubt about this website asking my information, so that I won’t give it any information and link it to any of my email.
4. Perform a Web search for “Announcing the Advanced Encryption Standard (AES).” Read this document, which is a FIPS 197 Standard. Write a short overview of the development and implementation of this cryptosystem.
Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-106) and the Computer Security Act of 1987 (Public Law 100-235). The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called cipher text; decrypting the cipher text converts the data back into its original form, called plaintext. The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. The NIST started development of AES in 1997 when it announced the need for a successor algorithm for the Data Encryption Standard (DES), which was starting to become vulnerable to brute-force attacks.
5. Search the Web for “steganographic tools.” What do you find? Download and install a trial version of one of the tools. Embed a short text within an image. In a side-by-side comparison, can you tell the difference between the original image and the image with the embedded file?
I searched the steganographic tools on the internet, and I just found out one software I was using every day was having just the same function with that. A steganography software tool allows a user to embed hidden data inside a carrier file, such as an image or video, and later extract that data.
It is not necessary to conceal the message in the original file at all. Thus, it is not necessary to modify the original file and thus, it is difficult to detect anything. If a given section is subjected to successive bitwise manipulation to generate the cyphertext, then there is no evidence in the original file to show that it is being used to encrypt a file.
I embed a short text with an image, and I can’t tell any different between the original image and the image with the embedded file, they looked totally same, but I just find out that the embed one was a little bigger than the original one.