Encryption

How Can You Tell When Information is Secure?

While Web surfing feels safe, it may not always be secure. Information that you send over the internet could be intercepted by an eavesdropper if it is not encrypted (scrambled). This isn't usually a big problem unless you are sending important information, such as a credit card number.

Any information sent over the Internet can be intercepted by a third party. If the information is not encrypted, the third party can use the intercepted information in any way. For example, a hacker might 'listen' to your computer when you are buying a product off an insecure Web site. In that case, if the credit card number is not encrypted, the hacker can easily get it.

Encryption in browsers: SSL

To solve this problem in browsers, the SSL (Secure Socket Layer) protocol was created. It encrypts any communication between your computer and the server your computer is 'talking' to. Never send any private information (such as Social Security Number, credit card numbers, etc.) over the Web without having SSL enabled.

You can check whether SSL is enabled at any point, if you look at the address bar. The displayed URL should start with "https://", not "http://", as in most pages.

Internet Explorer with SSL enabled
Firefox with SSL enabled
An Internet Explorer message that tells you that the connection from now on will be encrypted. Firefox also has a similar message.
This menu tells you that the connection from now on will not be encrypted

SSL is widely supported by modern browsers and is embraced by e-commerce sites as the primary security solution.

(Further information is available from http://liblearn.osu.edu/tutor/les8/pg3.html )
Lock icon:

Both Firefox and Internet Explorer also display a closed "lock" icon (like the one in the illustration) at the bottom of the browser window when viewing a "secure" page (one located on a secure server that encrypts or scrambles data transmissions). If you click on the lock icon (double-click in Internet Explorer), you will see security information about the page you are currently viewing.

Certificates:

A certificate is a Web server's ID badge, a tamper-resistant file that identifies the individual or organization to whom it is issued and ensures that no other site can assume its identity. The certificate guarantees the authenticity of a Web site. If you are submitting any sensitive information (such as a credit card number), your browser should be set to examine certificates.

Viewing your Browser's Security Settings

• Example: Internet Explorer 8:

  Select Tools, then Internet Options from the browser menu. Then click on the Advanced tab at the top of the options window. Scroll down to the bottom of the list of advanced options to see your security settings. [To make changes to security settings, click on the Security tab in the options window and use the slider in that panel.]

  

• To view the security settings with Firefox 3.6:

  Select Tools, then Options from the browser menu. Click on the Security button at the top of the Options menu.

Email is not secure: PGP

After all, e-mail communication goes via Internet, therefore its security can be questioned. In fact, sending a usual message by e-mail is somewhat similar to sending a postcard without envelope by conventional mail: anybody (especially a postman, of course) can read it along the way. Therefore, try not to send unencrypted e-mails that contain information that is really important to you.

In the next lab, we will discuss a method that can be used to encrypt email.

How much privacy do we have?

What information is readily available about us and who has it on the internet?

Your Laboratory

1. Using Firefox, go to www.amazon.com Follow the instructions below to click through certain pages on the site. Watch the URLs. Make a note of when the URL changes to https. You should note that the lock icon changes at that point too. You may also get an alert warning (depends on the browser settings.)
   1. Click on New customer? Start here near the top of the page (under the bar across the top)
   2. answer yes or no as appropriate and then click on Sign in using our secure server.
   3. Write down exactly what happens after you click on the sign in button.
   4. Click on the lock icon in the bottom right corner of the browser.
   5. Write down what it says in the window that pops up.
   6. Click on the View button in that pop-up window.
   7. Now click the back button on the browser until you are no longer looking at an encrypted page. How can you tell?
   8. Click on the lock icon again. (It should be unlocked.)
   9. Write down exactly what it says in the window that pops up.
   Now we are going to repeat the same process, using Internet Explorer.
2. Using Explorer, go to www.amazon.com Follow the instructions below to click through certain pages on the site. Watch the URLs. Make a note of when the URL changes to https. You should note that the lock icon shows up at that point too. You may also get an alert warning (depends on the browser settings.)
1. Click on New customer? Start here near the top of the page (under the bar across the top)
2. answer yes or no as appropriate and then click on Sign in using our secure server.
3. Write down exactly what happens after you click on the sign in button.
4. Click on the lock icon in the bottom right corner of the browser.
5. Write down what it says in the window that pops up.
6. Click on the Details tab in that pop-up window.
7. Now click the back button on the browser until you are no longer looking at an encrypted page. How can you tell?
8. Look for the lock icon again. (What happened to it?)