Question

you just received an email from bob, your investment banker, stating that he completed the wire transfer of $10,000 to your bank account in vietnam. the problem is, you do not have a bank account in vietnam!, so you immediately call bob to ask happened. bob explains that he received an email from you requesting the transfer. you insist you never sent that email to bob initiating this wire transfer. what aspect of pki could be used to best ensure that a sender actually sent a particular email message and avoid this type of situation?

Answer 1

The use of digital signatures within the Public Key Infrastructure (PKI) could have ensured that the email requesting a wire transfer was indeed sent by the true sender and not fraudulent.

Step-by-step explanation:

The aspect of Public Key Infrastructure (PKI) that could have prevented this situation is the use of digital signatures. A digital signature ensures the authenticity and integrity of a message, essentially serving as an electronic fingerprint. When an email is digitally signed, it provides a means for the recipient to verify that the message was indeed created by the sender whose private key was used to sign it and that it has not been altered during transit.

In practical terms, if Bob's email system had been set up to require digital signatures for all outgoing wire transfer requests, he would have been able to confirm that the email requesting the $10,000 transfer to Vietnam was sent by you. Since you did not send that request, the absence of your valid digital signature would have alerted Bob to the likelihood of fraudulent activity.

Therefore, for sensitive transactions such as wire transfers, implementing PKI with mandatory digital signatures could provide a high level of security and avoid such mishaps. It is also important to educate individuals on online communication security to prevent these types of fraud.