Prepare a short research paper of approximately 1300-1500 words, double-spaced,
ID: 3726293 • Letter: P
Question
Prepare a short research paper of approximately 1300-1500 words, double-spaced, exclusive of cover, title page (optional), and table of contents (optional), endnotes, and bibliography. Your paper must use APA formatting with the exception that tables and figures can be inserted at the appropriate location rather than added at the end.
A paper longer than the upper limit or not in APA format will cause loss of up to 5% points.
Submit the paper in your assignment folder as a Word attachment with the following file name:
YourlastnameFirstname INNS789 SP1.doc
(For example, my submission file would be TonyYorkmanINSS789 SP1.doc)
If you are unable to virus check your document, please submit as an RTF file rather than as a doc file. Please do not use macros in your document.
I may submit your paper to Turnitin.com to ensure non-paganization
Assume the following incidences happened years ago before there were agreements of cooperation between the US and the Cayman and Nevis Islands. So, neglect, the recent agreements between the US and the Cayman Islands government for your analysis.
Scenario:
Audrey, a high net worth customer, banks online at First Bank and Trust (FBT) and has agreed to use 3DES (also known as Triple DES) encryption in communicating with FBT. One day, Audrey received a statement showing a debit of $1,000,000 from her account. On inquiring, she was told that the bank manager, Julie, transferred the money out of Audrey’s account into an account of her own in an offshore bank in the Cayman Islands. When reached via long distance in the Cayman Islands, Julie produced a message from Audrey, properly encrypted with the agreed upon 3DES keys, saying:
“Thanks for your many years of fine service, Julie. Please transfer $1,000,000 from my account to yours as a token of my esteem and appreciation; Signed Audrey."
Audrey filed suit against Julie, FBT and the government of the Cayman Islands, claiming that the message was a forgery, sent by Julie herself and asking for triple damages for pain and suffering. FBT likes to file a counter suit against Audrey, claiming that all procedures were followed properly and that Audrey is filing a nuisance suit.
You have been employed by FBT as a cryptographic expert and consultant to investigate, give recommendations based on your findings including how to proceed with the suit and to produce a report for the FBT Board of Directors, which will provide the basis for them in determining how to proceed in this matter.
Your report to the Board of Directors should address but not limited to the following issues:
From the facts, as presented, what can be determined about whether Audrey intended to make Julie a gift of $1,000,000? State your conclusion and back it with facts that are reported above. Describe how did the facts help you in forming your conclusion?
What is the significance of Cayman Island? Did it affect your conclusion? If yes why? If no why?
Assuming FBT wishes to continue using only 3DES as its cryptographic system, what advice would you give to FBT. That is what could FBT have done to protect against this controversy arising?
And what advice you would give to the customer or what could Audrey do to protect against this controversy arising in future? Given that FBT wishes to continue using only 3DES as its cryptographic system.
Would this controversy have arisen if FBT and Audrey were using AES rather than 3DES?
What is a plausible explanation of what may have happened in this case?
Your report should clearly address these issues, with sufficient detail and background to allow the "cryptographically challenged" Board of Directors to understand 3DES. The report should explain: the issues involved, i.e., what went wrong and why; recommendation to formulate plans for how to approach the immediate legal issue with Audrey; and how to continue business in the future assuming that they want to continue using 3DES.
Explanation / Answer
Well to start with, 3DES stands for Triple Data Encryption Algorithm which is an enhanced version of DES. The major difference between 3DES and DES is the size of the key which helps in preventing the attacks.
In this case, the most probable reason which looks possible here is that out of the 3 keys used in the encryption paper, two of the keys are same which made it easier for the Julie to hack the keys and made the transfer possible.
Lets try to look into it deeply and understand the process what could have happened here. Lets suppose the keys used here are k1, k2 and k3. If we assume that k1=k3 is being used here and the process of Encrypt-Decrypt-Encrypt is used for the encryption purpose.
Now, with these keys available if during the encryption using the first key, if from backwards decryption also keeps happening then it might be possible to get the k2 which will be helpful in the decyption process. This might be a possible scenario here which may have helped Julie to get the money from Audrey.
Now, as the cryptographic expert from the Banks side, they are not at all the fault as the required keys have rightly been provided by the customer for the transfer to happen, Though, I can suggest them to improve their security atleast to AES (Advanced Encryption Scheme) which is faster as well as more secure than 3DES. Although it is practically impossible to guess the AES key by applying permutations and is vulnerable to attacks as of known till now.