As the technology evolves, communication is very essential among people (Zaidan, Zaidan, and Majeed, 2010). This being the case, there is need for a secure system that keeps unwanted intrusion to the data that is being transmitted. For security reasons, the information that is sent ought to be in a format that is unrecognizable to make it secure and get to the intended destiny. There are many encryption algorithms that have been developed to ensure that the data being sent is secure from external intrusion.
A good encryption system should be able to determine whether the data source and receiver of a given piece of information is authentic. For a communication system to be secure, it needs to have various facilities that will fully eliminate the threats to security (Kamakoti, Ananth and Karthikeyan, 2005). One of the facilities the system should have is data privacy. This is to ensure that the system is able to protect all data being sent by ensuring that the originally sent data is not manipulated by unauthorized persons.
Another feature is to ensure confidentiality of the information being transmitted. This feature ensures that information is not disclosed to persons who are not authorized. This is so because information should only be known to the sender and the receiver. Authentication is another core value of the system that allows the receiver to ascertain the right sender of a given block of information, and therefore any intruder who tries to masquerade as the sender should be blocked by all means. Nonrepudiation is the ability of the system to prove that the message that was sent really belongs to a given sender, and therefore, the sender cannot be able to deny sending a given message at a later time. Thus the system implementing the security of the system should be able to determine the right sender of a given information. The system should also have the ability to secure a communication session from any external intrusion as well as attacks that cause denial of service attacks.
As Stinson (2002) points out, in order to ensure that the data being transmitted is secure, there is need to transform it into a form that cannot be read by an intruder using cryptography. Cryptography can be described as the science and art of protecting any information that is being transmitted from the sender to the receiver. Encryption refers to the process of converting the plain readable data into a form that cannot be easily read by any intruder. Decryption is the process of changing the encrypted data into the original format that can be read by humans. There exist many encryption systems. One of such encryption systems is the Triple Data Encryption System. This system works by extending the size of the DES keys and applying the DES encryption system three times in succession but with three different keys, making it more secure against the brute force techniques that are used.
In the case of Alice and the manager, there is need to determine whether Alice really intended to give the bank manager a gift. Firstly, there is no evidence to show whether Alice had earlier communicated with the manager to give a basis as to whether Alice requested the manager to debit her account. Secondly, there is a concern as to why Alice never transferred the money herself to the manager’s account. Thirdly, investigation into the confidentiality of the Personal Identification Number and password is to be questioned. And if she shared it with the manager, then an explanation should be given on the same. Unless investigated, the case under study has two answers. There may be a collaboration between the manager and the customer or worse still the manager could have manipulated the message to support his act. The system should also be checked for nonrepudiation in order to ascertain that Alice was the one who sent the message only to deny it later.
If the Super Secure Bank decides to have the 3 DES system after such an attack has happened, the first thing that the bank will do together with Alice is enter an agreement to seal the loop hole and calm controversy. This can be done through refunding the money to Alice. At first, the bank will be liable for failing to ensure that the funds that are saved in bank account held in their bank are secure. This is to ensure that the other customers of the bank do not get into such trap. On the other hand, such information when put in public domain will add up to a bigger problem that will prove difficult to manage and can lead to the loss of customers as well as putting off the potential customers. Another core issue that can arise will include lack of trust from the customers as they will be very cautious especially when they are banking with the institution.
The Triple Data Encryption Service (3DES), is a cryptographic system that uses the cipher algorithm on a data block three times, whereas the Advanced Encryption Standard system of encoding deals with the use of substitution and permutation network to encrypt data. 3DES is a technology that relies on the earlier technology and does have a weakness. This weakness is the susceptibility of the system to plain text attacks that can easily beat the security of the 3DES system. The AES on the other side uses various encryption key lengths, which include 128, 192 and 256 bits respectively. Whereas the 3DES system just relies on the 56 bits that are well defined by the DES standard.
The 3DES system uses a block length of 64 bits whereas the AES system relies on 128 bits (Schaffer, Glaser andFranzon, 2004). The use of the 3DES technology has a weakness in that it requires that the keys be changed after every 32GB of data being transferred in order to minimize any possibility of a leakage occurring. The AES system has an extra security feature that allows it to even sniff the data that leaks while it is being transmitted from the sender to the receiver especially with the identical blocks. From the explanation above, the AES system is far much better to provide information security as compared to the 3DES system.
The AES system is better when it comes to securing data that is being transferred from one host to another as it has a capability of even detecting the leaked data (Nath, Ghosh, and Mallik, 2010). According to the case of Alice, such a system could have been used to know whether Alice or Bob the manager was the source of the information that led to the transfer of $1,000,000.
By knowing the real source of the text, it will be easy to detect any unusual behavior in the communication systems. The encryption system that is in place currently is not a good one as it was not able to detect the malpractice. Making it vulnerable to any attacks directed to the online transaction of the bank. A good system should have been able to have some way of reporting any right or wrong-doing with regard to the money that was transferred from the client’s account by a senior employee.
The senior board of directors will therefore improve on the policies on security of all the data and information about the clients in the bank in order to avoid scenarios which can be costly to the bank. They should also provide training to their employees on professional ethical values. The customers should be advised to keep their bank details confidential in order to avoid any unwanted access to their accounts. A good security system will ensure that any unwanted intrusion is kept away from the information and data.
A.A.Zaidan, B.B.Zaidan, Anas Majeed, (2010). “High Securing Cover-File of Hidden Data
Using Statistical Technique and AES Encryption Algorithm”, World Academy of Science Engineering and Technology (WASET), Vol.54.
A.Nath, S.Ghosh, M.A.Mallik, (2010). “Symmetric key cryptography using random key
generator” Proceedings of International conference on SAM-2010 held at Las Vegas(USA) 12-15 July, , Vol-2,P-239-244.
Dr. V. Kamakoti, G. Ananth and U.S. Karthikeyan, (2005).”Cryptographic Algorithm Using a
Multi-Board FPGA Architecture”, Nios II Embedded Processor Design Contest—Outstanding Designs
Dr. S. Muhammad Siddique and Muhammad Amir “GSM Security Issues and Challenges”
Proceedings of the Seventh ACIS International Conference on Software Engineering,
- Stinson. (2002). “Cryptography: Theory and Practice”, Chapman and Hall: CRC,
- Schaffer, A. Glaser, & P. D. Franzon, (2004).”Chip-Package Co-Implementation of a Triple
DES Processor”, IEEE Transactions on Advanced Packaging, Vol. 27,(1).
- Hoornaert, J. Goubert, and Y. Desmedt, “Efficient hardware implementation of the DES,” in
Proc. Adv. Cryptol. (CRYPTO’84), 1984, pp. 147–1