The ever evolving technology that allows for the ease of data transfer in various communication systems that support a large amount of people. This being the case, all information that is sent ought to be in a format that is unrecognizable to make it secure and get to the intended destiny. As is the case, there are many encryption algorithms that have been developed to ensure that the data being sent is secure from external intrusion.
Equally, the encryption system should be able to ensure that the source of a given information is authenticated. For a communication system to be secure, it needs to have quite a number of measures that are necessary to fully eliminate the threats to security. One of the facilities that the system should have include integrity. This is to ensure that the system is able to protect all the data that is sent through it by ensuring that the originally sent data is not manipulated in any way other than the original format.
Another key feature is that the system should be confidential. This is a feature that exudes itself by ensuring that the information is not disclosed to persons who are not authorized and thus the information should only be known to the sender and the receiver. Authentication is another core value of the system that allows the receiver to ascertain the right sender of a given block of information, and therefore any intruder who tries to masquerade as the sender should be blocked by all means. Nonrepudiation is the ability of the system to prove that the message that was sent really belongs to a given sender, and therefore, the sender cannot be able to deny sending a given message at a later time. The system should also have the ability to secure a communication session from any external intrusion as well as attacks that cause denial of service attacks.
Cryptography can be described as the science and art of protecting any information that is being sent from the sender to the receiver from the individuals that are not desirable into a format that is unrecognizable to the attackers as it is being transmitted or stored. Encryption refers to the process of converting the plain readable data into a format that cannot be easily read by any intruder. Decryption is the process of changing the encrypted data into the original format that can be read by humans. There exists many encryption systems that are used today to secure the data that is being transmitted. One of such encryption systems is the Triple Data Encryption System. This system works by extending the size of the DES keys and applying the DES encryption system three times in succession but with three different keys, making it more secure against the brute force techniques that are used.
The security system that was used in the case of Alice, the scenario here first is from the authenticity of the message that the manager had produced claiming that it was sent by the customer. There is need therefore to determine whether or not the message originated from the sender who in this case is Alice. The encryption and decryption system that was used was also to be under scrutiny to verify that all the keys that were used. The system should also be checked for nonrepudiation in order to ascertain that Alice was the one who sent the message only to deny it later. Once the correct source of the message is determined, it will be easier for the court to better determine the person who will be guilty.
If the Super Secure Bank decides to have the 3 DES system after such an attack has happened, the first thing that the bank will do together with Alice is enter an agreement to seal the loop hole and calm controversy. At first, the bank will be liable for failing to ensure that the funds that are saved in bank account held in their bank are secure.
This is to ensure that the other customers of the bank do not get into such trap. On the other hand, such information when put in public domain will add up to a bigger issue that will prove difficult to manage and can lead to the loss of customers as well as putting off the potential customers. Another core issue that can arise from the controversy arising will include lack of trust from the customers as they will be very cautious especially when they are banking with the institution.
The Triple Data Encryption Service (3DES), is a cryptographic system that uses the cipher algorithm on a data block three times, whereas the Advanced Encryption Standard system of encoding deals with the use of substitution and permutation network to encrypt data. 3DES is a technology that relies on the earlier technology and does have a weakness.
This weakness is the susceptibility of the system to a certain type of text that is plain as well as the known plain text attacks that can easily beat the security of the 3DES system. The AES on the other side uses various encryption key lengths, which include 128, 192 and 256 bits respectively. Whereas the 3DES system just relies on the 56 bits that are well defined by the DES standard.
The 3DES system uses a block length of 64 bits whereas the AES system relies on 128 bits. The use of the 3DES technology has a weakness in that it requires that the keys be changed after every 32GB of data being transferred in order to minimize any possibility of a leakage occurring. The AES system has an extra security feature that allows it to even sniff the data that leaks while it is being transmitted from the sender to the receiver especially with the identical blocks.
The AES system is better when it comes to securing data that is being transferred from one host to another as it has a capability of even sniffing the leaked data. According to the case of Alice, such a system could have been used to know whether Alice or Bob the manager was the source of the information that led to the transfer of $1,000,000.
By knowing the real owner of the text, it will be easy to detect any unusual behavior in the communication systems. The encryption system that is in place currently is not a good one as it was not able to detect the malpractice. Making it vulnerable to any attacks that can be directed to the online transaction of the bank. A good system should have been able to have some way of reporting any right or wrong doing with regards to the money that was transferred from the client’s account by a senior employee.
The senior board of directors will therefore be serious on the policies on security of all the data and information about the clients in the bank in order to avoid a scenario which can be costly to the bank. They should also provide training to their employees on the ethical values of professionalism. The customers will also be advised to keep their bank details confidential in order to avoid any unwanted access to one’s account. A good security system will ensure that any unwanted intrusion is kept away from the information and data.
A.A.Zaidan, B.B.Zaidan, Anas Majeed, (2010). “High Securing Cover-File of Hidden Data
Using Statistical Technique and AES Encryption Algorithm”, World Academy of Science Engineering and Technology (WASET), Vol.54.
A.Nath, S.Ghosh, M.A.Mallik, (2010). “Symmetric key cryptography using random key
generator” Proceedings of International conference on SAM-2010 held at Las Vegas(USA) 12-15 July, , Vol-2,P-239-244.
Dr. V. Kamakoti, G. Ananth and U.S. Karthikeyan, (2005).”Cryptographic Algorithm Using a
Multi-Board FPGA Architecture”, Nios II Embedded Processor Design Contest—Outstanding Designs
Dr. S. Muhammad Siddique and Muhammad Amir “GSM Security Issues and Challenges”
Proceedings of the Seventh ACIS International Conference on Software Engineering,
- Stinson. (2012). “Cryptography: Theory and Practice”, Chapman and Hall: CRC,
- Schaffer, A. Glaser, & P. D. Franzon, (2014).”Chip-Package Co-Implementation of a Triple
DES Processor”, IEEE Transactions on Advanced Packaging, Vol. 27,(1).
- Hoornaert, J. Goubert, and Y. Desmedt, “Efficient hardware implementation of the DES,” in
Proc. Adv. Cryptol. (CRYPTO’84), 2011 pp. 147–173.