Research on Andrea File Suit

Question :

Andrea, a high net worth customer, banks on-line at AlaskaNational Bank (ANB) and has agreed to use 3DES in communicating with ANB. One day, Andrea received a statement that shows a debit of $1,200,000 from her account. On inquiring, she was told that the bank manager, Brandon, transferred the money out of Andrea's account and into an account of his own in an offshore bank, Cayman Island. When reached via long distance in the Cayman Islands, Brandon produced a message from Andrea, properly encrypted with the agreed upon 3DES encryption, saying: "Thanks for your many years of fine service, Brandon. Please transfer $1,200,000 from my account to yours as a token of my esteem and appreciation. Signed, Andrea."

Andrea filed suit against Brandon, ANB and the government of the Cayman Islands, claiming that the message was a forgery, sent by Brandon himself and asking for triple damages for pain and suffering.  Brandon has responded by claiming that all procedures were followed properly and that Andrea is filing a nuisance suit. You have been employed by ANB as consultant to assist in the investigation of this matter, and will produce a report for the ANB Board of Directors, which will assist them in determining how to proceed in this matter.

Answer :

INTRODUCTION 

In today’s world, privacy and security of data are essential so to attain it Cryptography can be used. Based on the security issues the algorithms and encryption techniques developed in cryptography can be applied. It can also be used in various applications for security reasons. Cryptography means providing various security techniques that are used for securing the communication from third party member. It consists of various designs such as ciphers, hash functions, encryption and decryption techniques for securing the information. Since technology has developed the threat has been increased. In this report, investigation of case filed by the Andrea and solution to handle the situation is discussed (Alanazi, et al, 2010).

CRYPTOGRAPHIC CHALLENGES

The following challenges are involved when cryptography is involved in security and privacy;

•  Data security

•  Data retention

•  Mult-tendency

•  Auditing 

•  Enabling trust

ISSUES 

In a working environment, the security issue arises with the use of software policies. If the software policies licenses get expired then the intruder can easily attack the system so all the software should be updated. 

BACKGROUND 

Andrea who owns high assets has been a customer to the Alaska National Bank (ANB). While accepting the banking services she has agreed to 3DES for secure communication that is provided by the bank.  One fine day, Message is received to Andrea that is the debit amount of $1,200,000 is successfully transacted. But it was not done by her so she informed the bank manager. From Andrea’s account, Brandon has transferred the money to his own account which is in offshore bank at Cayman Island. While receiving the amount from Cayman Island, Brandon gives a message that is as created by Andrea using the 3DES encryption. Andrea filed the case against Brandon, Government of Cayman Islands and Alaska National Bank that the message shown by Brandon was forgery. The message was generated by Brandon so Andrea was asking to pay the triple time penalty for her pain and suffer. For the case filed by Andrea, Brandon has responded that it was a nuisance case and he had done the payment procedure properly. As an employee of ANB, it is my duty to assist this case and to generate a report to submit to the ANB board of Directors. 

DETERMINING THE FACTS

If Andrea has gifted to Brandon then she should not have worried about the money that has been transacted. But she has informed the bank Manager once she has received the transaction message. One cannot simply file the case against Bank, Cayman Island Government until there is strong evidence. Also Gifting $1,200,000 to someone is not an easy thing. Incase if Andrea wants to gift she should have given directly via Cheque or RTGS. So it is confirmed that Brandon has done some forgery to steal the money from Andrea’s account since she is a high wealth customer. 

3DES

Cryptography algorithms are used for encrypting the information to establish secure communication. Encryption means converting the normal text into the secret text in order to achieve integrity.  In general there are two types of algorithm. They are symmetric and Asymmetric algorithm. In Symmetric type, only one key is involved where sender and receiver will have the same key. In Asymmetric type, the sender will have one key and the receiver will have one key where one is public key and one is secret key. Sender and the receiver will have the public key and another key has been kept secret. Some of the symmetric key algorithms are AES, DES, Triple DES, etc and asymmetric key algorithms are RSA, Diffie- Hellman, etc. The difference between both the keys is their way of usage (Hussein, et al, 2016).

Among all the symmetric key encryption, the ANB has used 3DES for secure communication. 

Triple DES is executed by the considering Block cipher, Block length and key length.

•  Block cipher is done using the symmetric secret key

•  The length of the block is 64 bits.

•  The length of the key is 56 or 168 bits.

3DES is an enhancement of the DES since DES uses 56-bit key. 3DES is used for secure communication where it can be used during the Man-In-The-Middle attack. It is 3times slowly processed when compared to DES but it is very secure if it is properly implemented. The decryption procedure is similar to the encryption but it is executed in a reverse procedure. In terms of DES the encryption and decryption of data are done with 64 bits. The input key that is considered is 64bits where the original key is 56 bits. The right-most bit in every byte is considered to be the parity bit. They are ignored so only 7 bits are considered which results in a key length of 56bits. So the key length of 3Des is 168 bits and there are three keys which also contains parity bits that are ignored for encryption method (Karthik & Muruganandam, 2014). 

The advantage of 3DES is its key length where it is the longest key that other keys do not have. At first it was replaced by Advanced Encryption Standard (AES) and then with 3 DES. It involves 3 subkeys and key padding whenever necessary. Due to these advantages ANB has wished to use 3DES when selecting the secure algorithmic techniques (Karthik & Muruganandam, 2014). 

The following protections should be done by Andrea to secure the account

•  Keep strong password for ATM and online banking

•  Don’t provide sensitive information saying if any call receives from the bank

•  Don’t’ reply to the mails that are received from the bank name. 

•  Set a verbal password for all the account

•  Set up an alert in case of any issue

•  Limits the account balance in the same bank.

The following protections should be done by the ANB to secure the customer’s account

•  Provide secure authentication with strong two-factor authentication

•  Provide OTP to the customer's mobile number to authenticate the transaction

•  Use strong password setup by including characters, number and capital letters

•  Don’t authenticate the transaction until the customer is directly involved in it

CONTROVERSY

Definitely, the controversy will arise with the usage of the cryptographic algorithms. AES is an advancement of 3DES. It has been implemented in the year 2000. Its procedure is similar to the RSA method where time and cost is involved in it. The total number of bits used in AES is 128, 192 or 256 bits. In case of 3DES it has only key length of 56 bits but it takes more time to compute the process. So in case of AES it will take very long time and cost so that the attacker will easily find out the key. 

Suppose if an attacker tries to find out the key, they can search 1 billion keys per second in the year 2004. With this assumption the attacker wants to find all the possible keys it will take 

10 000 000 000 000 000 000 000 years. In the case of military applications the security required is for few hours or few days so they can use AES. It is very important to use by considering time and cost so for financial system AES could not be used.  ANB has made the correct decision to use 3DES for securing communication (Alanazi, et al, 2010) . 

It is necessary to consider the case filed by Andrea because this should not be continued or repeated to the other users. Attackers will try to find many ways to hack the system but it is the duty of the management to update the software used in the system to avoid unnecessary attacks and to involve in such issues. 

CRITICAL ISSUES 

 In this scenario, Andrea’s transaction amount has to be returned by the ANB so the case has to be handled and to find how the transaction has occurred without the interruption of Andrea. Since a message is shown with the sign of Andrea when Brandon receives the amount there should be an attention towards this action. The transaction made by Andrea should be investigated and also how Brandon is related to Andrea should be investigated. 

CONCLUSION 

Due to the high wealth customer, ANB has accepted Andrea as a customer where they should have made some serious authentication mechanism. By trusting the 3DES encryption techniques Andrea has deposited more money. Due to the slower process methods, the hacker has attacked the Andrea account and made the transaction as a gift of her. So Brandon has well planned to cheat Andrea’s money. So it is necessary to investigate and return back the money to Andrea and to create a secure authentication mechanism i.e two-way authentication mechanism or three-way authentication mechanism. In order to provide more secure, ensure the transaction with the customer's confirmation by sending One Time Password to the user’s mobile number and then initiate the transaction. 

REFERENCES 

Karthik, S., & Muruganandam, A. (2014). Data Encryption and Decryption by using Triple DES and performance analysis of crypto system. International Journal of Scientific Engineering and Research, 2(11), 24-31.

Alanazi, H., Zaidan, B. B., Zaidan, A. A., Jalab, H. A., Shabbir, M., & Al-Nabhani, Y. (2010). New comparative study between DES, 3DES and AES within nine factors. arXiv preprint arXiv:1003.4085.

Hussein, N. H., Khalid, A., & Khanfar, K. (2016). A survey of cryptography cloud storage techniques. Int J Comput Sci Mobile Comput, 5(2), 186-191.