Question

Alice, a high net worth customer, banks on-line at Super Secure Bank (SSB) and has agreed to use 3DES in communicating with SSB. One day, Alice received a statement that shows a debit of $1,000,000 from her account. On inquiring, she was told that the bank manager, Bob, transferred the money out of Alice's account and into an account of his own in an offshore bank. When reached via long distance in the Cayman Islands, Bob produced a message from Alice, properly encrypted with the agreed upon 3DES keys, saying: "Thanks for your many years of fine service, Bob. Please transfer $1,000,000 from my account to yours as a token of my esteem and appreciation. Signed, Alice."

Alice filed suit against Bob, SSB and the government of the Cayman Islands, claiming that the message was a forgery, sent by Bob himself and asking for triple damages for pain and suffering. Bob has responded by claiming that all procedures were followed properly and that Alice is filing a nuisance suit. You have been employed by SSB as a cryptographic expert to assist in the investigation of this matter, and will produce a report for the SSB Board of Directors, which will assist them in determining how to proceed in this matter.

Question-

Assuming SSB wishes to continue using only 3DES as its cryptographic system, what could SSB and Alice have done to protect against this controversy arising?

Answer 1

As above paragraph it is not seen that both has good relation between them It can be claim that its all bob fault due to suit against bob.There can many scenario occurs in modern banking system.

3DES uses 3 layer of symmetric key-block cipher which applies the DES cipher in triplicate by encrypting with the first key (k1), decrypting with the second key (k2), and encrypting with the third key (k3). A two-key variant also exists, where k1 and k3 are the same. each of 56bits key of three as it uses symmetric key it uses same key for encrytion and decrytion

problem is that for exchange of key if reciver want to decryt the message it should hava the key .

if any one want to encryt and decryt it can be done with the key as bob has done by sending and reciving of message by single key.

it can be avoided by using public and private key as follows

sender will encryt the message with public key of reciver

reciver will decryt the message with its private key

if reciver send message to sender

reciver encryt the message with public key of sender

sender encryt the message with its public key

it is more secure and avoid exchange of key.

Also can use Aes descrytion crytography as it has different bits of key start from 128 bits

as more no bits of key more secure in this way it incease security .