Data communications and networks

Data communications and networks

Name:

Number:

Course:

Lecturer:

Table of Contents

TOC o “1-3” h z u 1.0 Introduction PAGEREF _Toc377361632 h 32.0 Background PAGEREF _Toc377361633 h 33.0 Possible findings from the facts presented PAGEREF _Toc377361634 h 33.1 Vulnerability analysis of 3DES cryptographic system PAGEREF _Toc377361635 h 43.2 Transaction authorization by the bank customer PAGEREF _Toc377361636 h 54.0 What SSB and Alice could have done to protect against this controversy from arising PAGEREF _Toc377361637 h 65.0 The case of using AES rather than 3DES by SSB PAGEREF _Toc377361638 h 6References PAGEREF _Toc377361639 h 7

1.0 IntroductionThe communication of sensitive data such as bank financial information from source to destination without any interception or any attack at any point of communication network calls for incorporation of security measures. One security measure involves the use of data encryption for messages. Cryptography is one way of ensuring the security of sensitive data to be transmitted across communication network via encryption and decryption of messages. Cryptography is the science and art of changing messages to make them secure and immune to attack (Singh & Supriya, 2013).

2.0 BackgroundSuper Secure Bank uses Triple Data Encryption Standard (3DES) for security of communicated messages regarding bank transactions. However, the security of 3DES became questionable when Alice, one of the bank customers received a statement showing that money equivalent to one million dollars was debited from her account by Bob, the bank manager. The 3DES security system used by the bank became even more questionable when Bob, the manager produced a properly encrypted message from Alice, showing that the transaction was authorized by Alice. Alice, the bank customer termed the produced message as forged and resolved to file a suit against Bob, Super Secure bank and the government of Cayman Islands. It is as a result of this scenario that this paper attempts to analyze the 3DES security cryptographic system used by the bank in terms of facts presented concerning whether Alice had an intention of giving a gift to Bob. The paper also addresses how this security controversy could have been tackled while maintaining the use of 3DES.

3.0 Possible findings from the facts presentedIn this case, the facts are presented both by Alice and Bob. Bob, the bank manager has also accepted that he was responsible for the account debiting. Nevertheless, he insists that he got the authority from Alice, the account holder, acclaim which Alice denied. The possible findings in this case will include any existing weakness or vulnerability threat with the current 3DES cryptographic system used by the bank. Another finding is whether it is true that Alice authorized the transaction.

3.1 Vulnerability analysis of 3DES cryptographic system3DES is the common name for the Triple data Encryption Algorithm (TDEA), also called triple DEA symmetric key block cipher. It is a security system that was developed from Data Encryption Standard (DES). DES had lower performance as compared to the algorithm in DES. Therefore, 3DES was developed with the main aim of tackling the apparent flaws in DES without designing an entire fresh cryptosystem. DES used 56 bit key and thus 3DES simply extends the key size of DES by three times of algorithm application in sequence. With different keys. The combined key size is thus 168(3×56). This makes 3DES more secure due to longer length of key that increases the number of different key combinations that the attacker should employ in order to get the right of entry into the system. In this case, the attack becomes harder when there are many different combinations of keys to be used due to longer key length. DES security system was sufficient at the time it was developed. But the availability of enhanced power of computation made brute-force attacks feasible. Because of this Triple DES (3DES) was introduced which offers relatively simple approach of increasing the size of the key for the DES security against attack, without the need of design a completely fresh block cipher algorithm. Nonetheless, 3DES is quite slow though regarded as sufficiently safe (Singh & Supriya, 2013, Khan & Deshmukh, 2014).

The 3DES also exists in two types. These types include 168 key bits and 112 key bits for the data to be encrypted and decrypted. The type with 168 bits was known to have an attack that had an effect of reducing its effective size of key to 112 bits. The type with 112 bits is vulnerable to various attacks, providing it with key size of 80 bits (Thomas, 2014). In addition, other possibilities of attack include substitution attacks which replace safe system implementation with backdoor system. The attacker can also target both hardware and software in this case. Others include leaked key data, leaked sensitive data, flawed application interface usage and others (Schneier et al., 2015). All these possibilities when combined with the fact that advanced computation also makes such security system feasible to the attackers, it implies that there is at least away in which an attacker can get the right of entry into the system without the permission of the account holder. The major finding therefore in this case is that 3DES is not fully immune to attack especially with continuous advancement of computation.

3.2 Transaction authorization by the bank customerThe complete bank transaction using security system in the transfer of funds will involve the use of account holder password at some point. In the user authentication bypass, the attacker can modify the system code that defines the 3DES algorithm. When this happens, then the potential attacker(s) can easily get access into the system and transfer funds. This can probably be even easier when carried out by a banker like Bob who is a bank manager. In case a transaction is carried out in such a way that there is authentication bypass, and then it can be one proof that the transaction was conducted by a criminal attacker other the bank customer.

4.0 What SSB and Alice could have done to protect against this controversy from arisingFirst, the Super Secure Bank and Alice could have agreed to reverse the transaction in order to credit the account of Alice by the same amount of debit. Second is to carry out an investigation within the communication network on how the funds were transferred electronically. If no proof is found on her participation in the transaction, then the bank should discipline Bob who is the manager. This will also mean that surely there is some vulnerability with the 3DES cryptography system used by the SSB bank. As a result, the SS bank can a sure Alice on the enhancement of security on 3DES by increasing the key length for encryption and decryption of transaction data in future. Third is that since this is security system, the bank can decide on the redesign of 3DES cryptographic system with an aim of closing the security gaps that may exist due to the effect of advanced technology in computation that makes it simpler for the attacker to bypass the authentication.

In the case where Bob is found to be innocent, meaning that Alice indeed authorized the transaction, then SSB bank and Alice could choose to resolve the matter on their own way outside the court. This approach could be used if the aim of the stakeholders in this case is just to protect the controversy from arising. As a result, the bank can comfortably continue to use 3DES system given that the controversy could have been prevented from leaking outside the bank which could discourage other customers.

5.0 The case of using AES rather than 3DES by SSBIf the controversy arisen because of flaws in the 3DES system, then the use of advanced encryption system (AES) could have reduced the controversy with high level of probability. This is because advanced encryption system has longer key length. This gives AES several combinations of keys which the attacker will have to use if he/she is to get in to the system. In fact, this is the reason as to why AES has better performance as compared to DES (Thakur & Kumar, 2011).

AES can be used to secure key data such as monetary bank transactions as well as hard drive contents. Unlike DES, it can encrypt data blocks of 128 bits by means of symmetric keys 128, 192 or 256. However, brute force attack is the only one known against AES. It also out performs DES and other algorithms in a number of processes requested in every second in various user loads. This out performance can also be described in terms of response time in a variety of circumstances for user loads. It also permits the change of key size which brings about clear change within the battery and consumption of time. Therefore, considering various performance metrics such as encryption time, decryption time, memory utilization, CPU process and throughput, the AES performance outweighs that of DES. This also implies that its algorithm performs better as compared to DES considering unauthorized attack alongside speed. It thus offers safe encryption of sensitive but unclassified information (Barry, 2015, Thomas, 2014, Thakur & Kumar, 2011).

ReferencesSingh, G., & Supriya, A. (2013). A Study of Encryption Algorithms (RSA, DES, 3DES and AES) for Information Security. International Journal of Computer Applications, 67(19), 33-38.

Khan, M. S. S., &Deshmukh, M. S. S. (2014).Security in Cloud Computing Using Cryptographic Algorithms.

Schneier, B., Fredrikson, M., Kohno, T., & Ristenpart, T. (2015). Surreptitiously Weakening Cryptographic Systems.

Thakur, J., & Kumar, N. (2011). DES, AES and Blowfish: Symmetric key cryptography algorithms simulation based performance analysis. International journal of emerging technology and advanced engineering, 1(2), 6-12.

Thomas Pornin.(2014). What is the meaning of key size and why is the size important?. Retrieved on 4th/ 03/2015, from

http://www.security.stackexchange.com/users/655/thormas-pornin.

Barry K. Shelton.(2015). Introduction to Cryptography. Retrieved on 4th/ 03/2012, from http://www.infosectoday.com/Articles/Intro_to_Cryptography/Introduction_Encryption_Algorithms.htm