Security Risks in 3DES
Security Risks in 3DES
Facts about the Case
Based on the case involving Alice and Super Secure Bank’s manager, Bob, it is evident that the transfer of money to the bank manager was not under authorization as alleged. Accordingly, Alice had not sent any claim requiring Bob to take $1000000 from her account. Despite being a high-end customer, there is insufficient evidence to indicate Alice’s acceptance of the respective transfer. Alternately, the bank manager alleged that this particular customer sent him the money as a token of appreciation. However, this cannot be corroborated because the client herself refused to acknowledge it. In addition to the claim alleged by Bob, a message was provided which asserted that Alice did allow the transaction to take place. Nonetheless, in this respect, the message illustrated the security loopholes that came with the respective cryptographic system. The bank implemented the 3DES system as its overall cryptographic structure. This elucidates the encrypted message that Bob availed to Alice instructing him to take money from her account. From the facts though, Alice never intended to authorize the transaction of the said amount from her account to the bank manager. This situation, alternately, highlights the security risks evident within the 3DES system and the negative impact they impose on a client’s privacy as per their accounts.
Efforts to Secure Against Controversy
Due to the bank’s resolve to continue housing the 3DES system, certain measures could have been implemented by the bank and SSB to ensure that there is protection in relation to the controversy. Foremost, it would be imperative for Alice to ensure that proper encryption takes place via the bank in order to protect sensitive data such as information related to her bank account. Since the current state of the 3DES system proved to be insecure, it is imperative to ensure that the encrypted data does not surpass 32 gigabytes (GB) with a sole key (Forouzan, 2008). The reason for this is based on the data blocks that the 3DES utilizes. Consequently, the structure utilizes blocks of 64-bit. These are disadvantageous since they cause difficulties especially after the processing of 264/2 blocks (Boklan, 2009). Regarding this case, it is clear that 3DES is insecure, especially with the bank manager’s easy access to a customer’s account. However, ensuring that it is secure also requires eradicating or prohibiting the general unpublished backdoor issues. Simply, eliminating any instances of a backdoor access can assist in reinforcing the security of the system. This will restrict any unauthorized entry into an account without detection or restriction in the first place of the encryption.
Use of AES
If the AES system had been utilized in place of the 3DES, then the controversy would not have taken place. Foremost, the AES is a more secure system if compared to the 3DES. Accordingly, the respective system does not possess significant backdoor concerns, which establish security in terms of encryption for stored and sensitive data (Chow, Eisen, Johnson & Van, (2003). The AES can also dupe attackers of encrypted information based on the properties they possess. Interestingly, the user can take an encrypted record and store it within the inner side of a bigger encrypted file. Through this, the user can actually enable the attacker to peer at the outer side of the file and trick them into thinking that they have the entire file in possession (Laur, Talviste & Willemson, 2013). However, in real time, they do not have anything to use. Another beneficial aspect of the AES is based on its flexibility with hardware. Regarding 3DES, implementation within hardware is limited and difficult. However, with the AES, users can rapidly implement it within the hardware. Due to its flexibility, the AES system can perform faster within most computers. In addition to this, encryption with several algorithms can take place at a secured rate despite decrease in speed during the process.
Boklan, K. D. (2009). Large key sizes and the security of password-based cryptography. International Journal of Information Security and Privacy, 3(1), 65-72.
Chow, S., Eisen, P., Johnson, H., & Van, O. P. C. (2003). White-box cryptography and an AES implementation. Lecture Notes in Computer Science, (2595), 250-270.
Forouzan, B. A. (2008). Introduction to cryptography and network security. Boston, MA: McGraw-Hill Higher Education.
Laur, S., Talviste, R., & Willemson, J. (2013). From oblivious AES to efficient and secure database join in the multiparty setting. Lecture Notes in Computer Science, (7954), 84-101.