Was Agnes’s gift to Bill intentional?
As a consultant of FNB, my conclusion is that Agnes did not intend to gift Bill with $1,000,000. 3 DES is known as a cryptographic cypher. DES is defined as a symmetric key block code, which means that a single key is used in encrypting and decrypting data in groups of fixed-length with bits known as blocks. It uses a logarithm that encodes data three times. It uses three keys which has a capacity of 64-bits rather than one which has a total length of 192 bits. The first encryption is done using the second key while the coded text that results is encrypted using a third key. Agnes was using 3DES in her transactions with First National Bank (FNB). In this case, 3DES was being used to verify and validate that the source of the message is genuinely who he/she claims to be. Bill for having worked with Agnes in several transactions, new all her personally identifiable information, and that is why he was able to forge the text. Today, cyber-crimes have increased where there the risk of unauthorized access has risen to all types of data. Don't use plagiarised sources.Get your custom essay just from $11/page
Symmetric encryption has some significant drawbacks, and the main one is what happened to our situation. It tends of every time the key is used; it leaks information. The information leaked in every transaction by Agnes could have been used by Bill to reconstruct the key. 3DES has a small block size of 64-bit, which is a fundamental weakness that it has. When 3DES is in operation, in every block of an understandable message, there is XORed which contains the previous cypher message before it was encrypted. Therefore when encrypting a lot of data, there is a chance that bill learnt XOR of the last two blocks of plain words. Bill might have encoded the natural language, or he had one known plaintext and used it to calculate the other. If in any case, Agnes made a payment to Bill, the government of Cayman needed to have contacted Agnes regarding the offshore account she is sending money. Shockingly, they didn’t, which means that money was paid on illegal grounds and not under her permission. Thus, Agnes never intended to make any payment to Bill, but instead, Bill stole from her.
What should Agnes and FNB do to protect a repeat of the same if FNB does not change from using 3DES only?
If FNB bank fails to change its operations from the use of 3DES only, they should come up with a key management system. So that a case where a key is never reconstructed, the FNB management should introduce the use of a critical hierarchy so that the encryption keys or master key are not misused. This will ensure there is an appropriate cycle of keys that are not used in the encryption of a lot of data. The bank together with Agnes should ensure that strategies used in key management are competent so that keys will not be traceable. It will also ensure that key-encryption, which is retired is not recoverable and that the data is potentially lost.
Agnes and the bank should introduce the standards used by ANSIX9-31. In these standards, a key should be bound to info recommending its usage. Also, key management should be added, which will indicate the list of users and the uses of the key. The management system should also show how the key should be used and when to use it. FNB should be more careful in managing encryption of large-scale symmetric. The management should use specialized software that will help them maintain an appropriate life-cycle for every key created. The bank should also not use manual control of keys, and they need to apply a specialized key and specialized software. Lastly, Agnes should use 3DES, which uses three different keys. This is because we do not have any single known attack which can break the security entirely to a point where it is feasible. This means that chances of collision are low, and it is secure against brute-force attack.
Would there be this controversy if FNB was not using 3DES but were using AES?
AES is defined as excellent inscription standards. It is cryptographically approved to safeguard electronic information or data. It is a block that is symmetrically divided to either encrypt or decrypt data. In encryption, it changes information into coded text while on the other hand, decryption changes coded version to message-form of data. AEs uniquely is geared towards the use of both software and hardware to protect digital data which is in various forms of information.
There would be no controversy if the bank were using AES as it is efficient in security procedure as it uses both software and hardware. This means that bill would have required a piece of equipment to complete the transaction which he could not have accessed as Agnes would have been the holder. Therefore even if Bill were having all the other information, it would have been impossible for him to complete the transaction. The second advantage of using AES over Des is that to keep data safe and preventing against hacking, it uses long-key sizes. For example, 256, 192, 128 bits for the resolves of encryption. Thirdly, AES has been proved to be secure compared to DES and is being used in an extensive range of application. For example, in financial transactions, e-businesses, encrypt data storage, wireless communication, among others. Therefore, it shows that AES has proved to be more secure and efficient than DES, and thus Agnes would not have lost her money to Bill if FNB was using AES.
AES has gained an excellent reputation and has been among the most used in financial and other institutions for commercial solutions globally. FNB would need to change and convert to AES as we can see it trusted in business transactions. In AES, no one can hack your personal information. Unlike in DES where Bill used the leaked information to reconstruct a key, AES do not leak any information no matter the number of times the key is used. Therefore, we should not do not have the controversy we have currently where the staff has stolen money by reconstructing a key. AES is an upgrade of DES and information which is personal and confidential cannot be hacked. Also, it has 128 bits, unlike DES which has 64 bits. This means that a lot of attempts are required for a person to break the code. As a result, it is almost impossible for any person to hack AES due to its safety protocols. Therefore if FNB bank had used AES, Bill would not have managed to hack Agnes’s information, and thus there would not have been any controversy.
Should FNB contest a suit?
FNB should contest the suit. This is because, during the time that Bill transferred the money from Agnes’s account to his, he was an employee of the bank. Therefore if they do not oppose the suit from Agnes, they will have to pay for the damages caused by their employee. According to Agnes, she wants to be paid triple of what she lost. This means that if FNB does not contest the lawsuit, they will have to pay her a sum of $3,000,000 which is approximately $ 1,000,000 when they share the cost with Bill and the government of Cayman. As a consultant of FBN, I would advise the board of directors of the bank to maximize their resources and make sure that Agnes drops the case, or they are cleared of charges by the court. The best course of action that FNB should take is that they should not plead guilty and should as much as possible. Let Bill be handled as an individual but not an employee of the company.
Critical Issues
One of the vital issues that arise from the DES controversy is why Agnes is suing the government of Cayman. The use of a bank outside your home country does not mean that the money is illegal. As a consultant, the reasons why Cayman issued by Agnes is because it failed to comply with the rule of reporting Bill’s information to the government of America. Additionally, they were not yet under any business treaty with the government of America and thus, the government of the Cayman Islands was not supposed to do business with Bill. Bill might have hidden the money in Cayman so that he would avoid tax, and therefore, the government of Cayman should be held responsible.
Another critical issue is that why should a big bank such as FNB be suck with DES instead of going to ASE? The management of FNB bank needs to come up with a decision of changing their method of encryption. A good business is supposed to encrypt data such as personally identifiable info, personal info, confidential commercial info, customer data, financial info, and development and research data. It is shocking why they are reluctant in taking all reasonable measures and ensure that this information is protected.