Triple Data Encryption Standards (3DES)
Carl, a high net worth customer, banks on-line at Last Honest Bank (LHB) and has agreed to use 3DES in communicating with LHB. One day, Carl received a statement that shows a debit of $5,000,000 from his account. On inquiring, he was told that the bank manager, Lucy, transferred the money out of Carl's account and into an account of her own in an offshore bank. When reached via long distance in the Cayman Islands, Lucy produced a message from Carl, properly encrypted with the agreed upon 3DES keys, saying: "Thanks for your many years of fine service, Lucy. Please transfer $5,000,000 from my account to yours as a token of my esteem and appreciation. Signed, Carl."

Matthew files a suit against Nancy, LHB and the government of the Cayman Islands, claiming that the message was a forgery, sent by Lucy herself and asking for triple damages for pain 8 suffering.  Lucy has responded by claiming that all procedures were followed properly and that Carl is filing a nuisance suit.

You have been employed by LHB as a cryptographic expert to investigate, give recommendations based on your findings including how to proceed with the suit and to produce a report for the FHB Board of Directors, which will provide basis for them in determining how to proceed in this matter.

Your report to the Board of Directors should address but not limited to the following issues:

·         From the facts as presented, what can be determined about whether Carl intended to make Lucy a gift of $5000,000? What are the critical points in determining intention of Carl? How did they help you in forming your conclusion about the intention of Matthew?

·         What is the significance of Cayman Island? Does it affect your decision?

·         Assuming LHB wishes to continue using only 3DES as its cryptographic system, what advice would you give to LHB and the customer Or what could LHB and Carl have done to protect against this controversy arising?

·         Would this controversy have arisen if LHB had been using AES rather than 3DES?

 

Your report should clearly address these issues, with sufficient detail and background to allow the "cryptographically challenged" Board of Directors to understand the issues involved and formulate plans for how to approach the immediate issue with Carl, and to continue business in the future, assuming that they want to continue using 3DES.