Prepare a short research paper of approximately 1300-1500 words, double-spaced, exclusive of cover, title page, and table of contents, endnotes and bibliography.
Your paper must use APA formatting with the exception that tables and figures can be inserted at the appropriate location rather than added at the end.
If you are unable to virus check your document, please submit as an rtf file rather than as a doc file. Please do not use macros in your document.
Scenario:
Sandra, a high net worth customer, banks on-line at Megagargantuan Bank and Trust (MBT) and has agreed to use 3DES (also known as Triple DES) in communicating with MBT. One day, Sandra received a statement showing a debit of $1,000,000 from her account. On inquiring, she was told that the bank manager, Janet, transferred the money out of Sandra's account and into an account of her own in an offshore bank. When reached via long distance in the Cayman Islands, Janet produced a message from Sandra, properly encrypted with the agreed upon DES keys, saying:
"Thanks for your many years of fine service, Janet. Please transfer $1,000,000 from my account to yours as a token of my esteem and appreciation. Signed, Sandra."
Sandra filed suit against Janet, MBT and the government of the Cayman Islands, claiming that the message was a forgery, sent by Janet herself and asking for triple damages for pain and suffering. MBT filed a countersuit against Sandra, claiming that all procedures were followed properly and that Sandra is filing a nuisance suit.
You have been employed by MBT as a cryptographic expert and consultant to investigate, give recommendations based on your findings including how to proceed with the suit and to produce a report for the MBT Board of Directors, which will provide basis for them in determining how to proceed in this matter.
Your report to the Board of Directors should address but not limited to the following issues:
- From the facts as presented, what can be determined about whether Sandra intended to make Janet a gift of $1,000,000? What are the critical points in determining intention of Sandra? How did the points help you in forming your conclusion about the intention of Sandra?
- What is the significance of Cayman Island? Does it affect your decision?
- Assuming MBT wishes to continue using only 3DES as its cryptographic system, what advice would you give to MBT and the customer or what could MBT and Sandra have done to protect against this controversy arising?
- Would this controversy have arisen if MBT had been using AES rather than 3DES?
- What is a plausible explanation of what may have happened in this case?
Your report should clearly address these issues, with sufficient detail and background to allow the "cryptographically challenged" Board of Directors to understand the issues involved and recommendation to formulate plans for how to approach the immediate issue with Sandra, and to continue business in the future.
Assuming MBT wishes to continue using 3DES as its cryptographic system, explain what MBT and Sandra could have done to protect against this controversy arising.