1. Alice, a high net worth customer, she banks online at Super Secure Bank (SSB) and has agreed to use 3DES in communicating with SSB.
2. One day, Alice received a statement that shows a debit of $1,000,000 from her account. On inquiring, she was told that the bank manager,Bob, transferred the money out of Alice's account and into an account of his own in an offshore bank.
3. When reached via email in the Cayman Islands, Bob produced a message from Alice, properly encrypted with the agreed upon 3DES keys, saying: "Thanks for your many years of fine service, Bob. Please transfer $1,000,000 from my account to yours as a token of my esteem and appreciation. Signed, Alice."
4. Alice filed suit against Bob, SSB and the government of the Cayman Islands, claiming that the message was a forgery, sent by Bob himself and asking for triple damages for pain and suffering.
5. Bob has responded by claiming that all procedures were followed properly and that Alice is filing a nuisance suit.
Your Role: Informed that you have completed an Information Assurance Masters Degree at the University of Maryland University College, the SSB employed you as a cryptographic expert to lead the investigation of this matter, and produce a report for the SSB Board of Directors, which will assist them in determining how to proceed in this matter. Your professional fee for this service will be $25,000.
Your Report: This document to the Board of Directors should address the following issues:
a. What can be determined from the facts as presented about whether Alice intended to make Bob a gift of $1,000,000?
b. What are the critical points in determining intention for Alice.
c. What is the significance of the Cayman Islands?
d. Assuming SSB wishes to continue using only 3DES as its cryptographic system, what could SSB and Alice have done to protect against this controversy arising?
e. Would this controversy have arisen if SSB had been using AES rather than 3DES?
Your report should clearly address these issues, with sufficient detail and background to allow the cryptographically challenged Board of Directors to understand the issues involved and formulate plans for how to approach the immediate issue with Alice, and to continue business in the future, assuming that they want to continue using 3DES.