Results 1 to 4 of 4

Thread: RSA= Dig Sigs and Env but what about 3DES

  1. #1
    Junior Member
    Join Date
    Oct 2004
    Posts
    2

    Need some help w/3DES

    I am hard for time here and having trouble running down info to google and avenues to explore. I am doing a report on a scenario in which 3DES was used to encryt a message to which a buisness transaction was used.


    Long story but the the part I am working on now explores possible ways to ensure that future emails are more assured to be coming from a particular person.


    I know that RSA has digital signatures and envelopes and have read a little about that but does 3DES have anything similiar to this? I know the those both work because the use the public key of a public/private set and 3DES only uses a single key to both encrypt and decrypt but are there authenticaion methods available to those who use 3DES to be assured that the message came from the person the message says its from.


    Sorry for the typos but was in a rush.


    CaseStudy

  2. #2
    No, 3DES cannot be used to provide any assurances that the message came from a specific individual. 3DES can only assure--to an extent--the content of a message. And, to be honest, RSA only provides a reasonable assurance of non-repudiation (originator cannot deny) of a message. Digital signatures (in a simplistic explaination) depend on a secret key to create the shared key, used to decrypt. That provides the reasonable non-repudiation.

  3. #3
    Junior Member
    Join Date
    Oct 2004
    Posts
    2
    Okay, so here is the situation. I have a paper due in a few hours and I need help with the first section.
    Due Tuesday, October 5, 2004, by 11:59 pm (Eastern)

    Prepare a short research paper of approximately five (5) pages, double-spaced, exclusive of cover, title page, table of contents, endnotes and bibliography. Your paper must use APA formatting with the exception that tables and figures can be inserted at the appropriate location rather than added at the end. Submit the paper in your assignment folder as a Word attachment with the following file name:

    YourlastnameMBT.doc
    (For example, my submission file would be called MadisonMBT.doc)

    If you are unable to virus check your document, please submit as an rtf file rather than as a doc file. Please do not use macros in your document.

    Scenario:

    Sandra, a high net worth customer, banks on-line at Megagargantuan Bank and Trust (MBT) and has agreed to use 3DES in communicating with MBT. One day, Sandra received a statement showing a debit of $1,000,000 from her account. On inquiring, she was told that the bank manager, Janet, transferred the money out of Sandra’s account and into an account of her own in an offshore bank. When reached via long distance in the Cayman Islands, Janet produced a message from Sandra, properly encrypted with the agreed upon DES keys, saying: “Thanks for your many years of fine service, Janet. Please transfer $1,000,000 from my account to yours as a token of my esteem and appreciation. Signed, Sandra.”

    Sandra filed suit against Janet, MBT and the government of the Cayman Islands, claiming that the message was a forgery, sent by Janet herself and asking for triple damages for pain and suffering. MBT filed a countersuit against Sandra, claiming that all procedures were followed properly and that Sandra is filing a nuisance suit. You are called in as an expert witness on the cryptographic issues of the case.

    Explain to the Court:

    What can be determined from the facts as presented about whether Sandra intended to make Janet a gift of $1,000,000.

    Assuming MBT wishes to continue using 3DES as its cryptographic system, explain what MBT and Sandra could have done to protect against this controversy arising.
    This is the assignment. I need help with figuring out what to say about the scenario. I figured after explaining teh scenario a little I would go from a detailed explaination of 3DES to a little on nonrepudation to some info on RSA (public/private keys).

    Can anyone help me explain the scenario a little ?

    What can be determined from the facts as presented about whether Sandra intended to make Janet a gift of $1,000,000.
    That is what I am referring to. Any other comments would be more than welcome.


    Case

  4. #4
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Looking at the time you had left this may or may not be any help.

    What you are mentioning could be a “Man-in-the-Middle Attack. It was only a theoretic possibility, but sufficiently convincing for everyone to stop using 2X DES, or possibly a “Play-it-Again” Attack commonly known as a “Replay”. Either way obviously Janet got the keys to the kingdom. If it was a Man in the Middle, what she did was to create a fake key pair and intercept the real keys then send the fake to Sandra. Janet having the real key pair obviously could change, decrypt, and then encrypt again all information communicated between Sandra and the bank. If it was a “Play-it-Again” or “Replay”, Janet took the encrypted information modified it and played it at another time.

    Your job will be to prove that Janet intercepted the key pair. You will need to touch on symmetric keys and also asymmetric keys and the difference between a secure medium(channel) and a trusted one. Using a trusted method to communicate the keys would have prevented Janet from acquiring the keys.

    And to add credit to your story, find out when the key pair was made and whether there were changes later.

    cheerios
    Connection refused, try again later.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •