Information Security And Biometrics: Essay Q&A.

Automated Teller Machine (ATM) Security Requirements

1.Automated Teller Machines (ATM) are designed so that users will provide a personal identification number (PIN) and a card to access their bank accounts. Give examples of confidentiality, integrity and availability requirements associated in such a system and describe the degree of importance for each requirement.

2.A thief broke into an Automated Teller Machine (ATM) using a screwdriver and was able to jam the card reader as well as breaking five keys from the keypad. The thief had to halt the process of break-in and hide, as a customer approached to use the ATM. The customer was able to successfully enter their ATM card, punch in the 4 digit PIN and was able to draw out some cash. Since the card reader was jammed, the customer was however not able to withdraw the ATM card, and drove off to seek some help. In the meantime, the thief came back and decided to try to discover the customer’s PIN so that he can steal money from the customer. You are required to calculate the maximum number of PINs that the thief may have to enter before correctly discovering the customer’s PIN?

3.Thinking about bio-metric authentication, list three reasons why people may be reluctant to use bio-metrics. Describe various ways of how to counter those objections.

4.In bio-metric authentication, false positive and false negative rates can be tuned according to the requirement, and they are often complementary i.e. raising one lowers the other. Describe two circumstances where false negatives are significantly more serious than false positives.

5.Transposition is one known method of encrypting the text. What can be one way that a piece of cipher text can be determined quickly if it was likely a result of a transposition? Utilising some of the decryption techniques (substitution and others) covered in the subject so far, you are required to decipher (find the plain text) the cipher text that will be provided to you closer to the assessment due date via the subject site. In order to present your solution, you need to demonstrate and explain the steps taken to decipher this text.     The text for this question is given below here.

1.CIA triad can be considered nothing but a guide, which can be used for taking the security measures related to the information. Information security can be directly be related to the concept of how the different security measures can be implemented with the concept of the data. In this scenario, the privacy aspect is related to the confidentiality taking into consideration the PIN number (Haque, Nasrollahi & Moeslund, 2015). The concept of PIN number is that it is a set of number, which can be used for the personal identification, which can be used for the purpose of transaction. The main aim of the aspect is the safeguard the data from any type of intrusion so that it can be saved in a secured manner. Safeguarding the data can sometimes require special type of training. Data encryption can be considered one of the technology, which can be used which can be implemented to keep the data safe.

Calculating the Maximum Number of PINs a Thief may Have to Enter

2.The entire keyboard of the ATM machine consist of ten keys (0 to 9). In the scenario, it is seen that the thief has broken five keys and the keys, which are available to him, are five keys. The PIN number consist of combination of four numbers (Alsaadi, 2015). The concept, which is applied to the aspect in order to find out the number of tries, is the permutation and combination concept.

^5P₄ = 5! / (5-4)! = 5! /1! = 5*4*3*2*1/ 1 =120/1 =120.

From the above equation, it can be stated that the possible outcome is 120. According to the rules of the ATM security, a user can indulge into a maximum of three tries. After the third try, the card would be blocked. Therefore, the thief also has three tries to get the right PIN into the system.

3.In the technology, which is related to the biometric system, there are many advantage which can be received but on the other hand there are also different types of problem which can be encountered. Some of the example of the problem are stated below:

• One of the biggest problem, which can be seen in the technology, is the recognition of the person. It is sometimes seen that that a person is not recognized by the system as a result of which they are not given the permission of access. It can make life hectic when the concept is implemented into any organization.
• Another problem, which can be encountered, is that false detection of the individual. It can be seen that many a times the identification of another person is taken into account. In this aspect, a person can perform different types of unethical practices with the identification of another person.
• The biometric system usually stores the personal information of the user in such a case if an intruder gets into the system they would be able to get the personal information of the user and use it for their own personal. This can be directly harmful for the user (Haque, M. A., Nasrollahi & Moeslund, 2015). In most of the cases the security the machine would be the only factor which would be involved. It can be harmful from the point of view of the organization and the user as well.

There are certain steps, which can be included into the concept of the biometric such as multilayer authentication, which helps securing the identity of a person, and enhanced security measures, which would be securing the data of the user from intruders. There can be also personal attacks, which can be harmful from the point of view of the actual user (Alsaadi, 2015). The system should be always updated with the later software so that the security measures in the aspect can be dealt quite easily and would be involving the latest patch of the software security (Deokar, S. R Wakode, 2017).

4.The concept of false negative is a situation when the user is not recognized by the system. When the concept of biometric is implemented within a system and the user is not identified it can create different types of problem in the scenario. It can be very much problem if the user is not identified in a proper time framework. On the other hand the false positive aspect is when the identification is done but of some other individual. In this case, a person can indulge into some sort of unethical activity by using the name or identification of another person. On an organizational system it can have a bad impact on the overall working of the system and can result in the shutting down of the over infrastructure (Ali & Afzal, 2017).

5.

So, the decoded text for the cypher text for employees will increases the processor spee

References 

Ali, A., & Afzal, M. M. (2017). Database Security: Threats and Solutions. International Journal of Engineering Inventions, 6(2), 25-27.

Alsaadi, I. M. (2015). Physiological Biometric Authentication Systems, Advantages, Disadvantages And Future Development: A Review. International Journal Of Scientific & Technology Research, 4(8), 285-289.

Choi, H. S., Lee, B., & Yoon, S. (2016). Biometric authentication using noisy electrocardiograms acquired by mobile sensors. IEEE Access, 4, 1266-1273.

Deokar, S. R., & Wakode, J. S. (2017). Coal Mine Safety Monitoring and Alerting System.

Hadid, A., Evans, N., Marcel, S., & Fierrez, J. (2015). Biometrics systems under spoofing attack: an evaluation methodology and lessons learned. IEEE Signal Processing Magazine, 32(5), 20-30.

Haque, M. A., Nasrollahi, K., & Moeslund, T. B. (2015, June). Heartbeat signal from facial video for biometric recognition. In Scandinavian Conference on Image Analysis (pp. 165-174). Springer, Cham