Confidentiality, Integrity, And Security In ATM Essay.

1.Automated Teller Machines (ATM) are designed so that users will provide a personal identification number (PIN) and a card to access their bank accounts. Give examples of confidentiality, integrity and availability requirements associated in such a system and describe the degree of importance for each requirement.

2.A thief broke into an Automated Teller Machine (ATM) using a screwdriver and was able to jam the card reader as well as breaking five keys from the keypad. The thief had to halt the process of break-in and hide, as a customer approached to use the ATM. The customer was able to successfully enter their ATM card, punch in the 4 digit PIN and was able to draw out some cash. Since the card reader was jammed, the customer was however not able to withdraw the ATM card, and drove off to seek some help. In the meantime, the thief came back and decided to try to discover the customer’s PIN so that he can steal money from the customer. You are required to calculate the maximum number of PINs that the thief may have to enter before correctly discovering the customer’s PIN?

3.Thinking about bio-metric authentication, list three reasons why people may be reluctant to use bio-metrics. Describe various ways of how to counter those objections.

4.In bio-metric authentication, false positive and false negative rates can be tuned according to the requirement, and they are often complementary i.e. raising one lowers the other. Describe two circumstances where false negatives are significantly more serious than false positives.

5.Transposition is one known method of encrypting the text. What can be one way that a piece of cipher text can be determined quickly if it was likely a result of a transposition? Utilising some of the decryption techniques (substitution and others) covered in the subject so far, you are required to decipher (find the plain text) the cipher text that will be proviced to you closer to the assessment due date via the subject site. In order to present your solution, you need to demonstrate and explain the steps taken to decipher this text. 

Importance of Secured Transmission Channel

Examples of confidentiality related to the ATM (Automated Teller Machines) are listed below;

As the PIN of the Customer is used by the banks information system and server, thus the transmission of data from the ATM to the server and Vice versa should be done through the secured transmission channel (Such as using SSL or secured socket layer).

As the it is possible for the network intruders to intercept the SSL channel, thus in order to secure the data of the user or the customers it is important to transmit the transaction data in an encrypted form.  

Degree of importance of Confidentiality

As the PIN works as a digital identity of a customer to the information system of the Banks, thus unsecured data transmission of data through an unsecured channel can lead to the compromise of the user data to the unintended users of hackers (Hajare et al., 2018).  Thus degree of importance is high.

Integrity

Integrity of the data is also important for the users to maintain the integrity in the complete life cycle of data transaction from the ATM to the server of the bank.

 Thus changes in the mid of the transmission of the data may lead to the financial loss of the customer.

As the financial transactions completed using the ATM reflects as well as impacts on the customer’s account thus the integrity of the data should be maintained and checked.

Availability

As the ATM is required by the customers in order to get their required money at anytime from anywhere. Therefore, as a part of the information system component it should have minimal downtime.  

2.As the thief had managed to break 5 of the total 10 keys on the key pad of the ATM, thus it is evident that the customer used the remaining five keys to enter his/her PIN to the ATM. Therefor the thief now has to try to get the 4 Digit PIN from the remaining 5 keys on the board.

 Thus the chances for the thief to get the correct PIN of the Customer will be given by,

          ^5P₄ = 5! / (5-4)! =120 times.

3.For the biometric authentication, people hesitate to use this due to its strict nature to recognise people. In case of the ordinary authentication process, passwords of the users can be managed and reset to get access.  On the contrary, the biometric authentication process cannot be adjusted in case user losses his/her fingers, or eyes through which the biometric components recognises them.  

Degree of Importance of Confidentiality

In addition to that, potential misuse of the biometric data also makes the people reluctant from using the biometric authentication solutions. once any users face, DNA or iris related data/ profile are converted into a digital file, it becomes difficult to protect the users data from fraudsters.  Identity theft and financial fraud using the stolen biometrics data also makes the users to hesitate to use the biometrics devices.

Another reason that makes people reluctant to use the biometric is the breach of privacy as the stored data by the government organizations can be breached by the hackers to get the private details of different users (Hajare et al., 2018).

As the biometric data is related to the privacy of the users, thus the data should be protected from any kind of breach so that confidence grows among the people to use and share the data.     

 The above objections of the users can be countered by storing the user biometric data using some kind of encryption format. So that, even if the database of the users gets breached, the data cannot be intercepted by the hacker.  

4.In case of using biometrics, the false positive is related to the situation where biometric system erroneously accepts a biometric data sample as being a match with the data stored in the database this is also denoted by false accept by the system (Onyesolu & Okpala, 2017). 

On the other hand, false negative is about the situation when some valid biometric data of a user is provided but the system rejects it as false one or one that is not in the database which is again noted as false reject.

In case of hospital for an emergency case if the biometric system does not allow a surgeon due to false negative leads to their inability to access the hospital premises. Again for an economic institution, some security personnel may not be able to access the office premises in any emergency situation like robbery.   

5.In case of using transposition for encrypting and decrypting texts, the given text or the plaint text is written using an array and then assembling the elements in the different columns of this array according to some predefined and given permutation process. In case some of the cells of the columns are empty those are filed with a neutral letter

For the given text the key is given by 234. Now in order to solve the problem we need to get the numeric positions of English letters. This is given by,

A=1, B=2, C=3, D=4, E=5, F =6, G=7, H=8, I =9, J = 10

K = 11, L = 12, M = 13, N = 14, O = 15, P = 16, Q = 17, R = 18, S = 19, T = 20,

U = 21, V = 22, W = 23, X = 24, Y = 25, Z = 26.

For the given sentence in the encrypted form,

NTJWKHXK AMK WWUJJYZTX MWKXZKUHE

 There are mainly three parts, we will proceed with each part separately. For first part,

Encrypted Text	N	T	J	W	K	H	X	K
Corresponding numeric value	14	20	10	23	11	8	24	11

Using the given key the above one changes to,

	N	T	J	W	K	H	X	K
	2	3	4	2	3	4	2	3
	12	17	6	21	8	4	22	8

After using the cease cipher text default shift which is 3, we get,

	N	T	J	W	K	H	X	K
	9	14	3	18	5	1	19	5

Now the changed word will be

I =9, N = 14, C=3, R = 18, E=5, A=1, S = 19, E=5;

 Thus the word becomes, INCREASE

 In the similar way the second encrypted word (AMK) changes in the following

A	M	K
23	11	8
20	8	5

The new word is THE.

For the last two encrypted words WWUJJYZTX MWKXZKUHE,

Given encryption	W	W	U	J	J	Y	Z	T	X
Numeric value as per the position	23	23	21	10	10	25	26	20	24
Given Key	4	2	3	4	2	3	4	2	3
Resultant after substitution	19	21	18	6	8	22	22	18	21
Shift using default ceaser cipher technique	3	3	3	3	3	3	3	3	3
Resultant value	16	18	15	3	5	19	19	15	18
Decrypted Text	P	R	O	C	E	S	S	O	R
Thus the decrypted text Becomes PROCESSOR.
Encrypted value	M	W	K	X	Z	K	U	H	E
Corresponding numeric value	13	23	11	24	26	11	21	8	5
Given Key	4	2	3	4	2	3	4	2	3
Decoded from the substitution cipher	9	21	8	20	24	8	17	6	2
Shifting using Ceaser cipher	3	3	3	3	3	3	3	3	3
Decoded from the caeser cipher	6	18	5	17	21	5	14	3	25
Decrypted  Text	F	R	E	Q	U	E	N	C	Y

Thus the last decrypted word is, FREQUENCY. 

 The Complete decrypted sentence is, INCRESE THE PROCESSOR FREQUENCY 

References

Hajare, U., Mahajan, R., Jadhav, S., Pingale, N., & Salunke, S. (2018). Efficient Cash Withdrawal from ATM machine using Mobile Banking.

Karovaliya, M., Karedia, S., Oza, S., & Kalbande, D. R. (2015). Enhanced security for ATM machine with OTP and Facial recognition features. Procedia Computer Science, 45, 390-396.

Onyesolu, M. O., & Okpala, A. C. (2017). Improving Security Using a Three-Tier Authentication for Automated Teller Machine (ATM). International Journal of Computer Network and Information Security, 9(10), 50.

Pathak, S. K., Pathak, S. K., Mishra, M. K., Kesharwani, L., & Gupta, A. K. (2015). Automated Teller Machine (ATM) Frauds and Security. EDITORIAL BOARD, 192.