ATM Security And Biometric Authentication - Decryption With Transposition And Substitution Cipher Essay.

1.Automated Teller Machines (ATM) are designed so that users will provide a personal identification number (PIN) and a card to access their bank accounts. Give examples of confidentiality, integrity and availability requirements associated in such a system and describe the degree of importance for each requirement.

2.A thief broke into an Automated Teller Machine (ATM) using a screwdriver and was able to jam the card reader as well as breaking five keys from the keypad. The thief had to halt the process of break-in and hide, as a customer approached to use the ATM. The customer was able to successfully enter their ATM card, punch in the 4 digit PIN and was able to draw out some cash. Since the card reader was jammed, the customer was however not able to withdraw the ATM card, and drove off to seek some help. In the meantime, the thief came back and decided to try to discover the customer’s PIN so that he can steal money from the customer. You are required to calculate the maximum number of PINs that the thief may have to enter before correctly discovering the customer’s PIN?

3.Thinking about bio-metric authentication, list three reasons why people may be reluctant to use bio-metrics. Describe various ways of how to counter those objections.

4.In bio-metric authentication, false positive and false negative rates can be tuned according to the requirement, and they are often complementary i.e. raising one lowers the other. Describe two circumstances where false negatives are significantly more serious than false positives.

5.Transposition is one known method of encrypting the text. What can be one way that a piece of cipher text can be determined quickly if it was likely a result of a transposition? Utilising some of the decryption techniques (substitution and others) covered in the subject so far, you are required to decipher (find the plain text) the cipher text that will be proviced to you closer to the assessment due date via the subject site. In order to present your solution, you need to demonstrate and explain the steps taken to decipher this text.
 

Restrictions on Entering Wrong PIN in ATM

• From the term confidentiality it can be stated that it gives protection to information of the ATM card from unauthorized users.
• For a successful transaction to occur, the ATM card is to be present with the user and the user has to know the ATM pin for a transaction to occur (Barbosa & Silva, 2015).
• The confidentiality feature is to be followed by the system that handles the ATM card by providing an good encrypting algorithm to the pin of the card at transaction time.
• If confidentiality is not done properly with the ATM pin, then generally two types of breaches may take place (Chen, Pande & Mohapatra, 2014). Generally the first type of confidentiality data breach takes place when an outsider looks over the ATM pin and the details of the card when transaction is taking place. The second data breach takes place when the data of the user are stolen, from a company or an organization.
• The privacy of the people is to be maintained in the confidentiality of the ATM card.

• If the data that is related with the ATM is changed or altered, then the ATM is subjected to integrity. Without the access of the user, the integrity is hampered.
• If the owner of the ATM purposely changes the content of some files and deletes some files deliberately, integrity regarding the data occurs (Thomas, Vinod & Robinson, 2017). This can happen accidentally also.
• The errors that can come from the integrity are to be solved by the experts who have the responsibility to secure the information.

• Availability means the data must be available with the user anytime and anywhere the user wants and the data should be present so that the transaction becomes successful.
• The systems needed for processing, storing the information are also to be kept secured and protected by the experts.
• The denial-of-attacks is a common attack, which is to be prevented for providing security to the ATM system.

2.As per the given case in the question, in an ATM a thief broke in and by the help of a screwdriver, he jammed the card reader of the ATM. The thief also broke five keys from the keypad of the machine. While he was processing with the work, a customer came in for transaction (Luca et al., 2015). After his successful transaction with the five left good keys, he was not able to take out his card, as the thief jammed the card reader. When the customer went out to seek help, the thief thought of trying with the left pins so that he can take out some money from the ATM. He was left only with five keys. With those five keys, he has many probabilities. The maximum number of tries that the thief can do with five pins is:

5!/(5-4)!

= 5!/1!

= 120 times.

But there are certain restriction about entering the ATM pin in the machine. For keeping the security of the ATM high, the system experts have restricted of entering the wrong pin three times maximum. After three wrong trails, the thief will not able to attempt any number because the card will be jammed. 

3.Three reasons by which the people will use the biometric authentication technique are:

• Identification Accuracy: Since, the biometric is based on the physiological feature, it is difficult to steal or alter the data for a user in the database (Memon, 2017). The identification that is done by biometric machines are very accurate and there are very less chances of being the data wrong.
• The administrative cost of an organization is cut low with the help of biometric authentication. The biometric authentication does not need any paper work to be done, and does all the work automatically. The biometrics is very easy to install and are easy to use (Kim et al., 2015). All the user can use the biometric authentication for their identification. Biometric also lessens the burden to remember the password for the their login. The biometric authentication also saves the time of the user.
• Seamless integration: The systems of biometric provides the user with an workforce that manages the time and the attendance system of the user. The biometric system also has access control, and surveillance, as well as manages the visitor data. All these works are done by only by a single computer and generally provides a centralized control for the purpose of securing the administrators.

4.False negative biometric is basically an authentication rate, in which the authorized user of the biometric system is rejected to access the login. This generally happens when the system is not able to find out the data from the database. The system rejects the access of the user for which the database is not found (Alsaadi, 2015). The false positive in biometric authentication occurs if the system gets the access of an unauthorized user who has database similar to the authenticated user. The false negative rate is generally higher than the false positive rate for this reason. The rate of false negative generally starts from 0.00066% more than the false acceptance.

5.With the help of columnar transposition method, the cipher text with transposition can be decrypted.

The given encrypted text in the question is

NTJWKHXK AMK WWUJJYZTX MWKXZKUHE with key 234

By using Caesar cipher along with substitution method, the text can be decrypted as follows:

A	B	C	D	E	F	G	H	I	J	K	L	M	N	O	P	Q	R	S	T	U	V	W	X	Y	Z
1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26

Encrypted Text	N	T	J	W	K	H	X	K
The numeric value of the alphabets	14	20	10	23	11	8	24	11
Key given	2	3	4	2	3	4	2	3
Decoded from  substitution cipher	12	17	6	21	8	4	22	8
Shifting of Caeser cipher	3	3	3	3	3	3	3	3
Decoded from caeser cipher	9	14	3	18	5	1	19	5
Final Decoded Text	I	N	C	R	E	A	S	E

Encrypted Text	A	M	K
The numeric value of the alphabets	1	13	11
Key given	4	2	3
Decoded from  substitution cipher	23	11	8
Shifting of Caeser cipher	3	3	3
Decoded from caeser cipher	20	8	5
Final Decoded Text	T	H	E

Encrypted Text	W	W	U	J	J	Y	Z	T	X
The numeric value of the alphabets	23	23	21	10	10	25	26	20	24
Key given	4	2	3	4	2	3	4	2	3
Decoded from  substitution cipher	19	21	18	6	8	22	22	18	21
Shifting of Caeser cipher	3	3	3	3	3	3	3	3	3
Decoded from caeser cipher	16	18	15	3	5	19	19	15	18
Final Decoded Text	P	R	O	C	E	S	S	O	R

Encrypted Text	M	W	K	X	Z	K	U	H	E
The numeric value of the alphabets	13	23	11	24	26	11	21	8	5
Key given	4	2	3	4	2	3	4	2	3
Decoded from  substitution cipher	9	21	8	20	24	8	17	6	2
Shifting of Caeser cipher	3	3	3	3	3	3	3	3	3
Decoded from caeser cipher	6	18	5	17	21	5	14	3	25
Final Decoded Text	F	R	E	Q	U	E	N	C	Y

The final decrypted text is INCREASE THE PROCESSOR FREQUENCY 

References

Alsaadi, I. M. (2015). Physiological Biometric Authentication Systems, Advantages, Disadvantages And Future Development: A Review. International Journal Of Scientific & Technology Research, 4(8), 285-289.

Barbosa, F. G., & Silva, W. L. S. (2015, November). Support vector machines, Mel-Frequency Cepstral Coefficients and the Discrete Cosine Transform applied on voice based biometric authentication. In SAI Intelligent Systems Conference (IntelliSys), 2015 (pp. 1032-1039). IEEE.

Chen, S., Pande, A., & Mohapatra, P. (2014, June). Sensor-assisted facial recognition: an enhanced biometric authentication system for smartphones. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services (pp. 109-122). ACM.

De Luca, A., Hang, A., Von Zezschwitz, E., & Hussmann, H. (2015, April). I feel like I'm taking selfies all day!: towards understanding biometric authentication on smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (pp. 1411-1414). ACM.

Kim, H., Park, J., Lee, J., & Ryou, J. (2015). Biometric authentication technology trends in smart device environment. In Mobile and Wireless Technology 2015 (pp. 199-206). Springer, Berlin, Heidelberg.

Memon, N. (2017). How Biometric Authentication Poses New Challenges to Our Security and Privacy [In the Spotlight]. IEEE Signal Processing Magazine, 34(4), 196-194.

Thomas, K. P., Vinod, A. P., & Robinson, N. (2017, March). Online Biometric Authentication Using Subject-Specific Band Power features of EEG. In Proceedings of the 2017 International Conference on Cryptography, Security and Privacy (pp. 136-141). ACM.