Assessment 2 - Information Security - ITC595
VerifiedAdded on 2024/05/21
|8
|2053
|297
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Mohammed Muntajib Bilal 11613037
ITC595
Information Security
Assessment 2
Student Name: Mohammed Muntajib Bilal
Student ID: 11613037
1
ITC595
Information Security
Assessment 2
Student Name: Mohammed Muntajib Bilal
Student ID: 11613037
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Mohammed Muntajib Bilal 11613037
Contents
Question 1..................................................................................................................................3
Question 2..................................................................................................................................3
Question 3..................................................................................................................................4
Question 4..................................................................................................................................4
Question 5..................................................................................................................................5
References..................................................................................................................................8
2
Contents
Question 1..................................................................................................................................3
Question 2..................................................................................................................................3
Question 3..................................................................................................................................4
Question 4..................................................................................................................................4
Question 5..................................................................................................................................5
References..................................................................................................................................8
2
Mohammed Muntajib Bilal 11613037
Question 1
Roles of CIA (Confidentiality, Integrity, and Availability) in ATMs
ATMs have to be more secure for the obvious reasons of account security. The CIA triad
plays a vital role in managing the security of the system. Following are some explanation
about CIA triad in ATM:
Confidentiality
It is the concept of concealing the information from an unauthenticated person. This will help
in protecting the data from misuse and maintaining the confidentiality of information.
In case of ATM card pin, the user and only the bank system is responsible for holding the pin
of the card. Here pin of the ATM card must be always confidential and this will prevent any
future leakage of information. For this several security measures can be taken for the security
of the confidentiality of the ATM network.
ATM should be so secured that it must hold the information about the user for only a
particular session and when the session expires the data must not be accessible in any way.
This will keep the unauthorized person to attack the account of the victim (“Tuli & Kaur”,
2013).
Integrity
Data integrity is the technique of preserving the important data from any kind of loss or
change in the information form any unauthorized person. Whatever the transactions made by
the user should not be leaked so that there could not be any kind of data loss or alteration in
the content.
Several transactions are held at ATM, people withdraw and deposits money. There is a high
risk of security breach and loss of data integrity can be there (“Tuli & Kaur”, 2013).
So, therefore, there is a need for security measures in preserving the data integrity of
information.
Availability
ATM must always be available at any time for service providence to the users. ATM must be
accessible easily so that there is no interference in the service. Attackers attack the
availability of the ATM machine so that it cannot provide any further service.
ATM service providers must take care of the availability of ATM at every time, for this, they
can take security protocols to deal with the availability criteria so that intruders cannot block
the availability of the ATM machine (“Tuli & Kaur”, 2013).
Question 2
The total number of numerical digits on ATM keypad are 10 i.e. 0-9
If a thief has managed to broke any of the five numerical keys, then the other 5 keys are in a
working condition. Which means that the pin combination of the user whose card is stuck
after the withdrawal is made up of any of these 5 working numbers.
Total number of possible combinations for a 4-digit number using 5 digits only = 54 = 625
3
Question 1
Roles of CIA (Confidentiality, Integrity, and Availability) in ATMs
ATMs have to be more secure for the obvious reasons of account security. The CIA triad
plays a vital role in managing the security of the system. Following are some explanation
about CIA triad in ATM:
Confidentiality
It is the concept of concealing the information from an unauthenticated person. This will help
in protecting the data from misuse and maintaining the confidentiality of information.
In case of ATM card pin, the user and only the bank system is responsible for holding the pin
of the card. Here pin of the ATM card must be always confidential and this will prevent any
future leakage of information. For this several security measures can be taken for the security
of the confidentiality of the ATM network.
ATM should be so secured that it must hold the information about the user for only a
particular session and when the session expires the data must not be accessible in any way.
This will keep the unauthorized person to attack the account of the victim (“Tuli & Kaur”,
2013).
Integrity
Data integrity is the technique of preserving the important data from any kind of loss or
change in the information form any unauthorized person. Whatever the transactions made by
the user should not be leaked so that there could not be any kind of data loss or alteration in
the content.
Several transactions are held at ATM, people withdraw and deposits money. There is a high
risk of security breach and loss of data integrity can be there (“Tuli & Kaur”, 2013).
So, therefore, there is a need for security measures in preserving the data integrity of
information.
Availability
ATM must always be available at any time for service providence to the users. ATM must be
accessible easily so that there is no interference in the service. Attackers attack the
availability of the ATM machine so that it cannot provide any further service.
ATM service providers must take care of the availability of ATM at every time, for this, they
can take security protocols to deal with the availability criteria so that intruders cannot block
the availability of the ATM machine (“Tuli & Kaur”, 2013).
Question 2
The total number of numerical digits on ATM keypad are 10 i.e. 0-9
If a thief has managed to broke any of the five numerical keys, then the other 5 keys are in a
working condition. Which means that the pin combination of the user whose card is stuck
after the withdrawal is made up of any of these 5 working numbers.
Total number of possible combinations for a 4-digit number using 5 digits only = 54 = 625
3
Mohammed Muntajib Bilal 11613037
Maximum number of possible combination before one correct combination = 54-1 =624
So, a thief has to enter 624 maximum number of combination before hitting the correct
combination.
Question 3
Biometrics in ATM
Biometrics is a great and convenient form of authentication. The authentication process is fast
and user-friendly, no need to type the passwords. Biometrics is an easy way of authenticating
using the physical structure of the body. There are many ways of implementing biometrics
like – fingerprints, palm reader, face reader, voice recognition, eye retina scanner etc., all
these are the way of authenticating a user using biometrics. There is a number of ATMs that
uses the technology of biometrics to make transaction fast (“Bhattacharyya, Ranjan,
Alisherov & Choi”, 2009).
Advantages of Biometrics –
INCREASED SECURITY – Biometrics can provide a higher level of security with
various types of authentication. Biometrics is more secured because it is hard to be
replicated and have very much uniqueness behavior.
INCREASED CONVENIENCE - Biometrics is a very easy and convenient form of
authentication.
INCREASED ACCOUNTABILITY – Accountability is very high in Biometrics because
of the uniqueness of each authentication measure (“Essays”, 2013).
Disadvantages of Biometrics –
Environment effect – Environment around the user matters while he is authenticating in
the machine using biometrics. Like is there is low light around the user while he is
authenticating using face recognition then there can be a chance of failure in
authentication.
System guarantee – The hardware system used for biometrics verification may sometimes
result in failure. These biometrics systems are never 100% accurate. So dependency on
them can be slashed.
Characteristic – There can be a reduction in the accuracy of matching in biometrics due to
any changes in physiological characteristic (“Essays”, 2013).
Question 4
Circumstances when false negatives are more significantly serious than false positives
There are some obvious conditions where the false positives are lesser serious than the false
negatives. A tester should always be careful of the false positive and false negative
conditions. False negatives are more significantly serious or dangerous than false positives.
False Positive – These are the assumptions of the tests in which the tester gives or assumes a
fail to a properly working system.
Occurrence – False positive happens when a tester reports a false bug or failure to a perfectly
working system. Like in case of SQL the testing tool says "SQL injection vulnerability" but
there cannot be such thing as SQL injection. Another example can be of a tool for testing the
loading of sites reports failure but the site actually got several hits from users.
4
Maximum number of possible combination before one correct combination = 54-1 =624
So, a thief has to enter 624 maximum number of combination before hitting the correct
combination.
Question 3
Biometrics in ATM
Biometrics is a great and convenient form of authentication. The authentication process is fast
and user-friendly, no need to type the passwords. Biometrics is an easy way of authenticating
using the physical structure of the body. There are many ways of implementing biometrics
like – fingerprints, palm reader, face reader, voice recognition, eye retina scanner etc., all
these are the way of authenticating a user using biometrics. There is a number of ATMs that
uses the technology of biometrics to make transaction fast (“Bhattacharyya, Ranjan,
Alisherov & Choi”, 2009).
Advantages of Biometrics –
INCREASED SECURITY – Biometrics can provide a higher level of security with
various types of authentication. Biometrics is more secured because it is hard to be
replicated and have very much uniqueness behavior.
INCREASED CONVENIENCE - Biometrics is a very easy and convenient form of
authentication.
INCREASED ACCOUNTABILITY – Accountability is very high in Biometrics because
of the uniqueness of each authentication measure (“Essays”, 2013).
Disadvantages of Biometrics –
Environment effect – Environment around the user matters while he is authenticating in
the machine using biometrics. Like is there is low light around the user while he is
authenticating using face recognition then there can be a chance of failure in
authentication.
System guarantee – The hardware system used for biometrics verification may sometimes
result in failure. These biometrics systems are never 100% accurate. So dependency on
them can be slashed.
Characteristic – There can be a reduction in the accuracy of matching in biometrics due to
any changes in physiological characteristic (“Essays”, 2013).
Question 4
Circumstances when false negatives are more significantly serious than false positives
There are some obvious conditions where the false positives are lesser serious than the false
negatives. A tester should always be careful of the false positive and false negative
conditions. False negatives are more significantly serious or dangerous than false positives.
False Positive – These are the assumptions of the tests in which the tester gives or assumes a
fail to a properly working system.
Occurrence – False positive happens when a tester reports a false bug or failure to a perfectly
working system. Like in case of SQL the testing tool says "SQL injection vulnerability" but
there cannot be such thing as SQL injection. Another example can be of a tool for testing the
loading of sites reports failure but the site actually got several hits from users.
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Mohammed Muntajib Bilal 11613037
Handling - The false positives make an extra effort and extra time is used for the verification
of the failure. To handle the false positive several measures can be taken like the testing
system must be checked for the better working of testing, manual testing can be done under
the supervision of senior tester ("Understanding False Positive and False Negative", 2018).
False Negative - The false negative happens when a test report is passed but actually its false
data. Giving green chit to a false system can lead to some serious problems and issues. False
negatives are very dangerous than false positives.
Occurrence - Whenever a bug or a false constraint is missed or skipped by the tester and
tester gives final clarification to the system then it is termed as a false negative. Like in case
of software development if there's a function that worked properly in initial iterations and
tester passes it without knowing that the function fails in the end. Another example can be of
the testing tool which misses the path of a particular function and passes the system but the
missed function has some issues then this can lead to false negative.
Handling – In testing like manual testing, a better approach for the testing must be applied
with a good testing plan. A senior verification must be advised for the better testing of the
hidden bugs and faults in the system ("Understanding False Positive and False Negative",
2018).
Question 5
Caesar cipher is a technique of encrypting a data into another form by substituting each value
(like each alphabet) into another value so that the actual data is preserved in a different
substituted format. In Caesar cipher, the same key is proposed by the sender and receiver and
for encrypting and decrypting the same key is used (“Kahate”, 2013).
The given encrypted ciphertext is:
NTJWKHXK AMK WWUJJYZTX MWKXZKUHE
And the key is 2 3 4
By encrypting the plaintext using the Caesar cipher technique it follows a formula:
C = (P+K) mod 26
And for decryption of the ciphertext to plain text the formula is:
P = (C - K) mod 26
Where,
P = Plain text
C = Cipher Text
K = Key
For the given ciphertext, the key is 234 and its plain text would be as follows –
A B C D E F G H I J K L M N O P Q R S
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
T U V W X Y Z
5
Handling - The false positives make an extra effort and extra time is used for the verification
of the failure. To handle the false positive several measures can be taken like the testing
system must be checked for the better working of testing, manual testing can be done under
the supervision of senior tester ("Understanding False Positive and False Negative", 2018).
False Negative - The false negative happens when a test report is passed but actually its false
data. Giving green chit to a false system can lead to some serious problems and issues. False
negatives are very dangerous than false positives.
Occurrence - Whenever a bug or a false constraint is missed or skipped by the tester and
tester gives final clarification to the system then it is termed as a false negative. Like in case
of software development if there's a function that worked properly in initial iterations and
tester passes it without knowing that the function fails in the end. Another example can be of
the testing tool which misses the path of a particular function and passes the system but the
missed function has some issues then this can lead to false negative.
Handling – In testing like manual testing, a better approach for the testing must be applied
with a good testing plan. A senior verification must be advised for the better testing of the
hidden bugs and faults in the system ("Understanding False Positive and False Negative",
2018).
Question 5
Caesar cipher is a technique of encrypting a data into another form by substituting each value
(like each alphabet) into another value so that the actual data is preserved in a different
substituted format. In Caesar cipher, the same key is proposed by the sender and receiver and
for encrypting and decrypting the same key is used (“Kahate”, 2013).
The given encrypted ciphertext is:
NTJWKHXK AMK WWUJJYZTX MWKXZKUHE
And the key is 2 3 4
By encrypting the plaintext using the Caesar cipher technique it follows a formula:
C = (P+K) mod 26
And for decryption of the ciphertext to plain text the formula is:
P = (C - K) mod 26
Where,
P = Plain text
C = Cipher Text
K = Key
For the given ciphertext, the key is 234 and its plain text would be as follows –
A B C D E F G H I J K L M N O P Q R S
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
T U V W X Y Z
5
Mohammed Muntajib Bilal 11613037
19 20 21 22 23 24 25
For N,
C = 13
K = 2
Plain text, P = (C - K) mod 26
P = (13-2) mod 26
P = (11) mod 26
P = 11 = L
For T,
C = 19
K = 3
Plain text, P = (C - K) mod 26
P = (19-3) mod 26
P = (15) mod 26
P = 15 = P
For J,
C = 9
K = 4
Plain text, P = (C - K) mod 26
P = (9-4) mod 26
P = (5) mod 26
P = 5 = F
Similarly, for all the alphabets in the cipher text their corresponding cipher text 1 after
calculations provides first decrypted text which is treated as cipher text in next substitution
method. So the decrypted text of the given cipher text would be:
Cipher text 1 = LQFUHDVH WKH SURFHVVRU IUHTXHQFB
Now the decrypted text would be treated as cipher text for substitution for which the number
of keys
N = 3 and substitution follows the formula –
Xi = (x - N) mod 26
Where,
Xi = plain text
x = cypher text
6
19 20 21 22 23 24 25
For N,
C = 13
K = 2
Plain text, P = (C - K) mod 26
P = (13-2) mod 26
P = (11) mod 26
P = 11 = L
For T,
C = 19
K = 3
Plain text, P = (C - K) mod 26
P = (19-3) mod 26
P = (15) mod 26
P = 15 = P
For J,
C = 9
K = 4
Plain text, P = (C - K) mod 26
P = (9-4) mod 26
P = (5) mod 26
P = 5 = F
Similarly, for all the alphabets in the cipher text their corresponding cipher text 1 after
calculations provides first decrypted text which is treated as cipher text in next substitution
method. So the decrypted text of the given cipher text would be:
Cipher text 1 = LQFUHDVH WKH SURFHVVRU IUHTXHQFB
Now the decrypted text would be treated as cipher text for substitution for which the number
of keys
N = 3 and substitution follows the formula –
Xi = (x - N) mod 26
Where,
Xi = plain text
x = cypher text
6
Mohammed Muntajib Bilal 11613037
N = number of key
Calculation of substitution decryption of cipher text 1,
For L,
x = 11
N = 3
Xi = (x - N) mod 26
Xi = (11 - 3) mod 26
Xi = (10) mod 26
Xi = 10 = I
For Q,
x = 16
N = 3
Xi = (x - N) mod 26
Xi = (16 - 3) mod 26
Xi = (13) mod 26
Xi = 13 = N
For F,
x = 5
N = 3
Xi = (x - N) mod 26
Xi = (5 - 3) mod 26
Xi = (2) mod 26
Xi = 2 = C
Similarly, calculating for all the cipher text using substitution method the final deciphered
text would be:
INCREASE THE PROCESSOR FREQUENCY
7
N = number of key
Calculation of substitution decryption of cipher text 1,
For L,
x = 11
N = 3
Xi = (x - N) mod 26
Xi = (11 - 3) mod 26
Xi = (10) mod 26
Xi = 10 = I
For Q,
x = 16
N = 3
Xi = (x - N) mod 26
Xi = (16 - 3) mod 26
Xi = (13) mod 26
Xi = 13 = N
For F,
x = 5
N = 3
Xi = (x - N) mod 26
Xi = (5 - 3) mod 26
Xi = (2) mod 26
Xi = 2 = C
Similarly, calculating for all the cipher text using substitution method the final deciphered
text would be:
INCREASE THE PROCESSOR FREQUENCY
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Mohammed Muntajib Bilal 11613037
References
Tuli, K., & Kaur, G. (2013). ATM SAFETY & SECURITY. International Journal of
Advanced Research in IT and Engineering, 1-4.
Bhattacharyya, D., Ranjan, R., Alisherov, F., & Choi, M. (2009). Biometric
authentication: A review. International Journal of u-and e-Service, Science, and
Technology, 2(3), 13-28.
Essays, UK. (November 2013). Advantages and Disadvantages of Biometrics. Retrieved
from https://www.google.co.in/?vref=1
Kahate, A. (2013). Cryptography and network security. Tata McGraw-Hill Education.
Understanding False Positive and False Negative. (2018). Narainko. Retrieved 6 April
2018, from https://narainko.wordpress.com/2012/08/26/understanding-false-positive-and-
false-negative/ ("Understanding False Positive and False Negative", 2018)
8
References
Tuli, K., & Kaur, G. (2013). ATM SAFETY & SECURITY. International Journal of
Advanced Research in IT and Engineering, 1-4.
Bhattacharyya, D., Ranjan, R., Alisherov, F., & Choi, M. (2009). Biometric
authentication: A review. International Journal of u-and e-Service, Science, and
Technology, 2(3), 13-28.
Essays, UK. (November 2013). Advantages and Disadvantages of Biometrics. Retrieved
from https://www.google.co.in/?vref=1
Kahate, A. (2013). Cryptography and network security. Tata McGraw-Hill Education.
Understanding False Positive and False Negative. (2018). Narainko. Retrieved 6 April
2018, from https://narainko.wordpress.com/2012/08/26/understanding-false-positive-and-
false-negative/ ("Understanding False Positive and False Negative", 2018)
8
1 out of 8
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.