1INFORMATION SECURITY Table of Contents Answer to Question 1.................................................................................................................2 Answer to Question 2.................................................................................................................3 Answer to Question 3.................................................................................................................3 Answer to Question 4.................................................................................................................3 Answer to Question 5.................................................................................................................4 References..................................................................................................................................7
2INFORMATION SECURITY Answer to Question 1 The CIA (Confidentiality, Integrity, Availability) triad is mainly important for security of the information transmitted from different servers and user’s devices or end points (Beng et al., 2018).For the Confidentiality it is about restricting the users who may have access to some specific information or data. For integrity, it is about the administration of the modification of the transmitted information through any medium. Finally, the availability of the data is about making it sure that authorised users can access the information at any time without any difficulties. Following are the examples of the above triad from the perspective of the ATM information system and how these attributes are helpful for the security of the data of such system. Example of confidentiality For the ATM system, the confidentiality of the of data it is related to securing the access of user data only to the authorized users.For the ATM information system, the customer detail, PIN of the used ATM card to withdraw money from the ATM system should be protected from unauthorised access to the user data.In case any unauthorised user have access to the data, this may lead to the adverse situations for the customer (Rawat & Bajracharya,2015). One of such technique isEavesdroppingto get unauthorised access to the data transmitted through the server and the ATM systems.Therefore, in order to secure the confidentiality of the information it is suggested to use encryption technique and SSL for data transmission mediums so that even though the data is intercepted by the hackers or attackers they would not be able to get the decrypted data.As the lack of confidentiality of the data an lead to severe results thus it is rated with “High” degree of importance. Example of Integrity The integrity of the data in the information system is another important aspect which needs to protected.Integrity of the data ensure that the data is not modified by any unauthorized user or hacker. Unauthorized modification of the data can adversely impact on the users of the ATM as well as on the financial institutions who maintains it. For the information system the data is valuable if and only if the data is correct. As an example it can be said that, by the unauthorized modification of data transmitted from the ATM, it can result into financial loss of the customers (Rawat & Bajracharya,2015). As use of the simple encryption techniques can help in protecting the integrity of data, thus it is rated with “Moderate” degree of importance. Example of Availability Availability of data is about making sure that, data from the information system is available to the authorized users whenever they need it. This availability of data can be interrupted through the DoS, Man in the Middle Attacks (Beng et al., 2018).Thus routine offline backups can be very helpful in ensuring the availability of data to the users.As lack of availability of the data will lead to the unavailability of all the services from the ATM system, thus it can be marked with “Moderate” degree of importance.
3INFORMATION SECURITY Answer to Question 2 For the given scenario, it is given that the thief was successful in breaking five of the total ten keys on the board of the ATM. Now, as the customer was able to enter his/her pin using the remaining five keys thus the users PIN is combination of 4 keys out of the remaining five keys. Using the concept of permutation and combination we can state that the number of efforts remains for the thief to find the customers pin is given by following formula, 5P4= 5! / (5-4)! =120 Thus the number of attempts that can be used by the thief is, 120 times. Answer to Question 3 The main working principle of Biometrics can be stated as, comparison of two data set one is previously inserted data in the device and another one inserted by the different user’s every time they want to enter the secure premises.In order to grant access for a user the Biometric does not requires an exactly identical for the above mentioned two data sets. This matching technique is used as due to sweat or water in the fingertips may disrupt the whole process of identification (Beng et al., 2018). Errors in the processing of the biometric elements consist of a long chain of processing steps which are considered as imperfect by the researchers. For each stepthe processing chain introduces a slight degree of uncertainty for identification. Uncertainty in this process is inescapable if the first processing step too. As the body part used for biometric can never appear exactly same as it was appeared when registered at first. Pressure and angle of a finger on a scanner.This interruption includes false Positive; where an invalid user is identified as a valid user and given access to the restricted data or premises. Another issue related to this is false Negative. In case of false negative, a valid user is rejected from the biometric authentication process. Biometrics are hackable: On the other hand, in case of iris scanning and voice recognition it can be said that, they can have hacked using the pictures of the Iris and voice samples.From the example of hacking of German ministerUrsula von der Leyen finger prints, it is evident that the fingerprints and iris biometrics can be easily hacked by using their high definition images. Vulnerabilitiesinthesoftware’susedforauthentication: security researchers also found that, most of the software’s used s for the biometric devices contains different backdoors which can be exploited by the hackers to extract the stored information about the users. Lack of recovery options:even though the biometric elements are uniqueforeveryonebutitdoesnotmakesurethatthesearesecure passwords (Eberz et al., 2017). Unfortunately, if any user lost their fingers, eyes then it becomes impossible for them to access the secured data or premises as they longer possess their passwords.In this scenario this password is also not recoverable which leads to more complexity.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INFORMATION SECURITY Answer to Question 4 For biometric authentication process, there are two factors that are used to measure the performance and efficiency of the biometric devices. These are, false positive and false negative.False positive identification happens in case the biometric system mistakenly finds a match for an invalid user’s fingerprint entry which is not enrolled previously in the biometric system. On the contrary, false negative identification happens if the biometric system finds no match or responds with an error for a query fingerprint that is previously registered in the system. Following are the two scenarios in which the false negatives results into severe results compared to the results of the false positives which accept the biometric of an unregistered user as a registered one. Personal lockers:At present there are personal lockers are available that recognises its owner using the biometric. In case of any emergency, it is possible that the biometric of the locker responds with false negative. In any emergency situation there may be some critical resources in the locker which will be unavailable for its owner due to the False negative response. Safety and recovery of IT infrastructure:In every organization where a significant amount of business processes depends on the IT infrastructure, there the IT resources like databases, servers are placed inside a restricted premise which is accessible some of the officials of the organization (Eberz et al., 2017). In case of any failure or attack on the severs, if the biometric system responds with false negative then the officials would not be able to isolate the affected servers so that other servers can be used to support the business process. Answer to Question 5 For any cipher text which is encrypted using the transposition technique then the one of the easiest and quick way to decrypt the text is the letter frequency count and a Trigram count. In this technique the at first the frequency of each letter in the given encrypted text. After this the count of the frequency of triple characters in a sequence is calculated.In this way, the encrypted text can be decrypted. The encrypted sentence is given by, NTJWKHXKAMK WWUJJYZTX MWKXZKUHE For the decryption of the given string the positional values of the letters will play a vital role. Which are given by, A=1, B=2, C=3, D=4, E=5, F =6, G=7,
5INFORMATION SECURITY H=8, I =9, J = 10; K = 11, L = 12, M = 13, N = 14, O = 15, P = 16; Q = 17, R = 18, S = 19, T = 20; U = 21, V = 22, W = 23, X = 24, Y = 25, Z = 26. Now for the given string of text, we get the following values for every word, N=14,T=20,J=10,W=23, K=11,H=8,X=24K=11; A=1,M=13,K=11; W=23,W=23,U=21,J=10,J=10,Y=25,Z=26T=20,X=24; M=13,W=23,K=11,X=24,Z=26,K=11U=21H=8E=5; Now considering the substitution key, 234, we get the transformed sequences as follows, N=12T=17J=6W=21K=8H=4X=22K=8 A=23,M=11,K=8 W=19,W=21,U=18,J=6,J=8,Y=22,Z=22T=18,X=21 M=9,W=21,K=8,X=20,Z=24,K=8U=17H=6E=2 In this sage now we will apply the principles of decrypting Caesar cipher text, we get the following sequences, NTJWKHXK
6INFORMATION SECURITY 91431851195 AMK 2085 WWUJJYZTX 1618153519191518 MWKXZKUHE 61851721514325 Now using the positional values of the last stage, we get the decrypted message as, 91431851195 INCREASE The second word, 2085 THE Third word, 1618153519191518 PROCESSOR 61851721514325 FREQUENCY The decoded sentence becomes, INCREASE THE PROCESSOR FREQUENCY
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7INFORMATION SECURITY References Beng, T. C., Hijazi, M. H. A., Lim, Y., & Gani, A. (2018). A survey on Proof of Retrievability for cloud data integrity and availability: Cloud storage state-of-the-art, issues, solutions and future trends.Journal of Network and Computer Applications. Eberz, S., Rasmussen, K. B., Lenders, V., & Martinovic, I. (2017, April). Evaluating behavioralbiometricsforcontinuousauthentication:Challengesandmetrics. InProceedingsofthe2017ACMonAsiaConferenceonComputerand Communications Security(pp. 386-399). ACM. Mohanty, S., Ganguly, M., & Pattnaik, P. K. (2018). CIA Triad for Achieving Accountability in Cloud Computing Environment. Purnama, B., & Rohayani, A. H. (2015). A New Modified Caesar Cipher Cryptography MethodwithLegibleCiphertextFromaMessagetoBeEncrypted.Procedia Computer Science,59, 195-204. Oktaviana, B., & Siahaan, A. P. U. (2016). Three- Pass Protocol Implementation in Caesar Cipher Classic Cryptography.IOSR Journal of Computer Engineering (IOSR-JCE),18(4), 26-29. Rawat, D. B., & Bajracharya, C. (2015, April). Cyber security for smart grid systems: Status, challenges and perspectives. InSoutheastCon 2015(pp. 1-6). IEEE.