Information Security: ATM, Biometric Authentication, Transposition Cipher

Verified

Added on 2023/06/13

AI Summary

This article discusses the importance of information security in Automated Teller Machines (ATM), biometric authentication systems, and transposition cipher. It covers topics such as confidentiality, integrity, and availability in ATM, advantages and disadvantages of biometric authentication, and decoding cipher text using substitution and Caesar cipher.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
INFORMATION SECURITY
Table of Contents
Question 1..................................................................................................................................2
Question 2..................................................................................................................................3
Question 3..................................................................................................................................4
Question 4..................................................................................................................................5
Question 5..................................................................................................................................6
References..................................................................................................................................8

2
INFORMATION SECURITY
Question 1
Automated Teller Machine or ATM is the electronic telecommunication device,
which are utilized for the proper and successful withdrawal of money without even visiting to
the bank. This cash withdrawal is done from the existing bank account of the customer. The
customer is extremely benefitted from the service (Peltier, 2016). The most significant
advantage of an Automated Teller Machine is that no time is restricted for it and the customer
can withdraw cash any time. However, the only restriction is that the customer should have a
valid bank account for withdrawal of cash.
The users of the Automated Teller Machine are provided with an ATM card and a
specific and distinct PIN or the personal identification number by the bank. Both of these
ATM card and PIN are extremely important for the user to make any type of transaction. The
PIN of the customer is four digit number, which is absolutely different for each and every
ATM card. Moreover, the ATM card and the PIN should be kept absolutely private and
confidential to avoid any type of problem in confidentiality.Three major requirements are
present in the ATM card. They are the confidentiality, integrity and availability or CIA in
short. All these three requirements help the system of ATM or Automated Teller Machine to
be extremely popular and unique with respect to others. Each one of these is explained below:
i) Confidentiality: this is the other name of privacy. It is known as the most
significant criterion of ATM systems. Only the authenticated and authorized users are
allowed to use this particular card and its personal identification number (Andress, 2014).
The degree of importance is very high as unsecured PIN can lead to the loss of money and
confidentiality.
The examples of confidentiality in an Automated Teller Machine are given below:
a) Loss of ATM card and the PIN of an authorized user.
b) Presence of the ATM card while making any transaction.
ii) Integrity: This is the second important requirement where the data integrity is
highly maintained. This data integration does turn out the most significant feature in an
Automated Teller Machine. If the data is changed or altered, the user would be in grave
danger. The degree of importance of the integrity is very high in comparison to other as the
user might face major losses if his data would be changed or altered.
The examples of integrity in an Automated Teller Machine are given below:
a) Change or alteration in the confidential data (De Gramatica et al., 2015).
b) Intentional removal of confidential data.
iii) Availability: the third requirement is the availability of information and hardware.
If both of these will not be available, it is nearly impossible to make any transaction. The
degree of importance of the availability is very high as if the information and hardware will
not be present; it is evident that the transactions will not be done.
The examples of availability in an Automated Teller Machine are given below:
a) Lack of accurate information elated to ATM card and PIN.

3
INFORMATION SECURITY
b) Lack of hardware of the ATM.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
INFORMATION SECURITY
Question 2
The most important characteristic of ATM or an Automated Teller Machine is that the
card of ATM does not give any credit services. The user of the ATM card is responsible for
keeping the details private as well as confidential. The ATM usability procedure is very
simple. In the beginning, the authorized user has to enter his card into the ATM card slot or
card reader. Next, he would punch his unique personal identification number in the keypad of
the Automated Teller Machine. Finally, he would be able to withdraw cash or money (De
Gramatica et al., 2015).
As per the given scenario, a thief has broken the Automated Teller Machine or an
ATM after using a screwdriver and finally has jammed the card reader of that particular ATM
machine. Next, this thief has broken the five keys from the keypad of the ATM.
However, this thief has to stop of stealing money from ATM in the middle; a
customer has come to withdraw some cash from his account. Thus, the thief has hidden from
the customer and thus stopped his breaking of machine. The customer did not notice the thief.
He entered his ATM card in the machine, then punched the four digits of is PIN number and
finally entered the amount to be withdrawn. The cash came out and thus he was successful in
making the transaction.
After the cash withdrawal, the customer tried to pull out his card. However, since the
thief has already jammed the card reader, he s unable to do so (Siponen, Mahmood &
Pahnila, 2014). He thus, goes out for calling of help for withdrawing this ATM card from the
machine.
Meanwhile, the thief comes out and tried to know about the PIN number of the user.
As the card was already present in the card reader, it would be easier if he could know the
PIN of the card.
There is a procedure to know the PIN of the customer. Four keys are present in a card.
Thus, the total number of possibilities of permutation of those four keys is as follows:
5P4 = 5!/(5 - 4)! = 5!/4! = 120.
The thief can detect the correct PIN in 120 ways of permutation.
However, few restrictions are present like only three wrong attempts are to be made
while entering the PIN. If the correct PIN is not entered within those three attempts, the card
would be blocked.

5
INFORMATION SECURITY
Question 3
The particular system for authorization as well as authentication of biometric with
several traits and attributes related biological features is termed as the biometric
authentication system. These biological traits are extremely important for any individual to
identify the person uniquely and significantly (Bhagavatula et al., 2015).
Biometric authentication system consists of a particular information system within it
and this presence of information system makes all the operations of the biometric
authentication system extremely simple and systematic. A particular database is also present
within the biometric authentication system. It is responsible for storing and capturing the
information or data of the person. When any particular person tries to enter the building,
office, school or college, the biometric system automatically matches its previously existing
data with the new data (Xu, Zhou & Lyu, 2014). If the data is matched, the person is allowed
to enter and if the data does not match with the database, he will not be able to enter into the
building. Thus, it helps to restrict the entry of forged data or information within the system.
Various kinds of biometric authentication system are present in today’s world. The most
popular and significant amongst all these are the voice recognition, fingerprint recognition,
retina scans, face recognition, palm geometry scan, and iris scan. Some more of them are also
present.
This particular authentication system is supposed to provide various advantages more
to the society (Von Solms & Van Niekerk, 2013). However, some people are still present
who does not want to be the part of the biometric authentication system and rather want to
continue the traditional or manual system of attendance or authentication. They still lock their
phones with passwords. There are few reasons present for this. The most important and
significant reasons with significant solutions are given below:
i) Lack of Accuracy: This is the most significant problem as biometric authentication
system often does not given the 100% accurate or correct data and information to all of its
users. Because of this lack of data accuracy, many users are still reluctant to use the biometric
system.
This problem could be easily resolved with the help of several metrics such as FRR or
FAR. FRR is the False Rejection Rate and FAR is the False Acceptance Rate (Andress,
2014).
ii) Need of Extra Hardware: The next significant problem is the need of the extra
hardware. Any building, while implementing the biometric authentication system within it,
also has to install an additional hardware, which is solely required for it.
However, this particular problem could be easily resolved by installing cheap
hardware or biometric systems.
iii) Password Reset: The third significant problem is the difficulty in password
resetting. People cannot reset their passwords easily and thus they are reluctant to use this.
This particular problem could be easily resolved by regulations of PCI-DDS and
HIPAA (Lu et al., 2015).

6
INFORMATION SECURITY
Question 4
The most significant reason of using the system for biometric authentication is that
the entire system is extremely simple and easier to install. Thus, this system can be easily
used by the users. These users who are using the biometric authentication system do not have
to know much about the technology and even if people cannot understand technology, they
have the ability to implement as well as use this system (Peltier, 2016).
In current situation, biometric authentication system is being used by many offices,
schools, colleges and universities to stop the entry of forged attendance or forged data. The
biometric authentication system with the presence of information system within it makes the
process extremely simple and systematic. People even utilize the biometric system to lock as
well as unlock their phones or computer systems. As the biological attributes could not be
given to anyone, it is extremely safe to utilize biometric systems.
This type of identification is done with the help of two types of characteristics. Either
it is behavioural or it is physiological. The behavioural characteristics refer to the behaviour,
voice and gait of an individual; whereas the physiological characteristics refer to the several
features of the body parts of that person (Peltier, 2016). The various physiological attributes
are the fingerprint recognition, retina scans, face recognition, iris scan, voice recognition, and
palm geometry scan.
Although all these benefits are being provided by the biometric authentication system,
there are some demerits as well. The most significant demerit of the biometric authentication
system is false negative rates. These types of problems are extremely vital if the user is in a
tough situation. He or she is unable to access their own objects since there is a minor problem
in the information system. This type of situation is even more dangerous and threatening than
the false positive rates. Both of these false negative and false positive are complementary
with one another.
There are several circumstances, where these kinds of issues occur. Two such
examples of these situations are provided where the false negative rates are more dangerous
than the false positive rates.
i) Restricted Access to Own Objects: This is the first and the most important
circumstance where the access to the own object is restricted to the user because of the
problem in information system or its database (Xu, Zhou & Lyu, 2014). The most basic
problem that arises in the biometric authentication system is the non resistivity to water or
sweat. The users thus suffer from dangerous problems.
ii) Failure in Recognizing Patients: The next significant situation is when a person
has suffered cardiac arrest or has burnt fingers or other body parts defected. They would not
be able to give their biometric passwords in spite of being the authenticated users.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
INFORMATION SECURITY
Question 5
1st part
Transposition can be termed as the most significant method for encrypting any
important or confidential text. Certain algorithms are present for doing this phenomenon. In
cryptography, transposition is a specific process where all the positions of any particular plain
text are eventually moved to all types of regular systems. Any common letter or character is
known as a plain text and can be encrypted with the help of this transposition cipher. This
type of encryption is solely done with the help of permutation (Singh, 2013). The algorithm
simply per mutates all the characters or letters of the plain text. The most suitable form of any
transposition cipher is rail fence cipher. It follows the basic sequence of encrypting any text
properly and significantly. One after another letter or characters in the plain text are
encrypted with the help of this particular cryptography. The most significant advantage of the
columnar transposition over the substitution encryption methodology is that they could be
utilized various times for decrypting a cipher text.
2nd part
After using algorithms for Caesar cipher and substitution for George’s company, the
cipher text could be decrypted.
Plain text: NTJWKHXK AMK WWUJJYZTX MWKXZKUHE
Substitution key: 234
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Encrypted Text N T J W K H X K
Numeric value 14 20 10 23 11 8 24 11
Substitution Key 2 3 4 2 3 4 2 3
Decoded from the substitution
cipher 12 17 6 21 8 4 22 8
Shifting as Caeser cipher 3 3 3 3 3 3 3 3
Decoded from Caeser cipher 9 14 3 18 5 1 19 5
Decoded Text I N C R E A S E
Encrypted Text A M K
Corresponding numeric value 1 13 11
Substitution Key 4 2 3

8
INFORMATION SECURITY
Decoded from substitution
cipher 23 11 8
Shifting as Caeser cipher 3 3 3
Decoded from caeser cipher 20 8 5
Decoded Text T H E
Encrypted Text W W U J J Y Z T X
Corresponding numeric value 23 23 21 10 10 25 26 20 24
Substitution Key 4 2 3 4 2 3 4 2 3
Decoded from substitution cipher 19 21 18 6 8 22 22 18 21
Caeser cipher shift 3 3 3 3 3 3 3 3 3
Decoded from caeser cipher 16 18 15 3 5 19 19 15 18
Decoded Text P R O C E S S O R
Encrypted Text M W K X Z K U H E
Corresponding numeric value 13 23 11 24 26 11 21 8 5
Substitution Key 4 2 3 4 2 3 4 2 3
Decoded from substitution cipher 9 21 8 20 24 8 17 6 2
Shifting Caeser cipher 3 3 3 3 3 3 3 3 3
Decoded from caeser cipher 6 18 5 17 21 5 14 3 25
Decoded Text F R E Q U E N C Y
Hence, the decrypted text for the provided text of NTJWKHXK AMK WWUJJYZTX
MWKXZKUHE is
INCREASE THE PROCESSOR FREQUENCY.

9
INFORMATION SECURITY
References
Andress, J. (2014). The basics of information security: understanding the fundamentals of
InfoSec in theory and practice. Syngress.
Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., & Savvides, M. (2015).
Biometric authentication on iphone and android: Usability, perceptions, and
influences on adoption. Proc. USEC, 1-2.
De Gramatica, M., Labunets, K., Massacci, F., Paci, F., & Tedeschi, A. (2015, March). The
role of catalogues of threats and security controls in security risk assessment: an
empirical study with ATM professionals. In International Working Conference on
Requirements Engineering: Foundation for Software Quality (pp. 98-114). Springer,
Cham.
Frank, M., Biedert, R., Ma, E., Martinovic, I., & Song, D. (2013). Touchalytics: On the
applicability of touchscreen input as a behavioral biometric for continuous
authentication. IEEE transactions on information forensics and security, 8(1), 136-
148.
Lu, Y., Li, L., Peng, H., & Yang, Y. (2015). An enhanced biometric-based authentication
scheme for telecare medicine information systems using elliptic curve
cryptosystem. Journal of medical systems, 39(3), 32.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. CRC Press.
Singh, G. (2013). A study of encryption algorithms (RSA, DES, 3DES and AES) for
information security. International Journal of Computer Applications, 67(19).
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), 217-
224.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.
Xu, H., Zhou, Y., & Lyu, M. R. (2014, July). Towards continuous and passive authentication
via touch biometrics: An experimental study on smartphones. In Symposium On
Usable Privacy and Security, SOUPS (Vol. 14, pp. 187-198).