Information Security: ATM Requirements, Biometric Authentication, Encryption Methods
Verified
Added on  2023/06/14
|10
|1864
|148
AI Summary
This article discusses the requirements for ATM cards, biometric authentication, and encryption methods for information security. It covers confidentiality, integrity, and availability, and provides examples of each. The article also explains the rail fence cipher and its decryption process. Course code and college/university are not mentioned.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: INFORMATION SECURITY Information Security Name of the Student Name of the University Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1 INFORMATION SECURITY Table of Contents Question 1..................................................................................................................................2 Question 2..................................................................................................................................4 Question 3..................................................................................................................................5 Question 4..................................................................................................................................6 Question 5..................................................................................................................................7 References..................................................................................................................................9
2 INFORMATION SECURITY Question 1 Automated Teller Machine or an ATM is used for the purpose of withdrawing cash without even visiting to the bank or without interacting with the bank staff members. Three important requirements are present for the ATM card and the PIN. They are as follows: i)Confidentiality: It is the other name for privacy and it helps to maintain the privacy of the ATM card. Under no circumstances, the confidentiality of the card should be lost. The user would major losses if this type of situation arrives (Peltier, 2013). The degree of importance of confidentiality is high since, unsecured PIN during the transactions can lead to the compromise of the bank account and therefore, encryption must be present. The examples of confidentiality in ATM system are as follows: a) The details of the ATM card and PIN are extremely confidential and should not be lost. b) Presence of the ATM card while making a transaction is mandatory. ii)Integrity: The data integrity is the next important requirement in ATM. The PIN could be changed by the hackers and the users should ensure that this type of situation does not arrive. The degree of importance of integrity is high as if any hacker or thief gets hold of the ATM card or PIN; they might change the data for the purpose of withdrawing money. Hence, data integrity should be maintained properly. The examples are as follows:
3 INFORMATION SECURITY a) Altering of data without taking permission from the user. b) Unintentional data deletion is again an important example (Siponen, Mahmood & Pahnila, 2014). iii)Availability: The next requirement is the availability of valid information and hardware. If these would be absent, it is impossible to execute any transaction. The degree of importance of availability of information and hardware is extremely high as without the information of PIN, ATM card and the ATM, it is impossible to use them. The examples are as follows: a) Availability of valid information related to ATM card and PIN. b) Availability of hardware for making the transaction.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 INFORMATION SECURITY Question 2 According to the given scenario, the thief wants to discover the PIN of the customer. There is a process to find out the PIN of the customer. There are four keys in a PIN and for discovering the accurate PIN of the customer; the thief should undergo a series of permutations. The series of the PIN of the customer can be from 0 to 9. Available keys = 4. Keys broken in the keypad= 5. Hence, the total no of probabilities for detecting the PIN is 5P4= 5!/(5 - 4)! = 5!/4! = 120. Therefore, the thief can detect the correct PIN up to 120 ways. However, only 3 times the PIN could be given. After the third wrong attempt, the ATM card would be automatically blocked.
5 INFORMATION SECURITY Question 3 Biometric authentication system is utilized for identifying any particular individual with the help of his or her biological traits and attributes. A database is maintained in this purpose, where the data is matched with the previously existing data. When the data is matched, the person is termed as authorized, else unauthorized (Bhagavatula et al., 2015). Themostsignificantexamplesofbiometricauthenticationsystemarethefingerprint recognition, face or voice recognition, retina scan and iris scan. However, in spite of all these advantages, biometric authentication system is still not used by few people. The main reasons with their solutions for this are given below: i)ExtraHardwareisRequired:Whenbiometricauthenticationsystemis implemented in any office or school, the hardware for it is also installed. This often exceeds the budget of the office or school. Hence, people are still reluctant in utilizing this system. To solve this problem, cheap machines are available in the market that does not incur huge cost and does not exceed the budget limit (De Gramatica et al., 2015). ii)Lack of Data Accuracy: Biometric authentication system should not provide data accuracy and thus the data is not always 100% correct. To solve this problem, metrics like False Acceptance Rate and False Rejection Rate are utilized that determine the accuracy. iii)Password Resetting: The third problem is password resetting. It is extremely difficult to reset the password. To solve this problem, regulations like PCI-DDS and HIPAA can be used.
6 INFORMATION SECURITY Question 4 Biometric authentication system is the procedure of recognition of any specific individual with the help of his or her biological traits and attributes. These are exclusively utilized for uniquely identifying the person. This type of authentication is also used to lock or unlock any phone, laptop or any other computing device. Thebiometricidentificationisdoneeitherbyphysiologicalor bybehavioural features. The physiological features include the body parts like fingerprint recognition, face or voice recognition, retina scan and iris scan (De Gramatica et al., 2015). The behavioural attributes include the behaviour, voice and gait of the person. Many times, there are certain situations, where the false negative rates get higher and serious than the false positive rates. The examples of two such situations are as follows: i)Accessing Own Objects: Often due to minor problem in the information system within the biometric machine, the owner of the object is unable to get hold of it as the biometric machine cannot take the password or the biological trait of the user. ii)Failure in Recognition of Patients: The patients often cannot give the biometric password properly either due to their cardiac arrest, or burnt fingers (Bhagavatula et al., 2015). This can lead to major problems as they would not be able to access their own possessions because of the problem in giving the passwords.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7 INFORMATION SECURITY Question 5 In cryptography, transposition is the best method for encryption. Rail fence cipher is the best form of the transposition cipher that is used for decrypting the encrypted cipher in a proper sequence (Singh, 2013). It is extremely effective and could be executed quickly. George decided to send the instructions completely encrypted under Caesar cipher by following one after another. The substitution key is 234 and the cipher text is NTJWKHXK AMK WWUJJYZTX MWKXZKUHE. After using the algorithms of Caesar cipher and substitution, the given encrypted text could be decrypted as: ABCDEFGHIJKLMNOPQRSTUVWXYZ 1234567891011121314151617181920212223242526 Encrypted TextNTJWKHXK Numeric value142010231182411 Substitution Key23423423 Decoded from the substitution cipher121762184228 Shifting as Caeser cipher33333333 Decoded from Caeser cipher91431851195 Decoded TextINCREASE Encrypted TextAMK Corresponding numeric value11311 Substitution Key423
8 INFORMATION SECURITY Decodedfromsubstitution cipher23118 Shifting as Caeser cipher333 Decoded from caeser cipher2085 Decoded TextTHE Encrypted TextWWUJJYZTX Corresponding numeric value232321101025262024 Substitution Key423423423 Decoded from substitution cipher1921186822221821 Caeser cipher shift333333333 Decoded from caeser cipher1618153519191518 Decoded TextPROCESSOR Encrypted TextMWKXZKUHE Corresponding numeric value1323112426112185 Substitution Key423423423 Decoded from substitution cipher9218202481762 Shifting Caeser cipher333333333 Decoded from caeser cipher61851721514325 Decoded TextFREQUENCY Hence, the decrypted text for the provided text of NTJWKHXK AMK WWUJJYZTX MWKXZKUHE is INCREASE THE PROCESSOR FREQUENCY.
9 INFORMATION SECURITY References Andress, J. (2014).The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress. Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., & Savvides, M. (2015). Biometricauthenticationoniphoneandandroid:Usability,perceptions,and influences on adoption.Proc. USEC, 1-2. De Gramatica, M., Labunets, K., Massacci, F., Paci, F., & Tedeschi, A. (2015, March). The role of catalogues of threats and security controls in security risk assessment: an empirical study with ATM professionals. InInternational Working Conference on Requirements Engineering: Foundation for Software Quality(pp. 98-114). Springer, Cham. Peltier, T. R. (2013).Information security fundamentals. CRC Press. Singh, G. (2013). A study of encryption algorithms (RSA, DES, 3DES and AES) for information security.International Journal of Computer Applications,67(19). Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study.Information & management,51(2), 217- 224.