Information Security: ATM, Biometric Authentication, Encryption

Verified

Added on  2023/06/14

|9
|3313
|419
AI Summary
This article discusses the importance of Information Security and covers three major topics: ATM, Biometric Authentication, and Encryption. It explains the working of ATM, the three requirements of the ATM system, and the advantages of using it. It also covers the biometric authentication system, its types, advantages, and disadvantages. Lastly, it discusses the method of transposition in cryptography and Caesar cipher.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
INFORMATION SECURITY
Table of Contents
Question 1..................................................................................................................................2
Question 2..................................................................................................................................3
Question 3..................................................................................................................................4
Question 4..................................................................................................................................5
Question 5..................................................................................................................................6
References..................................................................................................................................8
Document Page
2
INFORMATION SECURITY
Question 1
ATM or an Automated Teller Machine can be simply defined as an electronic device
of telecommunications that helps in the successful withdrawal of cash from the bank account
of any specific customer (Peltier, 2016). This particular customer should have a bank account
that is active and comprises of balance in it. If the bank account will not be having money in
it, the customer will not be able to withdraw any cash.
Each and every user of the Automated Teller Machine is provided with a unique PIN
or personal identification number and an ATM card. This PIN is a four digits number that is
unique for every ATM card. The user keeps this particular information absolutely private and
secret and does not reveal it to anyone. The process of ATM is very simple. At first, the user
has to punch his ATM card into the card reader of the machine (Andress, 2014). Once, this
process is over, he would then punch the four digits personal identification number or PIN in
the keypad of the Automated Teller Machine. When all the operations of this ATM machine
are successfully executed by any user, then online he is able to withdraw cash from the
account. The use of ATM card properly significantly makes the user absolutely authorized,
sanctioned and authenticated.
There are three important requirements in the maintenance of the Automated Teller
Machine system. These three requirements are commonly termed as CIA or confidentiality,
integrity and the availability. When these features will not be available with an ATM, there
is a high chance that the ATM system might not be secured enough. The proper and
significant explanations of all the three requirements and their examples are given below:
i) Confidentiality: The most important criterion of ATM systems, confidentiality, is
used for determining the privacy of the card. One and only authorized users would be using
this card and the PIN; this is solely maintained by the requirement of confidentiality.
Following are the two important examples of confidentiality in case of an ATM card
(Andress, 2014).
a) The number that is written on the card and the PIN should not be revealed to other
users.
b) The second example of confidentiality in the ATM card is that the card should be
present in any type of transaction.
ii) Integrity: This is the second requirement and it helps to maintain the data integrity.
The details of the ATM card of an authorized user are thoroughly checked by this. The two
examples are as follows:
a) The data of the ATM card should not be altered at any point (Peltier, 2016).
b) Intentional or unintentional removal of data or information is the next example in
this scenario.
iii) Availability: The third requirement in CIA is availability. Information as well as
the hardware should be available for all transactions. The two examples are as follows:
a) Presence of adequate information to do any transaction.
b) Presence of information system or hardware for the machine.
Document Page
3
INFORMATION SECURITY
Question 2
The most significant feature of ATM or an Automated Teller Machine is that this
ATM card does not provide any type of credit services. All types of financial transactions
could be easily and promptly executed with the help of this Automated Teller Machine. It is
extremely popular as well as useful for all the users in the world and ATMs are almost
present in every city or country or even in the suburbs. The cash deposits or balance checking
are easily done with this ATM or Automated Teller Machine (De Gramatica et al., 2015). In
present days, as soon as a user creates his or her bank account in any bank, the instant ATM
card is provided to them. This instant ATM card contains the unique identification number
and the PIN. These ATMs or Automated Teller Machines are extremely important and
needful in today’s world. It stores the money and is available 24*7 for its clients. People do
not have to visit to the bank to withdraw cash on an emergency basis.
As per the given scenario, a thief has broken the Automated Teller Machine or an
ATM after using a screwdriver and finally has jammed the card reader of that particular ATM
machine. Next, this thief has broken the five keys from the keypad of the ATM.
However, this thief has to stop of stealing money from ATM in the middle; a
customer has come to withdraw some cash from his account. Thus, the thief has hidden from
the customer and thus stopped his breaking of machine. The customer did not notice the thief
(Siponen, Mahmood & Pahnila, 2014). He entered his ATM card in the machine, then
punched the four digits of is PIN number and finally entered the amount to be withdrawn.
The cash came out and thus he was successful in making the transaction.
After the cash withdrawal, the customer tried to pull out his card. However, since the
thief has already jammed the card reader, he s unable to do so. He thus, goes out for calling of
help for withdrawing this ATM card from the machine.
Meanwhile, the thief comes out and tried to know about the PIN number of the user.
As the card was already present in the card reader, it would be easier if he could know the
PIN of the card.
There is a procedure to know the PIN of the customer. Four keys are present in a card.
Thus, the total number of possibilities of permutation of those four keys is as follows:
5P4 = 5!/(5 - 4)! = 5!/4! = 120.
The thief can detect the correct PIN in 120 ways of permutation.
Various factors of security are present in all the Automated Teller Machines. There is
a restriction in entering these keys in an ATM machine. Only 3 times the card can be entered.
After the third wrong detection, automatically the ATM card would be jammed or blocked.
Thus, the thief should be careful enough.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4
INFORMATION SECURITY
Question 3
The specific system for the authentication of biometric with various biological traits
and attributes is termed as the biometric authentication system. These biological traits are
extremely important for any individual to identify the person uniquely and significantly
(Bhagavatula et al., 2015). These types of biometric authentication are utilized in each and
every school, college or offices. They use this particular system for marking the attendance of
their students and thus making them perfect and accurate.
Biometric authentication system comprises of an information system within it and this
presence of information system makes all the operations of the biometric authentication
system extremely simple and systematic. A typical database in present in the biometric
authentication system. It eventually stores and captures the data or the information of a
person. When any person tries to enter the building, office, school or college, the biometric
system automatically matches its previously existing data with the new data (Frank et al.,
2013). If the data is matched, the person is allowed to enter and if the data does not match
with the database, he will not be able to enter into the building. Thus, it helps to restrict the
entry of forged data or information within the system. Various kinds of biometric
authentication system are present in today’s world. The most popular and significant amongst
all these are the fingerprint recognition, retina scans, face recognition, palm geometry scan,
voice recognition, and iris scan.
This particular authentication system is supposed to provide various advantages more
to the society. However, some people are still present who does not want to be the part of the
biometric authentication system and rather want to continue the traditional or manual system
of attendance or authentication (Bhagavatula et al., 2015). They still lock their phones with
passwords. There are subsequently few reasons present for this. The most important and
significant reasons with proper remedies are given below:
i) Lacking of Data Accuracy: This is the most important problem as biometric
authentication system often does not given the 100% accurate or correct data and information
to all of its users. Because of this lack of data accuracy, many users are still reluctant to use
the biometric system.
However, this particular problem can be easily solved with the help of several metrics
such as FRR or FAR. FRR is the False Rejection Rate and FAR is the False Acceptance Rate
(Frank et al., 2013).
ii) Requiring Additional Hardware: The second problem is the requirement of
additional hardware. The offices, while implementing the biometric authentication system,
also have to install the extra hardware that is required for it.
However, this particular problem can be easily solved by installing cheap hardware or
biometric systems.
iii) Password Resetting: The third problem is the issue of password resetting. People
cannot reset their passwords easily.
However, this particular problem can be easily solved by regulations of HIPAA ad
PCI-DDS.
Document Page
5
INFORMATION SECURITY
Question 4
The main reason of utilization of biometric authentication system is that it is very
simple as well as easy to implement. Thus could be easily implemented by all users. The
users who are using the biometric authentication system do not have to know much about the
technology and even if people cannot understand technology, they have the ability to
implement as well as use this system (Xu, Zhou & Lyu, 2014).
This particular system is utilized by an individual or person in proper recognition and
identification of himself with the help of various biological attributes or traits. In current
situation, biometric authentication system is being used by many offices, schools, colleges
and universities to stop the entry of forged attendance or forged data. The biometric
authentication system with the presence of information system within it makes the process
extremely simple and systematic (Lu et al., 2015). People even utilize the biometric system to
lock as well as unlock their phones or computer systems. Since biological traits cannot be
shifted or stolen by anyone, it is considered as one of the safest modes to use biometric
systems.
This type of identification is done with the help of two types of characteristics. Either
it is behavioural or it is physiological. The behavioural characteristics refer to the behaviour,
voice and gait of an individual; whereas the physiological characteristics refer to the several
features of the body parts of that person. The various physiological attributes are the
fingerprint recognition, retina scans, face recognition, palm geometry scan, voice recognition,
and iris scan.
Although all these benefits are being provided by the biometric authentication system,
there are some demerits as well. The most significant demerit of the biometric authentication
system is false negative rates. These types of problems are extremely vital if the user is in a
tough situation. He or she is unable to access their own objects since there is a minor problem
in the information system (Xu, Zhou & Lyu, 2014). This type of situation is even more
dangerous and threatening than the false positive rates. Both of these false negative and false
positive are complementary to each other.
There are few situations or circumstances, where these types of problems can occur.
Following are the two examples of these situations where the false negative rates are more
dangerous than the false positive rates.
i) Restricted Access to Own Objects: This is the first and the most important
circumstance where the access to the own object is restricted to the user because of the
problem in information system or its database. The most basic problem that arises in the
biometric authentication system is the non resistivity to water or sweat (Lu et al., 2015).
People face major problem due to this.
ii) Failure to Recognize Patients: Suppose a person is suffering from cardiac arrest
and thus he has to contact to his doctors. Even if he contacts with them, the doctors cannot
reach him as the doors are locked by biometric authentication system.
Document Page
6
INFORMATION SECURITY
Question 5
1st part
The best method for the encryption of any confidential information is known as the
method of transposition in cryptography. It is the significant procedure in which the positions
of the plain text are shifted to the regular systems. This plain text can be anything; right from
all the common letters or characters. The encryption is done by permutation of the characters
of the plain text (Singh, 2013). Rain fence cipher is the best form of transposition cipher.
Columnar transposition over methodology of substitution encryption has an important
advantage of usability of algorithms many times. For the purpose of decrypting the cipher
text, columnar transposition comprises of two steps.
2nd part
George’s company for preventing the leakage of any type of information while
transmission, George decided to send the instructions completely encrypted under Caesar
cipher by following one after another (Von Solms & Van Niekerk, 2013).
The substitution key is 234 and the cipher text is NTJWKHXK AMK WWUJJYZTX
MWKXZKUHE.
After utilizing the algorithm of Caesar cipher and substitution, the given encrypted
text could be decrypted as:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Encrypted Text N T J W K H X K
Numeric value 14 20 10 23 11 8 24 11
Substitution Key 2 3 4 2 3 4 2 3
Decoded from the substitution
cipher 12 17 6 21 8 4 22 8
Shifting as Caeser cipher 3 3 3 3 3 3 3 3
Decoded from Caeser cipher 9 14 3 18 5 1 19 5
Decoded Text I N C R E A S E
Encrypted Text A M K
Corresponding numeric value 1 13 11
Substitution Key 4 2 3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7
INFORMATION SECURITY
Decoded from substitution
cipher 23 11 8
Shifting as Caeser cipher 3 3 3
Decoded from caeser cipher 20 8 5
Decoded Text T H E
Encrypted Text W W U J J Y Z T X
Corresponding numeric value 23 23 21 10 10 25 26 20 24
Substitution Key 4 2 3 4 2 3 4 2 3
Decoded from substitution cipher 19 21 18 6 8 22 22 18 21
Caeser cipher shift 3 3 3 3 3 3 3 3 3
Decoded from caeser cipher 16 18 15 3 5 19 19 15 18
Decoded Text P R O C E S S O R
Encrypted Text M W K X Z K U H E
Corresponding numeric value 13 23 11 24 26 11 21 8 5
Substitution Key 4 2 3 4 2 3 4 2 3
Decoded from substitution cipher 9 21 8 20 24 8 17 6 2
Shifting Caeser cipher 3 3 3 3 3 3 3 3 3
Decoded from caeser cipher 6 18 5 17 21 5 14 3 25
Decoded Text F R E Q U E N C Y
Therefore, the decrypted text for the given text of NTJWKHXK AMK WWUJJYZTX
MWKXZKUHE is
INCREASE THE PROCESSOR FREQUENCY.
Document Page
8
INFORMATION SECURITY
References
Andress, J. (2014). The basics of information security: understanding the fundamentals of
InfoSec in theory and practice. Syngress.
Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., & Savvides, M. (2015).
Biometric authentication on iphone and android: Usability, perceptions, and
influences on adoption. Proc. USEC, 1-2.
De Gramatica, M., Labunets, K., Massacci, F., Paci, F., & Tedeschi, A. (2015, March). The
role of catalogues of threats and security controls in security risk assessment: an
empirical study with ATM professionals. In International Working Conference on
Requirements Engineering: Foundation for Software Quality (pp. 98-114). Springer,
Cham.
Frank, M., Biedert, R., Ma, E., Martinovic, I., & Song, D. (2013). Touchalytics: On the
applicability of touchscreen input as a behavioral biometric for continuous
authentication. IEEE transactions on information forensics and security, 8(1), 136-
148.
Lu, Y., Li, L., Peng, H., & Yang, Y. (2015). An enhanced biometric-based authentication
scheme for telecare medicine information systems using elliptic curve
cryptosystem. Journal of medical systems, 39(3), 32.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. CRC Press.
Singh, G. (2013). A study of encryption algorithms (RSA, DES, 3DES and AES) for
information security. International Journal of Computer Applications, 67(19).
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), 217-
224.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.
Xu, H., Zhou, Y., & Lyu, M. R. (2014, July). Towards continuous and passive authentication
via touch biometrics: An experimental study on smartphones. In Symposium On
Usable Privacy and Security, SOUPS (Vol. 14, pp. 187-198).
1 out of 9
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]