Information Security: Examples of Confidentiality, Integrity and Availability Requirements Associated with ATM Machines

Verified

Added on 2023/06/13

AI Summary

This article discusses the examples of confidentiality, integrity and availability requirements associated with ATM machines. It also provides a calculation for the maximum number of PINs that a thief might have to enter before correctly discovering a customer's PIN, reasons why people may be reluctant to use biometrics and ways to counter those objections, and a description of two circumstances where false negatives are significantly more serious than false positives. Additionally, it explains how a piece of cipher text can be determined quickly if it was likely a result of a transposition and provides a deciphered plain text for the Caesar cipher.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1INFORMATION SECURITY
1. Examples of confidentiality, integrity and availability requirements associated ATM
machines describing the degree of importance for each requirement.
Automated Teller Machines or ATMs have become one of the integral parts of a
common mass nowadays. It has made lives easier with the ready availability of cash in case
of an emergency or by making people travel safely going cashless (Sharma, Misra & Misra,
2014). However, Automated Teller Machines or ATMs express the examples of
confidentiality, integrity and availability. These examples would be further described with the
degree of importance for each as below:
Confidentiality: A customer uses the unique access PINs or Personal Identification
Numbers to access their personal bank accounts using ATM cards. Therefore, it is natural that
a customer expects the PIN to be extremely confidential in every transaction made between
the host system and the bank server along the line of communication (Bachu, 2017). The
degree of importance for this requirement is very high since a PIN should be appropriately
encrypted otherwise it may lose the level of confidentiality is it supposed to possess.
Otherwise, there is a chance that the account could be compromised.
Integrity: Integrity of an Automatic Teller Machine or ATM is only maintained when
the customer’s expectation of zero malevolent or inadvertent changes in his or her
transactions is sustained (Katz & Lindell, 2014). The degree of importance of having
integrity in ATM machines should be high since it directly affects a customer’s personal
account while transactions are happening.
Availability: ATM machines have become a necessity and it has now become a need.
It is not always possible for a customer to rush to a nearby bank to access account details or
withdraw cash. It is even possible a bank holiday has occurred when a customer is in dire
necessity of instant cash. The degree of importance of the availability of ATM machines is
even necessary for the banks since it would increase the economic growth of a bank.
Therefore, it is necessary that an ATM should be made available at almost all times.
2. Calculation for the maximum number of PINs that the thief might have to enter
before correctly discovering a customer’s PIN.
The thief was able to jam the card reader and five keys of the Automated Teller
Machine. Therefore, there are four keys left for guessing the password of the person who had
a successful transaction after the forgery was done.
The number of keys left = 4
The maximum number of PINs that the thief would require to guess the correct PIN of
the customer who had a successful transaction would be the permutation of the total number
of keys and the number of combinations that the keys can deliver, that is, 5!/(5-4)!
The result equals to 120 times. Therefore, the thief has to enter a maximum of 120
times before guessing the correct PIN.

2INFORMATION SECURITY
3. Three reasons why people may be reluctant to use biometrics and ways to counter
those objections
Biometric systems require the intimate details of the behaviour and body determinants
of a person because these attributes are unique to a person. Therefore, it is necessary to keep
in mind the cultural, legal as well as the social contexts before deploying a biometric system
(Ketab, Clarke & Dowland, 2016). Due to the infiltration of these intimate details, many
people display reluctance in using biometric systems.
The social issues that may form an obligation for using biometric can be manifold. A
person may find it unsafe to give away their photographs or face attributes for this system for
they may have doubt about these information to be used for some unauthorized activity.
Some may even have obligations to give away their face details because of any deformity
present in their face, such as burn marks or scars. In some cultures, there may be a prime
significance of long nails, but having those limits a person to place their fingers in the
biometric system for fingerprint details. Moreover, it is beyond the moral rights of a person to
ask for these intimate details about any person without their consent since maintaining
privacy of intimate data is a lawful right.
Countering these objections to make people use the biometric systems can either be
done by evoking the fear of violating law or by making people understand the discrete nature
of the information that is recorded through this system for the unique identification attributes
of each person. This may counter the cultural and legal obligations. It is important that people
be made to understand the fact that the use of biometric is absolutely safe as it is encrypted at
a firmware level that it is device specific and information stored can never be duplicated from
one device to another.
4. Description of two circumstances where false negatives are significantly more serious
than false positives
False negatives are the situations when a system denies a condition when it has
existence, where on the other hand, false positives are the situations where system accepts a
condition even if it has no existence in real.
In biometrics, false positives are more severe than the false positives. For example, if
a biometric system does not acknowledge the fingerprint of authorized personnel as
permeable, the incident is a false positive issue that is still manageable (Martinovic et al.,
2017). However, accepting the biometrics of an unauthorized malicious person is a false
negative case, which has the potential to wreck havoc in the system.
Again, in another case if a person installs a biometric lock in a safe but the false
positive situation do not allow his identification as authorized is hazardous but safer than the
situation where it allows a thief the access to open the lock in a false negative situation
(Eberz et al., 2017). This is a much more dangerous situation when the thief would be
provided with the facility of the safe being opened and his job to be completed.

3INFORMATION SECURITY
5. a) One way that a piece of cipher text can be determined quickly if it was likely a
result of a transposition
Transposition is a method of encryption that is different from the other models as this
system deals with the permutation of the position of a plaintext (Pandey & Verma, 2015).
Many techniques are followed to encrypt a text in the transposition method. One of them is
the reverse order method that explains a cipher text decryption easily (Konheim, 2016). For
example, a reverse order cipher text written in transposition as “LUFITUAEB SI DLROW
EHT” can be easily and quickly deciphered in reverse order as “THE WORLD IS
BEAUTIFUL”.
5. b) Deciphering the plain text for the Caeser cypher “NTJWKHXK AMK
WWUJJYZTX MWKXZKUHE” with key 234 that George wanted to send his
employees.
Solution
Encrypted Text N T J W K H X K
Corresponding numeric value 1
4
20 1
0
23 11 8 24 1
1
Key 2 3 4 2 3 4 2 3
Decoded from the substitution cipher 1
2
17 6 21 8 4 22 8
Caeser cipher shift 3 3 3 3 3 3 3 3
Decoded from the caeser cipher 9 14 3 18 5 1 19 5
Decoded Text I N C R E A S E
Encrypted Text A M K
Corresponding numeric value 1 13 1
1
Key 4 2 3
Decoded from the substitution cipher 2
3
11 8
Caeser cipher shift 3 3 3
Decoded from the Caeser cipher 2
0
8 5
Decoded Text T H E
Encrypted Text W W U J J Y Z T X
Corresponding numeric value 2
3
23 2
1
10 10 2
5
26 2
0
24
Key 4 2 3 4 2 3 4 2 3
Decoded from the substitution cipher 1
9
21 2
1
6 8 2
2
22 1
8
21

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4INFORMATION SECURITY
Caeser cipher shift 3 3 3 3 3 3 3 3 3
Decoded from the Caesar cipher 1
6
18 1
8
3 5 1
9
19 1
5
18
Decoded Text P R O C E S S O R
Encrypted Text M W K X Z K U H E
Corresponding numeric value 1
3
23 1
1
24 26 1
1
21 8 5
Key 4 2 3 4 2 3 4 2 3
Decoded from the substitution cipher 9 21 8 20 24 8 17 6 2
Caeser cipher shift 3 3 3 3 3 3 3 3 3
Decoded from the Caesar cipher 6 18 5 17 21 5 14 3
Decoded Text F R E Q U E N C Y
Therefore, the plain text that George had sent his employees was “INCREASE THE
PROCESSOR FREQUENCY”.

5INFORMATION SECURITY
Reference
Bachu, S. (2017). Three-step authentication for ATMs.
Eberz, S., Rasmussen, K. B., Lenders, V., & Martinovic, I. (2017, April). Evaluating
behavioral biometrics for continuous authentication: Challenges and metrics.
In Proceedings of the 2017 ACM on Asia Conference on Computer and
Communications Security (pp. 386-399). ACM.
Katz, J., & Lindell, Y. (2014). Introduction to modern cryptography. CRC press.
Ketab, S. S., Clarke, N. L., & Dowland, P. S. (2016). The Value of the Biometrics in
Invigilated E-Assessments.
Konheim, A. G. (2016). Automated teller machines: their history and authentication
protocols. Journal of Cryptographic Engineering, 6(1), 1-29.
Martinovic, I., Rasmussen, K., Roeschlin, M., & Tsudik, G. (2017). Authentication using
pulse-response biometrics. Communications of the ACM, 60(2), 108-115.
Pandey, R. M., & Verma, V. K. (2015). Data Security using Various Cryptography
Techniques: A recent Survey.
Sharma, A., Misra, P. K., & Misra, P. (2014). A Security Measure for Electronic Business
Applications. International Journal of Computer Applications, 102(7).