IT Risk Management: Biometric Systems, Privacy-enhancing Technologies, and Wireless Sensor Networks
VerifiedAdded on 2024/07/01
|11
|2350
|188
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
ITC596
IT RISK MANAGEMENT
ASSESSMENT 2
1
IT RISK MANAGEMENT
ASSESSMENT 2
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Contents
A. Biometric Systems...................................................................................................................... 3
B. Privacy-enhancing technologies (PETs).....................................................................................7
C. Wireless sensor networks............................................................................................................9
References......................................................................................................................................12
List of Figures
Figure 1: Understanding biometric technology and biometric devices...........................................3
Figure 2:Biometric Identification Techniques.................................................................................4
Figure 3: Report: Bright Future for Iris Recognition.......................................................................6
2
A. Biometric Systems...................................................................................................................... 3
B. Privacy-enhancing technologies (PETs).....................................................................................7
C. Wireless sensor networks............................................................................................................9
References......................................................................................................................................12
List of Figures
Figure 1: Understanding biometric technology and biometric devices...........................................3
Figure 2:Biometric Identification Techniques.................................................................................4
Figure 3: Report: Bright Future for Iris Recognition.......................................................................6
2
A. Biometric Systems
A biometric system refers to the systems which consider a person’s any quantifiable physical
attributes that can be changed over into a computerized design for specific identification and
authentically verified. The biometric systems that are examined here are: -
1) Fingerprint
A fingerprint biometric system is acquiring finger impression electronically. It is the most
commonly used biometric system.
The local features of a fingerprint biometric are minutiae, ridge endings and ridge
bifurcations.
The global features of a fingerprint biometric are ridge orientation and pattern of ridges.
The fingerprints are used in different sectors like:-
Government sector: - For voter registration, border control, e-passport¸ national ID.
Business sectors: - To maintaining a record of, payroll management, time and
attendance, human resource management.
Finance and banking sector: - For customer identification, employee identification,
non- account holder identification, ATM machines.
Figure 1: Understanding biometric technology and biometric devices
The advantages of fingerprint biometric systems are:-
3
A biometric system refers to the systems which consider a person’s any quantifiable physical
attributes that can be changed over into a computerized design for specific identification and
authentically verified. The biometric systems that are examined here are: -
1) Fingerprint
A fingerprint biometric system is acquiring finger impression electronically. It is the most
commonly used biometric system.
The local features of a fingerprint biometric are minutiae, ridge endings and ridge
bifurcations.
The global features of a fingerprint biometric are ridge orientation and pattern of ridges.
The fingerprints are used in different sectors like:-
Government sector: - For voter registration, border control, e-passport¸ national ID.
Business sectors: - To maintaining a record of, payroll management, time and
attendance, human resource management.
Finance and banking sector: - For customer identification, employee identification,
non- account holder identification, ATM machines.
Figure 1: Understanding biometric technology and biometric devices
The advantages of fingerprint biometric systems are:-
3
High in uniqueness and permanency
Its universal form of the system used widely acceptable by every organisation.
High in the factor of accuracy.
The requirement of storage is low.
The disadvantages of fingerprint biometric systems are:
False readings may occur.
Costly
Time-consuming
For a few people, interruption happens because of the criminal examination.
2) Hand geometry:
Hand geometry biometric system is a compelling identification framework in which an
individual is recognized by the hand acknowledgement.
It is based on the extraction of finger-widths and palm- print features of hands.
The proposed hand geometry system follows two types:-
Hand geometry identification using shape context feature
Hand geometry identification using shape moment feature
Hand geometry is used for higher accuracy services at airports, government offices and in
many international corporations, the point of sales applications and employee time recording.
Figure 2: Biometric Identification Techniques
4
Its universal form of the system used widely acceptable by every organisation.
High in the factor of accuracy.
The requirement of storage is low.
The disadvantages of fingerprint biometric systems are:
False readings may occur.
Costly
Time-consuming
For a few people, interruption happens because of the criminal examination.
2) Hand geometry:
Hand geometry biometric system is a compelling identification framework in which an
individual is recognized by the hand acknowledgement.
It is based on the extraction of finger-widths and palm- print features of hands.
The proposed hand geometry system follows two types:-
Hand geometry identification using shape context feature
Hand geometry identification using shape moment feature
Hand geometry is used for higher accuracy services at airports, government offices and in
many international corporations, the point of sales applications and employee time recording.
Figure 2: Biometric Identification Techniques
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The advantages of hand geometry biometric systems are:-
High verification performance
Ease of integration
High acceptance of users
Suitable for all working environments
The disadvantages of hand geometry biometric system are:-
Device system for hand geometry is large
Changes in hand size
Not a highly unique system
Use of one hand only
3) Iris recognition:
Iris recognition is one of the trusted biometric systems in identifying a person.
Iris recognition takes high-resolution capture of the iris portion of the human eye.
Iris recognition consists of three ways that are:-
The very first step is the image is captured in the digital camera clearly so the
identification of iris can be done properly.
Locating the image and identifies the iris boundaries. The area which is suitable for
feature extraction is to be chosen.
Storage of biometric template and further processing will be done for matching. After
matching is done the verification is completed.
Application areas where iris recognition can be done are:-
Finance and banking area is widely using this system eliminating the use of time-
consuming systems like pin and passwords.
Health and welfare industry use this system for various mechanisms like maintaining
accurate identification of patients, by keeping records for repetitive treatments, the
arrangement of checkups and scheduling of appointments.
5
High verification performance
Ease of integration
High acceptance of users
Suitable for all working environments
The disadvantages of hand geometry biometric system are:-
Device system for hand geometry is large
Changes in hand size
Not a highly unique system
Use of one hand only
3) Iris recognition:
Iris recognition is one of the trusted biometric systems in identifying a person.
Iris recognition takes high-resolution capture of the iris portion of the human eye.
Iris recognition consists of three ways that are:-
The very first step is the image is captured in the digital camera clearly so the
identification of iris can be done properly.
Locating the image and identifies the iris boundaries. The area which is suitable for
feature extraction is to be chosen.
Storage of biometric template and further processing will be done for matching. After
matching is done the verification is completed.
Application areas where iris recognition can be done are:-
Finance and banking area is widely using this system eliminating the use of time-
consuming systems like pin and passwords.
Health and welfare industry use this system for various mechanisms like maintaining
accurate identification of patients, by keeping records for repetitive treatments, the
arrangement of checkups and scheduling of appointments.
5
Figure 3: Report: Bright Future for Iris Recognition
The advantages of the iris recognition biometric system are:-
It can even differentiate between identical twins
Highly protected system
Stability of the pattern throughout the life
Identification is done from a distance
The disadvantages of iris recognition system are:
Influenced by eyelashes, reflection and lenses
High storage capacity
Movement of the target creates interrupt in the process sometimes.
A very expensive system so not easily affordable.
6
The advantages of the iris recognition biometric system are:-
It can even differentiate between identical twins
Highly protected system
Stability of the pattern throughout the life
Identification is done from a distance
The disadvantages of iris recognition system are:
Influenced by eyelashes, reflection and lenses
High storage capacity
Movement of the target creates interrupt in the process sometimes.
A very expensive system so not easily affordable.
6
B. Privacy-enhancing technologies (PETs)
Privacy –enhancing technologies refers to eliminate the risk of unnecessary use of personal
data and information using privacy technology tools that help to control the data and
information.
With the use of privacy-enhancing technologies, the users are willing to how much and to
whom they have to share their personal and data information.
This technology is essential to secure the identities of the user which give customer
satisfaction.
Minimising the data storage time due to traffic on the networks.
The key element of privacy-enhancing technologies basic-anti tracking technologies, private
information retrieval, TTP based mechanisms, user collaborations, data perturbation.
The existing privacy-enhancing technologies are:
a) Identity management
Nowadays the transactions are more directed online by individuals whether it is for banking
purpose or business purposes or any other. All the transactions require the identity of the
individual. It is not a compulsory thing in some transactions but majorly identity is required.
Identity management is a form of trust between the individuals, organisations and the other
person to whom they are doing the transaction through identity. Different identities are provided
to every individual and it allows individual to minimise disclose of their personal information in
the online environment. Revocation of identity is done once the identity is used by the person.
Revocation of identity reduces the risk of identity theft. Mutual conformation is required to
authenticate the identities which minimize the risk of using personal data and information by
another person. For example- Online Transaction done in banks is an example of identity
management in which a one time password is generated by banks before giving authentication
for the procedure.
b) Data minimisation
Another existing privacy-enhancing technology is data minimisation. Data minimisation states
that data collected by the organisations and any other service provider should not be further used
for any other means. The minimisation of data leads to a reduction in providing personal
7
Privacy –enhancing technologies refers to eliminate the risk of unnecessary use of personal
data and information using privacy technology tools that help to control the data and
information.
With the use of privacy-enhancing technologies, the users are willing to how much and to
whom they have to share their personal and data information.
This technology is essential to secure the identities of the user which give customer
satisfaction.
Minimising the data storage time due to traffic on the networks.
The key element of privacy-enhancing technologies basic-anti tracking technologies, private
information retrieval, TTP based mechanisms, user collaborations, data perturbation.
The existing privacy-enhancing technologies are:
a) Identity management
Nowadays the transactions are more directed online by individuals whether it is for banking
purpose or business purposes or any other. All the transactions require the identity of the
individual. It is not a compulsory thing in some transactions but majorly identity is required.
Identity management is a form of trust between the individuals, organisations and the other
person to whom they are doing the transaction through identity. Different identities are provided
to every individual and it allows individual to minimise disclose of their personal information in
the online environment. Revocation of identity is done once the identity is used by the person.
Revocation of identity reduces the risk of identity theft. Mutual conformation is required to
authenticate the identities which minimize the risk of using personal data and information by
another person. For example- Online Transaction done in banks is an example of identity
management in which a one time password is generated by banks before giving authentication
for the procedure.
b) Data minimisation
Another existing privacy-enhancing technology is data minimisation. Data minimisation states
that data collected by the organisations and any other service provider should not be further used
for any other means. The minimisation of data leads to a reduction in providing personal
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
information on online transactions or while working online. This includes that the organisations
and services should ask only for essential and minimum personal data from an individual that is
required for them. Unnecessary personal information that is not relevant should not be asked
online.
It maintains customer trust and reduces the risk of unauthorised access and other security threats.
Data minimisation is practised by preparing a questionnaire and by filling verification details of
the individual and providing a unique identification number and password. In this, the data
cannot hold the data of the user for a longer period of time which eliminates the risk of leaking
the information and data.
c) Data tracking
Data tracking is an essential technique of privacy enhancing technology. It manages the data and
provides all the history of online transactions. This shows the user to whom their information is
shared. It provides transparency to every individual about the online transactions. The data is
tracked from end to end encryption in which all the history is stored so that the information of
the sender and receiver is transparent to each other. It helps in monitoring and tracks the visitors
on the website. It collects the statistical data about the visitors of the website which gives an
average idea of the visitors. The data can be tracked by doing funnel analytics, on-site
engagement analytics, marketing and customer analytics. Data tracking gives user satisfaction to
deal with online services as it has a transparency between them which build a trustable
relationship between a user and the other sources from whom they are dealing. Tracking of data
is also important for keeping in view avoiding criminal activities accessed through cyber
activities.
8
and services should ask only for essential and minimum personal data from an individual that is
required for them. Unnecessary personal information that is not relevant should not be asked
online.
It maintains customer trust and reduces the risk of unauthorised access and other security threats.
Data minimisation is practised by preparing a questionnaire and by filling verification details of
the individual and providing a unique identification number and password. In this, the data
cannot hold the data of the user for a longer period of time which eliminates the risk of leaking
the information and data.
c) Data tracking
Data tracking is an essential technique of privacy enhancing technology. It manages the data and
provides all the history of online transactions. This shows the user to whom their information is
shared. It provides transparency to every individual about the online transactions. The data is
tracked from end to end encryption in which all the history is stored so that the information of
the sender and receiver is transparent to each other. It helps in monitoring and tracks the visitors
on the website. It collects the statistical data about the visitors of the website which gives an
average idea of the visitors. The data can be tracked by doing funnel analytics, on-site
engagement analytics, marketing and customer analytics. Data tracking gives user satisfaction to
deal with online services as it has a transparency between them which build a trustable
relationship between a user and the other sources from whom they are dealing. Tracking of data
is also important for keeping in view avoiding criminal activities accessed through cyber
activities.
8
C. Wireless sensor networks
A wireless sensor network is a group of specialised networks for monitoring and recording
different parameters like temperature, , humidity, pressure, sound intensity, wind direction and
speed etc. Wireless sensor networks provide the information’s and avoid blockage between
networks through different security measures used in this system. The main aims of wireless
security aspects are to protect the resources and information of WSN which can be accomplished
through fulfilling some security requirements that are:
Confidentiality of resources should be there. The information should be provided only to
the particular channel for which it is required. Information should not leak to other
channels.
The integrity of resources should be there. Data should not be altered.
Data available on the network should be fresh and latest information should be there.
Node authentication is the prime motive of wireless sensor security issues. The node
should be authenticated from which the information is transferred.
Node authorization includes the genuine senders no fake users are entertained.
Wireless sensor architecture
The Wireless sensor architecture follows the OSI model. The WSN architecture is composed of
five layers and three cross layers which include:-
Five layers of Wireless sensor architecture –
1) Application layer - This layer includes data fusion and management, clock
synchronization and positioning.
2) Transport layer – It includes congestion control and reliability and use of wireless
protocols.
Network layer – This layer keep a check on the connectivity of network between two
nodes and how the two nodes talk to each other.
3) Data link layer- This includes the multiplexing of data frame detection, data streams,
error control and medium access.
4) Physical layer- In this layer, parameters include modulation scheme, hop distance and
transmit power.
9
A wireless sensor network is a group of specialised networks for monitoring and recording
different parameters like temperature, , humidity, pressure, sound intensity, wind direction and
speed etc. Wireless sensor networks provide the information’s and avoid blockage between
networks through different security measures used in this system. The main aims of wireless
security aspects are to protect the resources and information of WSN which can be accomplished
through fulfilling some security requirements that are:
Confidentiality of resources should be there. The information should be provided only to
the particular channel for which it is required. Information should not leak to other
channels.
The integrity of resources should be there. Data should not be altered.
Data available on the network should be fresh and latest information should be there.
Node authentication is the prime motive of wireless sensor security issues. The node
should be authenticated from which the information is transferred.
Node authorization includes the genuine senders no fake users are entertained.
Wireless sensor architecture
The Wireless sensor architecture follows the OSI model. The WSN architecture is composed of
five layers and three cross layers which include:-
Five layers of Wireless sensor architecture –
1) Application layer - This layer includes data fusion and management, clock
synchronization and positioning.
2) Transport layer – It includes congestion control and reliability and use of wireless
protocols.
Network layer – This layer keep a check on the connectivity of network between two
nodes and how the two nodes talk to each other.
3) Data link layer- This includes the multiplexing of data frame detection, data streams,
error control and medium access.
4) Physical layer- In this layer, parameters include modulation scheme, hop distance and
transmit power.
9
Three cross layers of wireless sensor architecture-
1) Mobility management plane
2) Power management plane
3) Task management plane
Threats and Vulnerabilities in Wireless sensor networks
Wireless sensor networks are vulnerable to various security attacks due to the failure of the
transmission medium, unauthorised privacy issues and physical attacks etc. Threats and
vulnerabilities in wireless sensor networks can be classified as Attacks against security
mechanisms and Attacks against basic mechanisms. The attacks classified in wireless sensor
networks are:-
1) Denial of service attack
In wireless sensor networks, denial of service attack is due to destroy of nodes unintentionally.
This happens when malicious data is transferred from one node to other unnecessary. The
different types of DOS attack are jamming, tampering, collisions, exhaustion, unfairness,
flooding, desynchronization and data integrity attack. This attack can be mitigated from WSN by
managing the traffic by analysing, authentication and verification of nodes.
2) The Sybil attack
In Wireless sensor networks, a Sybil attack is considered when a single node has many duplicate
identities. The identities must be secure so that it cannot be transferred. Use of multiple identities
from one node is known as Sybil attack. It includes multipath routing, distribution of storage and
maintenance of topology. This attack can be mitigated from wireless sensor network by
encryption and authentication techniques and public key cryptography can also use but it is an
expensive technique.
3) Blackhole attack
In this, a node acts as malicious named blackhole in which a particular sink attract the entire
traffic by advertising as the shortest route. Traffic management is affected by the collection of
nodes at specified networks due to which it affects the attack on nodes. The network architecture
of the blackhole attack is a traditional wireless sensor network. Prevention of blackhole attack in
wireless sensor networks can be done by applying methods of radio source testing.
10
1) Mobility management plane
2) Power management plane
3) Task management plane
Threats and Vulnerabilities in Wireless sensor networks
Wireless sensor networks are vulnerable to various security attacks due to the failure of the
transmission medium, unauthorised privacy issues and physical attacks etc. Threats and
vulnerabilities in wireless sensor networks can be classified as Attacks against security
mechanisms and Attacks against basic mechanisms. The attacks classified in wireless sensor
networks are:-
1) Denial of service attack
In wireless sensor networks, denial of service attack is due to destroy of nodes unintentionally.
This happens when malicious data is transferred from one node to other unnecessary. The
different types of DOS attack are jamming, tampering, collisions, exhaustion, unfairness,
flooding, desynchronization and data integrity attack. This attack can be mitigated from WSN by
managing the traffic by analysing, authentication and verification of nodes.
2) The Sybil attack
In Wireless sensor networks, a Sybil attack is considered when a single node has many duplicate
identities. The identities must be secure so that it cannot be transferred. Use of multiple identities
from one node is known as Sybil attack. It includes multipath routing, distribution of storage and
maintenance of topology. This attack can be mitigated from wireless sensor network by
encryption and authentication techniques and public key cryptography can also use but it is an
expensive technique.
3) Blackhole attack
In this, a node acts as malicious named blackhole in which a particular sink attract the entire
traffic by advertising as the shortest route. Traffic management is affected by the collection of
nodes at specified networks due to which it affects the attack on nodes. The network architecture
of the blackhole attack is a traditional wireless sensor network. Prevention of blackhole attack in
wireless sensor networks can be done by applying methods of radio source testing.
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
References
1) Savvides, M., (2016). Introduction to Biometric Technologies and Applications.
2) Bača, M., Grd, P., & Fotak, T., (2015). Basic Principles and Trends in Hand Geometry and
Hand Shape Biometrics.
3) Kenny, S., (2008). An introduction to privacy enhancing technologies. Retrieved from
https://iapp.org/news/a/2008-05-introduction-to-privacy-enhancing-technologies/
4) Bradford C. (2015) 5 Common Encryption Algorithms and the Unbreakables of the Future. .
Retrieved from https://blog.storagecraft.com/5-common-encryption-algorithms/
5) Engineers journal, (2016). Understanding biometric technology and biometric devices.
6) Tutorials point, (2016). Biometric Identification Techniques.
7) Find biometrics, (2015). Report: Bright Future for Iris Recognition.
8) Fischer-Hbner, S., & Berthold, S. (2013). Privacy-enhancing technologies. In Computer and
Information Security Handbook (Second Edition).
9) Gilbert, E. P. K., Kaliaperumal, B., Rajsingh, E. B., & Lydia, M. (2018). Trust based data
prediction, aggregation and reconstruction using compressed sensing for clustered wireless
sensor networks. Computers & Electrical Engineering.
10) Robinson, T. L., Schildt, B. R., Goff, T. V., & Corwin, D. J. (2018). U.S. Patent No.
9,864,992. Washington, DC: U.S. Patent and Trademark Office.
11
1) Savvides, M., (2016). Introduction to Biometric Technologies and Applications.
2) Bača, M., Grd, P., & Fotak, T., (2015). Basic Principles and Trends in Hand Geometry and
Hand Shape Biometrics.
3) Kenny, S., (2008). An introduction to privacy enhancing technologies. Retrieved from
https://iapp.org/news/a/2008-05-introduction-to-privacy-enhancing-technologies/
4) Bradford C. (2015) 5 Common Encryption Algorithms and the Unbreakables of the Future. .
Retrieved from https://blog.storagecraft.com/5-common-encryption-algorithms/
5) Engineers journal, (2016). Understanding biometric technology and biometric devices.
6) Tutorials point, (2016). Biometric Identification Techniques.
7) Find biometrics, (2015). Report: Bright Future for Iris Recognition.
8) Fischer-Hbner, S., & Berthold, S. (2013). Privacy-enhancing technologies. In Computer and
Information Security Handbook (Second Edition).
9) Gilbert, E. P. K., Kaliaperumal, B., Rajsingh, E. B., & Lydia, M. (2018). Trust based data
prediction, aggregation and reconstruction using compressed sensing for clustered wireless
sensor networks. Computers & Electrical Engineering.
10) Robinson, T. L., Schildt, B. R., Goff, T. V., & Corwin, D. J. (2018). U.S. Patent No.
9,864,992. Washington, DC: U.S. Patent and Trademark Office.
11
1 out of 11
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.