Analysis of ATM Security: Confidentiality, Integrity, and Availability
VerifiedAdded on  2025/04/29
|9
|1337
|486
AI Summary
Desklib provides past papers and solved assignments for students. This solved assignment covers ATM security.
ITC 595
Assignment 2
SECURITY FUNDAMENTALS
Student name:
Student id:
0
Assignment 2
SECURITY FUNDAMENTALS
Student name:
Student id:
0
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
Question-1........................................................................................................................................3
Question-2........................................................................................................................................4
Question-3........................................................................................................................................5
Question-4........................................................................................................................................6
Question-5........................................................................................................................................7
References:......................................................................................................................................9
1
Question-1........................................................................................................................................3
Question-2........................................................................................................................................4
Question-3........................................................................................................................................5
Question-4........................................................................................................................................6
Question-5........................................................................................................................................7
References:......................................................................................................................................9
1
Question-1
To access the bank accounts, ATM card along with the PIN is provided to the users and for this
ATM machine is designed. For this system, integrity; confidentiality; and availability is
necessary to be associated with the ATM system.
ï‚· Integrity: Integrity is the first main requirements in the security of the ATM system where
the actions that are performed with the help of ATM ought to be linked to the account that is
associated with the user’s card. It is mainly used to maintain the accuracy, consistency, and
trust of the data. It should be considered that there may be no loss of data during the
transaction. The amount should be clearly displayed after transacting the amount in order to
maintain the integrity otherwise it will be compromised.
ï‚· Confidentiality: Confidentiality is the second important requirement in the security of the
ATM system which means privacy where some information should be hidden from the
unauthorized users and access. The PIN generated for the card must be confidential by
making it in encrypted form. The trust must be very essential between the bank and ATM
and for this, the communication channel should be encrypted. It is very important for the
security because if any unknown person knows the PIN then he/she can withdraw the
amount, so confidentiality should be maintained. The common approaches for keeping
confidentiality are two-way authentication, key fobs, biometric verification, and security
tokens.
ï‚· Availability: Availability means the system should be available and accessible all the time.
For ATM, the term availability means that ATM machine should be open all the time and can
be accessible to the users at any time. Thus, the availability requirements are that the ATM
machine should be accessible 99.9% time to serve a number of users (Margaret, n.s.).
2
To access the bank accounts, ATM card along with the PIN is provided to the users and for this
ATM machine is designed. For this system, integrity; confidentiality; and availability is
necessary to be associated with the ATM system.
ï‚· Integrity: Integrity is the first main requirements in the security of the ATM system where
the actions that are performed with the help of ATM ought to be linked to the account that is
associated with the user’s card. It is mainly used to maintain the accuracy, consistency, and
trust of the data. It should be considered that there may be no loss of data during the
transaction. The amount should be clearly displayed after transacting the amount in order to
maintain the integrity otherwise it will be compromised.
ï‚· Confidentiality: Confidentiality is the second important requirement in the security of the
ATM system which means privacy where some information should be hidden from the
unauthorized users and access. The PIN generated for the card must be confidential by
making it in encrypted form. The trust must be very essential between the bank and ATM
and for this, the communication channel should be encrypted. It is very important for the
security because if any unknown person knows the PIN then he/she can withdraw the
amount, so confidentiality should be maintained. The common approaches for keeping
confidentiality are two-way authentication, key fobs, biometric verification, and security
tokens.
ï‚· Availability: Availability means the system should be available and accessible all the time.
For ATM, the term availability means that ATM machine should be open all the time and can
be accessible to the users at any time. Thus, the availability requirements are that the ATM
machine should be accessible 99.9% time to serve a number of users (Margaret, n.s.).
2
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Question-2
The format of ATM PIN is four digits between the number 0 to 9 and this can be in any pattern
with the repetition of the digits, means one digit can be used for more than one time during pin
generation or change.
Since the five keys have been broken by the thief among 0-9 keys, there are still five keys or
number left that needs to find out in order to find out the correct PIN number.
Since the PIN should be of four digits, so the possible chances for each digit should be:
ï‚· The chances of filling of the first digit could be any five number=5
ï‚· The chances of filling of the second digit could be any five number=5
ï‚· The chances of filling of the third digit could be any five number=5
ï‚· The chances of filling of the fourth digit could be any five number=5
So, the chances of a maximum number of a PIN that can be entered by the thief for accurately
discovering the PIN number are (5) *(5) *(5) *(5) equals to 625. But the last chance will be the
correct Pin code, so the actual number of times the thief enters the code will be 624.
But practically, it is not possible because if the wrong PIN number is entered more than three
times, then a message is sent to the user.
3
The format of ATM PIN is four digits between the number 0 to 9 and this can be in any pattern
with the repetition of the digits, means one digit can be used for more than one time during pin
generation or change.
Since the five keys have been broken by the thief among 0-9 keys, there are still five keys or
number left that needs to find out in order to find out the correct PIN number.
Since the PIN should be of four digits, so the possible chances for each digit should be:
ï‚· The chances of filling of the first digit could be any five number=5
ï‚· The chances of filling of the second digit could be any five number=5
ï‚· The chances of filling of the third digit could be any five number=5
ï‚· The chances of filling of the fourth digit could be any five number=5
So, the chances of a maximum number of a PIN that can be entered by the thief for accurately
discovering the PIN number are (5) *(5) *(5) *(5) equals to 625. But the last chance will be the
correct Pin code, so the actual number of times the thief enters the code will be 624.
But practically, it is not possible because if the wrong PIN number is entered more than three
times, then a message is sent to the user.
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Question-3
There are several reasons that reductant the people to use the biometric for authentication
purpose such as:
1. Errors: The first reason is that there are some errors with the use of a biometric machine like
if users set a password for ATM card through his finger and in case if the finger gets cuts or
harms, then the machine is unable to recognize the finger.
This error can be encountered by using two or more fingerprint lock so that when the system
does not recognize one finger, others can be used to access the system.
2. The attack on personal information: Although biometric is more secure than the password
policy, biometric is also not completely secure. People think that machine is not much secure
and they can be hacked with the attacker and this is the biggest fear among them that their
personal information can be invaded. So, people reductant to use the system, but actually the
biometric system uses a two-way authentication process, so the data stored is secure.
3. Expensive: Another reason that reductant the people to use the biometric system is the high
expense to set up the biometric machine. Since the cost of using biometrics is very high
(thousand in number), the people are not able to afford such high cost and thus they avoid
using the biometric machine.
To encounter this issue, the government should provide sponsorship to use and set up this
system and also generate awareness among the people of its importance (Kevin, 2018).
4
There are several reasons that reductant the people to use the biometric for authentication
purpose such as:
1. Errors: The first reason is that there are some errors with the use of a biometric machine like
if users set a password for ATM card through his finger and in case if the finger gets cuts or
harms, then the machine is unable to recognize the finger.
This error can be encountered by using two or more fingerprint lock so that when the system
does not recognize one finger, others can be used to access the system.
2. The attack on personal information: Although biometric is more secure than the password
policy, biometric is also not completely secure. People think that machine is not much secure
and they can be hacked with the attacker and this is the biggest fear among them that their
personal information can be invaded. So, people reductant to use the system, but actually the
biometric system uses a two-way authentication process, so the data stored is secure.
3. Expensive: Another reason that reductant the people to use the biometric system is the high
expense to set up the biometric machine. Since the cost of using biometrics is very high
(thousand in number), the people are not able to afford such high cost and thus they avoid
using the biometric machine.
To encounter this issue, the government should provide sponsorship to use and set up this
system and also generate awareness among the people of its importance (Kevin, 2018).
4
Question-4
False negative and false positive are also referred to as type II error and type I error respectively
where false negative means when the true null hypothesis is rejected and false positive means
when the false null hypothesis is accepted. Generally, in False positive, the outcomes produce is
positive, though the input is negative while in the False Negative, the outcome produce is
negative since the input is also negative.
The false negative is worse than false positive and there are two circumstances for this, which
are described below:
1. The first circumstance is where the ATM machine is not able to recognize the correct PIN
number when the card is inserted and also in case of biometric, the machine is not able to
correctly recognize the finger of the person for authentication purpose. In such a situation,
where a machine fails to detect the fingerprint, the data may be lost and the false negative
creates errors.
2. The second circumstance is where the machine is not able to detect the information stored in
the database of the system, then the system fails to detect the information and there are
chances of loss of data. This could create a false negative impact and consequences of
negative costs (Iliya, 2018).
5
False negative and false positive are also referred to as type II error and type I error respectively
where false negative means when the true null hypothesis is rejected and false positive means
when the false null hypothesis is accepted. Generally, in False positive, the outcomes produce is
positive, though the input is negative while in the False Negative, the outcome produce is
negative since the input is also negative.
The false negative is worse than false positive and there are two circumstances for this, which
are described below:
1. The first circumstance is where the ATM machine is not able to recognize the correct PIN
number when the card is inserted and also in case of biometric, the machine is not able to
correctly recognize the finger of the person for authentication purpose. In such a situation,
where a machine fails to detect the fingerprint, the data may be lost and the false negative
creates errors.
2. The second circumstance is where the machine is not able to detect the information stored in
the database of the system, then the system fails to detect the information and there are
chances of loss of data. This could create a false negative impact and consequences of
negative costs (Iliya, 2018).
5
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Question-5
Encryption is a technique used to encrypt the plain text in the encoded form called ciphertext and
with the decryption technique, this code is decoded into the readable and understandable form.
One of the methods for text encryption is Transposition where characters of plaintext are shifted
in some regular pattern in order to create ciphertext (Gustavus, n.s.).
In the given scenario, to protect the information, all the messages are encrypted by using a
technique called Caesar cipher substitution with the key 567 and then the extra layer is also
added for more security with One-time pad which is increasingly at each time.
The encoded ciphertext is LC DOMX IZY XVHP XMJQSH AANW FIHABRT. In order to
decrypt this text into the plain text, some steps are required.
Firstly, all alphabets come under the number 0-25 means A starts with 0 and Z with 25.
A B C D E F G H I J K L M N O P Q R S T U V
0 1 2 3 4 5 6 7 8 9 10 11 1
2
13 14 15 16 1
7
18 19 20 21
W X Y Z
2
2
23 24 25
1. The first step is to convert the cipher text using the decryption technique One-time pad where
different keys are used to send the message and the keys used in this are:
7,15,12,6,8,9,4,2,1,13,12,5,3,1,8,15,6,4,8,12,8,10,9,14,6,11,13,2,4,6.
The text obtained when applying this key are:
EN RIEO EXX KJCM WEUKOZ OSDN RCWNZNN
2. The second step is to use another substitution called Caesar Cipher for decrypting the code.
Since the substitution key is 567 so this can be applied as:
6
Encryption is a technique used to encrypt the plain text in the encoded form called ciphertext and
with the decryption technique, this code is decoded into the readable and understandable form.
One of the methods for text encryption is Transposition where characters of plaintext are shifted
in some regular pattern in order to create ciphertext (Gustavus, n.s.).
In the given scenario, to protect the information, all the messages are encrypted by using a
technique called Caesar cipher substitution with the key 567 and then the extra layer is also
added for more security with One-time pad which is increasingly at each time.
The encoded ciphertext is LC DOMX IZY XVHP XMJQSH AANW FIHABRT. In order to
decrypt this text into the plain text, some steps are required.
Firstly, all alphabets come under the number 0-25 means A starts with 0 and Z with 25.
A B C D E F G H I J K L M N O P Q R S T U V
0 1 2 3 4 5 6 7 8 9 10 11 1
2
13 14 15 16 1
7
18 19 20 21
W X Y Z
2
2
23 24 25
1. The first step is to convert the cipher text using the decryption technique One-time pad where
different keys are used to send the message and the keys used in this are:
7,15,12,6,8,9,4,2,1,13,12,5,3,1,8,15,6,4,8,12,8,10,9,14,6,11,13,2,4,6.
The text obtained when applying this key are:
EN RIEO EXX KJCM WEUKOZ OSDN RCWNZNN
2. The second step is to use another substitution called Caesar Cipher for decrypting the code.
Since the substitution key is 567 so this can be applied as:
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
E=4+5=9=J
N=13+6=18=S
And so on. So, the text obtained is:
JS WNJT JCC POHR BJZPTE TXIS WHBSESS
3. Now, the third and last step is to again use the decryption technique called Caesar cipher
substitution and the plain text obtained is:
OX BSOY OHH UTMW GOWUYJ YCNX BMGXJXX
1.
7
N=13+6=18=S
And so on. So, the text obtained is:
JS WNJT JCC POHR BJZPTE TXIS WHBSESS
3. Now, the third and last step is to again use the decryption technique called Caesar cipher
substitution and the plain text obtained is:
OX BSOY OHH UTMW GOWUYJ YCNX BMGXJXX
1.
7
References:
Gustavus, J. S. Transposition Cipher. Retrieved from
https://www.britannica.com/topic/transposition-cipher
Iliya, V. (2018). False Positive and False Negative. Retrieved from
https://towardsdatascience.com/false-positive-and-false-negative-b29df2c60aca.
Kevin, H. (2017). 3 Problems with Biometric Security, Including Fingerprint ID. Retrieved from
https://blog.ipswitch.com/3-reasons-biometrics-are-not-secure
Margaret, R. confidentiality, integrity, and availability (CIA triad). Retrieved from
https://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA.
8
Gustavus, J. S. Transposition Cipher. Retrieved from
https://www.britannica.com/topic/transposition-cipher
Iliya, V. (2018). False Positive and False Negative. Retrieved from
https://towardsdatascience.com/false-positive-and-false-negative-b29df2c60aca.
Kevin, H. (2017). 3 Problems with Biometric Security, Including Fingerprint ID. Retrieved from
https://blog.ipswitch.com/3-reasons-biometrics-are-not-secure
Margaret, R. confidentiality, integrity, and availability (CIA triad). Retrieved from
https://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA.
8
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.