Security Fundamentals: ATM Security and Cryptography

Verified

Added on 2025/04/29

AI Summary

Desklib provides past papers and solved assignments for students. This solved assignment covers ATM security and cryptography.

ITC 595
Assignment-2
Security Fundamentals
Student name:
Student id:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
Q1....................................................................................................................................................3
Q2....................................................................................................................................................4
Q3....................................................................................................................................................5
Q4....................................................................................................................................................6
Q5....................................................................................................................................................7
References:......................................................................................................................................9
1

Q1
ATM (Automated Teller Machine) is a machine designed to provide the facility to the user to
perform the transaction at any time by using the card. This card has direct access to the linked
bank account and each user has been provided the PIN (Personal Identification Number) for the
card that is unique and identifies the card number. For maintaining the security, there is three
main requirements which are confidentiality, availability, and integrity and each one is
important.
1. Confidentiality: Confidentiality means only those users who have the authority can access
the data and its content. It not only secures the data from the unwanted and unauthorized
access but also provide the assurance of the accuracy of the circulation of the symmetric key.
In the security of ATM and PIN, confidentiality is one of the main requirements as it helps in
keeping the PIN number and the communicated data confidential. The information can
remain confidential by protecting the data with the help of encryption and decryption
technique. There is another technique also that makes the data confidential which can be used
in ATM and they are biometric verification, 2-way authentication, security tokens, etc.
2. Availability: Availability means that the system must be accessible and available at anytime
and anywhere. It is the second most important requirement for the ATM machine as its all
authentic entities must be able to access all the facilities of ATM accurately at any time,
means no denial of service should be happening.
3. Integrity: Integrity means authentication i.e. the data which is sent should be original and
authenticated. This is another important requirement in the security of the ATM machine and
PIN number and its value is important because it ensures the security of the communicated
and stored data. In ATM, data integrity can be used to bring the hop-by-hop validation of
signaling messages. The information can be authenticated by displaying the transacted
amount after the successful transaction and the amount left to uphold the integrity and also to
ensure that no data is a loss (Donglin, n.s.).
2

Q2
As per the case scenario, a thief enters into ATM machine by breaking it and was able to jam the
card and was also successful in breaking the 5 keys. The total number of digits for the PIN is
four and there are total 10 digits, 0 to 9 which can be used while creating the number PIN
number.
Because thief was able to crack the five keys but still not finds the accurate PIN number and
there are five numbers left. The digits of PIN number can be from these remaining five digits.
The PIN number can be started from any digits including Zero as well and number can be
repeated also, so according to this,
1. The 1st digit of PIN number can be any 5 number, means the chances to be filled is 5.
2. As the digits can be repeatable in a PIN, the 2nd digit of PIN number can also be any 5
number, means the chances to be filled is 5.
3. Similarly, the 3rd digit also has a chance to have any of the 5 numbers and hence the chances
is 5.
4. Same with the 4th digit, the number of chances is 5.
So, the total number of chances for the PIN number is [5] * [5] * [5] * [5] = 625
625 is the total number of times that the thief will enter to find the correct PIN but the last trail
will be the accurate answers which means before finding the correct PIN, the total chances to
enter the trial PIN is 625-1 = 624.
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Q3
In biometric authentication, people hesitate to use this due to several reasons such as:
 Personal Information theft: In comparison to the password technique, biometric is more
authenticated and secure, but most of the people believe it insecure and find it unauthentic to
use as they think that the information can be leaked by the attacker. They do not use this
machine with the fear of invasion of their personal information. So, this problem can be
solved by encrypting the biometric machine with the two-way authenticated approach.
 Errors: Another reason that people do not want to use the machine is that they think there
are approximately errors with the machine like if the finger which is used for the
identification gets burn, harm, or cut the machine is not able to identify that finger. So, this
issue can be resolved by setting the two or more than two fingerprints so that in case of
failure of one finger identification, another fingerprint can be used to unlock the system.
 High cost: It is very expensive to set up the biometric machine as it is very costly and some
people can not afford to use it and this is the reason that reluctant them to use the machine.
This problem can be resolved by providing sponsorship from the government’s side and also
by creating awareness amid the people.

4

Q4
A false positive is where the positive result is obtained while the negative results should be
obtained and it is generally termed as Type I error because it inaccurately discards the null
hypothesis. False negative is the just reverse of false positive means false positive is where a
negative result is obtained while positive results should be obtained and it is generally termed as
Type II error because it does not discard the null hypothesis.
In comparison to the false positive, the worse is false negative due to two circumstances which
are:
 The first is data loss due to not detecting the stored information in the machine. The machine
not able to detects the data and the PIN while inserting the ATM card and due to this, the
impact of false negative could create.
 Another is when the fingerprint lock is not recognized by the machine and it fails to identify
the person’s identity which can create the authentication problem (Remy, 2016).

5

Q5.
The ciphertext that needs to be decoded into the plain text is:
L C D O M X I Z Y X V H P X M
J Q S H A A N W F I H A B R T
1. First of all, give the numbers to the alphabets from 1 to 26 where A is given 1, B is given 2,
and so on.
A B C D E F G H I J K L M
1 2 3 4 5 6 7 8 9 10 11 12 13
N O P Q R S T U V W X Y Z
14 15 16 17 18 19 20 21 22 23 24 25 26
2. Now, the second step is to change the encoded text with the help of the One-time pad
technique. There are different keys that are used by the company and each key is used for
different letters in the ciphertext and these keys are:
L
7
C
15
D
12
O
6
M
8
X
9
I
4
Z
2
Y
1
X
13
V
12
H
5
P
3
X
1
M
8
J
15
Q
6
S
4
H
8
A
12
A
8
N
10
W
9
F
14
I
16
H
11
A
13
B
2
R
4
T
6
A code is converted as:
L=12-7=5=E
C=3-15=-12=N
D=4-12=-8=R
O=15-6=9=I
M=13-8=5=E
X=24-9=15=O
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

I=9-4=5=E and so on
So, the obtained text is: EN RIEO EXX KJCM WEUKOZ OSDN RCWNZNN
3. The third step is to use the Caeser Cipher substitution technique for decoding the text which
is obtained from the above step (Holden, 2018). The substitution key is given which is 567
and with the use of this key, the code is converted.
E = (5+5) = 10= J
N = (14+6) = 20-1=19=S {because each time it is decremented at each time}
Similarly, all digit is calculated and the code generated is: JS WNJT JCC POHR BJZPTE
TXIS WHBSESS
This is the final step where the plain text is generated by again using the Caeser Cipher
substitution technique as (Khan & Qazi, 2018):
J=10=10+6 {mod (567) = (5+6+7/3) = 6}
=16-1 {during encryption it was incremented by one, so at the time of decryption, it
is decrypted by one}
=15
= O
S=19=19+6{mod (567) = (5+6+7/3) = 6}
=25-1{during encryption it was incremented by one, so at the time of decryption, it
is decrypted by one}
=24
=X
Similarly, all the alphabets will be decoded and the final result obtained as:
OX BSOY OHH UTMW GOWUYJ YCNX BMGXJXX
4.
7

References:
Donglin, D. A Survey on ATM Security.
https://www.cse.wustl.edu/~jain/cis788-97/ftp/atm_security/
Holden, J. (2018). The mathematics of secrets: cryptography from caesar ciphers to digital
encryption. Princeton University Press.
Khan, F. H., & Qazi, F. (2018). Advance Procedure Of Encryption And Decryption Using
Transposition And Substitution. Journal of Information Communication Technologies and
Robotic Applications, 43-56.
Remy, M 2016. What Are False Positives and False Negatives? Retrieved from
https://www.livescience.com/32767-what-are-false-positives-and-false-negatives.html
8