PricingBlogAbout Us

Information Security Analysis: ATM, Biometrics and False Negatives

Verified

Added on  2022/09/15

|6
|1350
|14
Report
AI Summary
This report provides an in-depth analysis of information security, specifically focusing on Automated Teller Machines (ATMs) and biometric authentication systems. It examines the importance of confidentiality, integrity, and availability in ATM transactions, highlighting the need for encryption of PINs and ensuring the integrity of account records and transactions. The report also explores the reasons behind people's reluctance to use biometrics, such as investment costs, lack of awareness, and security concerns, along with strategies to address these objections. Furthermore, the report discusses scenarios where false negatives in biometric authentication are more critical than false positives, such as when a smartphone owner cannot unlock their phone or when a bank customer cannot access their locker due to authentication failures. The analysis is supported by relevant references, offering a comprehensive understanding of the subject.
Document Page
Running head: ANALYSIS OF INFORMATION SECURITY
ANALYSIS OF INFORMATION SECURITY
Name of student
Name of university
Author’s note:
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
ANALYSIS OF INFORMATION SECURITY
Examples of confidentiality, integrity and availability requirements associated with
ATM and description of the degree of importance for each requirement
In order to access required cash from the ATM, consumers are required to enter a PIN
and after consumers provide the PIN, the ATM then verifies the PIN, and if it is correct then
only consumers are allowed to access the cash from the account. Therefore, in ATM
transaction PIN is important for identifying the authenticity of the consumers (Asgari et al.,
2017). Therefore, it is required that ATM ensures the confidentiality of the PIN not only in
the host machine but also during the transaction as well. It is also important that the integrity
of the records associated with the consumer accounts are ensured as well. Along with this
integrity of the individual transactions are also important which needs to be ensured as well
(Montefusco et al., 2016). Availability of the ATM is required to ensure quality service of the
bank, however, this is not as important as confidentiality and integrity are important in the
context of ATM transaction.
Confidentiality requirement:
The media that is considered for ensuring effective and efficient communication
between ATMs and the bank required to be encrypted and this is one of the most
important requirements in terms of ensuring confidentiality (Gonçalves & da Silva,
2018).
PIN needs to be encrypted if it is stored in the database of the bank.
Integrity Requirement
The action that is taken by the ATM during the transaction is in accordance with the account
that is associated with the card considered for the transaction (Bogoda, Mo & Bil, 2019).
Availability requirements
Document Page
2
ANALYSIS OF INFORMATION SECURITY
The system should be capable of executing a ta transaction of at least 1000-
synchronous users and this needs to be ensured at any time
The system should ensure availability at 99.9% time for ensuring that the service
provided by the bank is effective and efficient as well.
Three reasons for which people may be reluctant to use biometrics. Description of
various strategies to counter those objections
Investment in infrastructure:
In order to implement biometric authentication in the organization, companies need to
invest in infrastructure and therefore organisations, especially small companies are not
interested in investment for deploying biometric authentication in the organizations (Kindt,
2016).
Strategy to counter the objection:
In order to convince organizations in investment for deploying biometric
authentication, authorities of the companies will be provided a detailed description of the
benefits of the biometric application such as automatic authentication of the employees,
identifying if employees are trying to cheat with their attendance and therefore this also
allows to analyses productivity of the employees which is important for any organization
(Memon, 2017).
Lack of awareness about biometric authentication:
Employees, especially people with less technical knowledge think that accessing the
biometric system is too complex and therefore they are not interested in accessing biometric
system.
Strategy to counter the objection:
Document Page
3
ANALYSIS OF INFORMATION SECURITY
In order to convince these people this is required to explain to them how to access this
system and if required training needs to be arranged for them so that they are capable of
accessing this system.
Security issues:
In order to authenticate people to the biometric system, it is required to provide
personal information such as fingerprint and most of the people think that as the company has
access to their personal information it is easier for them to access confidential services which
require access to their personal information and due to this lot of people are not interested in
accessing biometric system for authentication (Kindt, 2016).
Strategy to counter the objection:
It is required to explain to these people that the personal information provided in this
biometric system is encrypted properly and it is not that easy to access other services through
this personal information as those services consider their own security mechanisms.
Therefore, proper training is required in this context.
Description of two circumstances where false negatives are significantly more serious
than false positives
In biometric authentication, false positive refers to authenticating a person to access
something, although the system should not allow that person, as the credential provided for
authentication is not authentic, while false negative refers to not authenticating the person
even after authentic credential is provided to the biometric system (Bhattasali et al., 2015).
Although, whether it is false positive or false negative, this should not be allowed. However,
in some context, false negative is more significant than the false positive because it does not
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4
ANALYSIS OF INFORMATION SECURITY
allow to access the system even after proper authorization (Evans et al., 2015). For example,
if a smartphone does not allows someone to unlock the phone with fingerprint of the owner of
the smartphone, then that person is not allowed by the system to access important information
from smartphone such as personal id, account number or credit card information, therefore it
will affect the overall security of the system (Bhattasali et al., 2015). Lockers in bank where
biometric authentication is integrated will not allow owner of the locker to access his or her
own money or other important things even after providing the authentic biometric details
when he or she really requires it (Kindt, 2016). Therefore, false negative is more significant
than the false positive in the context of the biometric authentication and biometric security as
well.
Document Page
5
ANALYSIS OF INFORMATION SECURITY
References:
Asgari, H., Stelkens-Kobsch, T. H., Montefusco, P., Abhaya, L., Koelle, R., Markarian, G., &
D'Auria, G. (2017). Provisioning for a distributed ATM security management: The GAMMA
approach. IEEE Aerospace and Electronic Systems Magazine, 32(11), 5-21.
Montefusco, P., Koelle, R., Casar, R., & Stelkens-Kobsch, T. H. (2016, September).
Addressing security in the ATM environment. In 11th ARES Conference.
Gonçalves, L. P., & da Silva, A. R. (2018). Towards a catalogue of reusable security
requirements, vulnerabilities and threats.
Bogoda, L., Mo, J., & Bil, C. (2019, April). A Systems Engineering Approach To Appraise
Cybersecurity Risks Of CNS/ATM and Avionics Systems. In 2019 Integrated
Communications, Navigation and Surveillance Conference (ICNS) (pp. 1-15). IEEE.
Kindt, E. J. (2016). Privacy and data protection issues of biometric applications (Vol. 1).
Springer.
Memon, N. (2017). How biometric authentication poses new challenges to our security and
privacy [in the spotlight]. IEEE Signal Processing Magazine, 34(4), 196-194.
Bhattasali, T., Saeed, K., Chaki, N., & Chaki, R. (2015, September). A survey of security and
privacy issues for biometrics based remote authentication in cloud. In IFIP International
Conference on Computer Information Systems and Industrial Management (pp. 112-121).
Springer, Berlin, Heidelberg.
Evans, N., Li, S. Z., Marcel, S., & Ross, A. (2015). Guest editorial: Special issue on
biometric spoofing and countermeasures. IEEE Transactions on Information forensics and
security, 10(4), 699-702.
chevron_up_icon
1 out of 6
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.