Information Security Analysis: ATM and Biometric Systems

Verified

Added on 2021/04/17

AI Summary

This assignment delves into the realm of information security, particularly within the context of ATM and biometric systems. It examines the critical importance of data integrity, availability, and confidentiality in ATM environments, providing examples and assessing their relative significance. The solution calculates the maximum number of PIN attempts a thief might make, considering a compromised card reader. Furthermore, the assignment explores the reasons behind public reluctance towards biometric systems, offering potential solutions to address these concerns. It identifies scenarios where false negatives in biometric authentication pose a greater threat than false positives, analyzing the potential consequences in both personal and institutional settings. The assignment references several research papers to support its findings.

Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION SECURITY
Question 1: Example of data integrity, availability and confidentiality in the context of
ATM system with the degree of importance for each requirement:
Integrity:
In information security, integrity is defined by the factor that unauthorized user
should not be able to modify the information without proper knowledge of the concerned
authority. In ATM system, external and unauthorized user finds it impossible to change or
modify information like ATM pin, password of the ATM card as these information is very
much important and sensitive in nature. User will validate the request by sharing the one time
password that is provided to the user either through registered email or password or through
both. This OTP has to be provided correctly to validate the request for change in the data
(Onyesolu & Okpala, 2017).
Integrity is an important factor in the context of ATM system as it helps in preventing
the data theft and also restrict in making illegal use of the data which might cause lose of
money for the user.
Availability:
For any information device to serve its basis, the information should remain available
while it is wanted by the user (Khan, Hasan & Xu , 2015). It means that the computing
systems used to store and procedure the information, the security controls used to defend it,
and the communication channels used to get right of entry to it should be functioning
correctly. ATM systems have the intention to remain active at all times, which means
stopping provider disruptions due to electricity outages, hardware disasters, and machine
improvements.

2INFORMATION SECURITY
Availability is an important factor for an ATM system as people use the system
whenever it is required irrespective of the time of use. It is expected for the ATM system to
remain functional any time the system is used.
Confidentiality:
Confidentiality refers to the act of preventing expose of information to the individuals
or systems that is not authorized to use the system. An ATM transaction through the ATM
machine is only performed one the ATM machine physically verifies the card and it then ask
for the ATM pin. The customer then needs to enter the correct pin and the password to
perform the transaction. The transaction is performed through secured communication
channel. The system encrypt the card number and the pin to make it secure from unauthorized
system or users. Additionally the system also restricts the sources where these confidential
data is stored (Hajare et al. , 2016).
Confidentiality is an important factor in the context of ATM system as it helps in
preventing accessing the important data related password, account details by unauthorized
users.

3INFORMATION SECURITY
Question 2: Calculation for the maximum number of PINs that the thief might have to
enter before correctly discovering a customer’s PIN.
The thief successfully jammed the card reader and five keys associated with the ATM.
Hence the thief requires 4 keys to guess the password of the person who already made the
transaction.
The number of keys left = 4
The maximum number of PINs that is required by the thief for guessing the correct
PIN is 5! / (5-4)! This equals to 120. Hence the thief needs to enter a maximum of 120 times
before guessing the correct PIN.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4INFORMATION SECURITY
Question 3: Reason for reluctance of people for using the biometric system and ways to
encounter the objections:
The biometric system helps to authenticate the identity of users in various services.
There are various advantages of the system. It improves the security by allowing the
authorized persons to access certain services (Jain, Klare & Roos, 2015). It does not require
memorizing the data as in the case of password. The information is permanent and there is no
chance of it being lost. Hence it increases the customer experience and the system is much
more user friendly . However there are certain concerns that make the customer reluctant in
adopting the system the primary concerns of using the system are:
Security:
The biometric data is obtained to felicitate the users in obtaining access to various
kinds of services (Rattani, Roli & Granger, 2015). Hence it makes the customer feels that one
the biometric data is stolen it can be used to steal various information regarding the personal
details of the consumers which are authenticated using the biometric data.
The consumer should be made aware that it is not that easy to steal data related to the
biometric information and different services uses different way to store and secure that data
and hence it is not possible to get access to all the services that belong to the customer.
No control over the data:
The consumer feels that the information they are submitting in the form of biometric
data belongs to the third party services and does not give the user the facility to have control
over the data.
Although the information is partially true, however it is not possible to make illegal
use of data without the permissions from the users as the data is secured using various layer

5INFORMATION SECURITY
of security techniques (Rattani, 2015). The users should be made aware of this fact to make
them convinced to use the system.
Systems are not fully accurate:
The systems are not fully accurate as it often faces problems like hardware and
software malfunctions. Once the system gets crashed, the data cannot be retrieved.
This often makes the customer worry about using the system. In order to deal with it
there should be improved hardware and software in designing the system and the user should
be made aware of the credibility of the system by introducing them to the design and
implementation policies (Rattani, Roli & Granger, 2015). This will make them convinced and
much more comfortable in using the system.

6INFORMATION SECURITY
Question 4: Two circumstances of biometric authentication where false negative is more
serious than false positive:
False negative refers to the situation when a biometric system fails in recognizing an
individual who has the correct authentication to use the system (Semwal , Raj & Nandi,
2015). The situation may have lot of consequence depending on the circumstances in which
the system is used. These consequences can be broadly divided into two categories namely
personal, institutional.
Personal:
Due to the inability of the biometric system to recognize an individual the person may
not be able to access a service that belongs to the person, although the person has full
authority to use the service (Morosan, 2016). If the person really needs some money that can
be only withdrawn by performing authentication using the biometric, then in no condition the
service can be accessed. This will surely create huge problem if the person needs the money
for some important work and that too in quick time.
Institutional:
Data centres across the world uses biometric system to authenticate the users of the
system. The authentication is necessary to prevent unauthorized access to the system that
contains valuable and sensitive data which must be protected from external theft and illegal
use. However, the functionality of the database is dependent on the system infrastructure. In
case the server goes down, then the experts need to access the data centre to restore the
service. However, the access is not possible without the biometric authentication and if the
biometric system fails to recognize the authenticate user, and then in that case the data centre
will not be accessible. For every minute the system remains inactive the company might lose
millions in terms of revenue.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7INFORMATION SECURITY
References:
Hajare, U., Mahajan, R., Jadhav, S., Pingale, N., & Salunke, S. (2018). Efficient Cash
Withdrawal from ATM machine using Mobile Banking.
Jain, A., Klare, B., & Ross, A. (2015, May). Guidelines for best practices in biometrics
research. In Biometrics (ICB), 2015 International Conference on (pp. 541-545). IEEE.
Khan, R., Hasan, R., & Xu, J. (2015). SEPIA: Secure-PIN-authentication-as-a-service for
ATM using mobile and wearable devices. In Mobile Cloud Computing, Services, and
Engineering (MobileCloud), 2015 3rd IEEE International Conference on (pp. 41-50).
IEEE.
Morosan, C. 2016: Opportunities and challenges for biometric systems in travel: A review.
Onyesolu, M.O., & Okpala, A.C., 2017. Improving Security Using a Three-Tier
Authentication for Automated Teller Machine (ATM). International Journal of
Computer Network and Information Security, 9(10), p.50.
Rattani, A. (2015). Introduction to Adaptive Biometric Systems. In Adaptive Biometric
Systems (pp. 1-8). Springer, Cham.
Rattani, A., Roli, F., & Granger, E. (2015). Adaptive Biometric Systems. Advances in
Computer Vision and Pattern Recognition. Springer International Publishing.
Semwal, V. B., Raj, M., & Nandi, G. C. (2015). Biometric gait identification based on a
multilayer perceptron. Robotics and Autonomous Systems, 65, 65-75.