PricingBlogAbout Us

CIA Triad, ATM Security Flaws and Biometric Authentication Explained

Verified

Added on  2023/06/14

|13
|2577
|292
Homework Assignment
AI Summary
This assignment delves into critical aspects of information security, starting with a comprehensive explanation of the CIA triad—Confidentiality, Integrity, and Availability—illustrated with examples in the context of ATM systems. It further analyzes the potential security breaches in ATM PIN systems, specifically addressing scenarios where a limited number of keys are functional. The assignment then explores the reasons behind the increasing adoption of biometrics for security, emphasizing reduced administrative costs, improved return on investment, and enhanced security features. It also distinguishes between false positive and false negative rates in biometric systems, providing clear definitions and comparisons. Finally, the assignment demonstrates the decryption of a Caesar cipher, providing a step-by-step breakdown of the process, ultimately revealing the hidden message: 'INCREASE THE PROCESSOR FREQUENCY'. Desklib offers a wealth of similar solved assignments and study resources for students.
Document Page
Running head: INFORMATION SECURITY
INFORMATION SECURITY
Assessment No-
Assessment Title-
Student Name and ID-
Student name and Code-
Student Email Address-
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1INFORMATION SECURITY
Question 1:
The confidentiality, integrity, as well as availability is known as CIA triad is basically a
design that helps to guide the policies for providing security of information involved in an
organization. Examples of Confidentiality, Integrity, and availability according to CIA Triad are
explained below.
Confidentiality:
Confidentiality offers privacy to all the data involved in the network of ATM system. The
sensitive information is protected from reaching to unauthorized people ad makes sure that the
right person gets the right information at the right time. Confidentiality involves access of data
only to an authorized person so that they can view their data (Bhagavatula et al., 2015). The data
that are stored are to be made confidential and should be categorized with respect to the amount
and damage type if are misused by some other person. Example of confidentiality is to ensure the
confidentiality to an account number while carrying transaction by an ATM. The data that are to
be kept safe involves the process of data encryption ensuring the confidentiality of the data. The
passwords and the user ids that are used in an ATM transaction use a two-factor authentication
for ensuring the confidentiality of the data (Ghosh et al., 2017). The confidentiality are also
included in biometric verification and the security tokens or soft tokens. Confidentiality with
extra measures are to be taken in an ATM transaction because the data in are extremely
confidential.
Integrity:
Document Page
2INFORMATION SECURITY
The integrity process involves in maintaining the accuracy, consistency and
trustworthiness of the data over its lifetime. While transmission, the data must not be changed or
altered and corresponding step are to be taken to ensure the data from being changed or altered
by some unauthorized people. The measures that are included in integrity are file permission and
the access control of the user (Memon, 2017). There are version controls available to protect the
data that are changed in an erroneous way or accidental erasing of data by authenticated users.
For verification of data integrity, the data contains checksums and cryptography checksums.
There are also redundancies and backup processes for the data available.
Availability:
Availability ensures to maintain all the hardware so that the hardware performs well
repairing the changes that are needed and maintains the functioning of the system correctly. The
availability ensures to keep all the system up to date providing a good communication bandwidth
and prevent the bottleneck occurrence. The details of the ATM should be available with the user
so that the availability of data is not lost. There should be safeguards for protecting the loss of
data or any interruptions in the connection. Backup of data is the most important method to make
the data available to the user in any case of accidental loss (Thomas, Vinod & Robinson, 2017).
Firewalls or proxy servers are also used as an extra equipment of security against the
unreachable and downtime data occurred because of malicious attacks such as network intrusion
or denial-of-service attacks that can happen with the data.
Question 2:
As per the given case in the question, the thief has already broken five keys of the ATM
machine and is left with only other five keys. He had also jammed the card reader system of the

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3INFORMATION SECURITY
ATM machine as a result of which the customer was not able to take out his ATM card after the
transaction. The transaction done by the customer was successful, which states that the four digit
pin number of the customer was within the five keys that were good. For the thief to discover the
pin correctly, there are many possibilities. Combining the five digits on the keypad, the thief can
generate many four digit pins. The maximum number of pins that the thief can generate is
5!/ (5-4)! = (5 * 4 * 3 * 2 * 1) / 1 = 120 four digit pins.
But, as per the security of the ATM is concerned, the thief will not get 120 times of try to
establish a successful transaction. The maximum number of times the thief will be able to enter
the pin is three times. Coincidently, if the correct pin comes within the three times of the entered
pin, the thief will be successful in collecting the cash (Alsaadi, 2015). Otherwise, after entering
the wrong pin three times, the card will be blocked and the customer will get to know about the
unauthorized transaction.
Question 3:
Reasons why people finds secure to use biometrics are stated as follows:
1) Helps to reduce the administrative cost: The modern identification of biometric helps to
manage the system that consists of hardware and software with easy installation process and easy
manageable process. The installation of biometric process and managing its component does not
require training as installation process is very easy and manages the cost of maintaining the
systems. Other cost are also saved by using the biometric authentication such as issuance of a
new IDcard or replacing the damaged or the old ones (De Luca et al., 2015). There are also
biometric identification that helps to generate the cost saving for the IT by elimination of
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4INFORMATION SECURITY
consuming the time and the resource that are draining for resetting the password. The biometric
authentication also helps the users by not taking extra headache of remembering their passwords
and user ids. Every time the user forgets the password, much time and resource is consumed t
recover them.
2) Return on Investments is improved: Biometric authentication also ensures enhanced
accuracy, reduces changes of misuse, and improves the accountability of the data that are stored
in the database (Barbosa & Silva, 2015). The traditional method of identification system mainly
depends on passwords, IDs or PINS (Personal Identification Number) of the data that are stored
in the system. But the biometric authentication provides a better secure system of identification.
3) Provides Security: The biometric authentication provides accountability, convenience, and
the data included in biometric system are difficult to forge. A concrete activity for the audit trail
is implemented in a biometric identification to secure the identification. all the transaction in a
biometric system are recorded clearly and also reduces the misuse of the system. The biometric
authentication also adds convenience because the user do not have to remember or carry their id
and passwords and are less prone to data breach (Ciuffo & Weiss, 2017). There is no possibility
of remembering the password is sharing the password. The data that are stored in the biometric
system are very difficult to forge, that is it cannot be changed or altered by some other
unauthenticated users. The biometric authentication provides a liveness detection, by which it
can identify the fake data from its original data stored in the system database.
Question 4:
The false positive or the false acceptance rate is a measure where the biometric system of
security falsely accepts the unauthenticated data as a authenticated one and allows a secure login
Document Page
5INFORMATION SECURITY
(Kim et al., 2015). the rate of false acceptance is generally calculated as a ratio between the
number of data that is falsely accepted to the number of data that are totally identified. The rates
of false negative are more than the rate of false positive rate. In false negative rate, or the false
recognition rate, is basically a measure in which the system of biometric security rejects the data
of an authenticated user and rejects the attempt that is done by the authenticated user (Chen,
Pande & Mohapatra, 2014). The false negative rate is determined by a ration of the number of
data that is falsely recognized with the total number of data that is attempted for identification.
Question 5:
There is Caesar cipher method or Caesar substitution method for encrypting or decrypting
a cipher text.
The encrypted text that is given for decrypting is-
NTJWKHXK AMK WWUJJYZTX MWKXZKUHE
In first step, we have to determine the value of all the text according to the numeric value
of the alphabet.
Given Text N T J W K H X K
Numeric value 14 20 10 23 11 8 24 11
Given Text A M K
Numeric value 1 13 11

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
6INFORMATION SECURITY
Given Text W W U J J Y Z T X
Numeric value 23 23 21 10 10 25 26 20 24
Given Text M W K X Z K U H E
Numeric value 13 23 11 24 26 11 21 8 5
Applying the given key 234 to all the numeric text and subtracting both the values we get,
Given Text N T J W K H X K
Numeric value 14 20 10 23 11 8 24 11
Key 2 3 4 2 3 4 2 3
Decoded text 12 17 6 21 8 4 22 8
Given Text A M K
Numeric value 1 13 11
Key 4 2 3
Decoded text 23 11 8
U J J Y Z T X
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7INFORMATION SECURITY
Numeric value 23 23 21 10 10 25 26 20 24
Key 4 2 3 4 2 3 4 2 3
Decoded text 19 21 18 6 8 22 22 18 21
Given Text M W K X Z K U H E
Numeric value 13 23 11 24 26 11 21 8 5
Key 4 2 3 4 2 3 4 2 3
Decoded text 9 21 8 20 24 8 17 6 2
After all the decoded text are generated, the Caesar cipher algorithm of shifting all the vales by 3
is implemented. And then the decoded text and three is subtracted to get the value of the original
text. And finally the code is decrypted.
Given Text N T J W K H X K
Numeric value 14 20 10 23 11 8 24 11
Key 2 3 4 2 3 4 2 3
Decoded text 12 17 6 21 8 4 22 8
Shift by 3 3 3 3 3 3 3 3 3
Document Page
8INFORMATION SECURITY
Decoded text 9 14 3 18 5 1 19 5
Final text I N C R E A S E

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
9INFORMATION SECURITY
Given Text A M K
Numeric value 1 13 11
Key 4 2 3
Decoded text 23 11 8
Shift by 3 3 3 3
Decoded text 20 8 5
Final text T H E
Given Text W W U J J Y Z T X
Numeric value 23 23 21 10 10 25 26 20 24
Key 4 2 3 4 2 3 4 2 3
Decoded text 19 21 18 6 8 22 22 18 21
Shift by 3 3 3 3 3 3 3 3 3 3
Decoded text 16 18 15 3 5 19 19 15 18
Final text P R O C E S S O R
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
10INFORMATION SECURITY
Given Text M W K X Z K U H E
Numeric value 13 23 11 24 26 11 21 8 5
Key 4 2 3 4 2 3 4 2 3
Decoded text 9 21 8 20 24 8 17 6 2
Shift by 3 3 3 3 3 3 3 3 3 3
Decoded text 6 18 5 17 21 5 14 3 25
Final text F R E Q U E N C Y
So, the text after decrypting is
INCREASE THE PROCESSOR FREQUENCY
Document Page
11INFORMATION SECURITY
REFERENCES
Alsaadi, I. M. (2015). Physiological Biometric Authentication Systems, Advantages,
Disadvantages And Future Development: A Review. International Journal Of Scientific
& Technology Research, 4(8), 285-289.
Barbosa, F. G., & Silva, W. L. S. (2015, November). Support vector machines, Mel-Frequency
Cepstral Coefficients and the Discrete Cosine Transform applied on voice based
biometric authentication. In SAI Intelligent Systems Conference (IntelliSys), 2015 (pp.
1032-1039). IEEE.
Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., & Savvides, M. (2015).
Biometric authentication on iphone and android: Usability, perceptions, and influences on
adoption. Proc. USEC, 1-2.
Chen, S., Pande, A., & Mohapatra, P. (2014, June). Sensor-assisted facial recognition: an
enhanced biometric authentication system for smartphones. In Proceedings of the 12th
annual international conference on Mobile systems, applications, and services (pp. 109-
122). ACM.
Ciuffo, F., & Weiss, G. M. (2017, October). Smartwatch-based transcription biometrics.
In Ubiquitous Computing, Electronics and Mobile Communication Conference
(UEMCON), 2017 IEEE 8th Annual (pp. 145-149). IEEE.
De Luca, A., Hang, A., Von Zezschwitz, E., & Hussmann, H. (2015, April). I feel like I'm taking
selfies all day!: towards understanding biometric authentication on smartphones.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

chevron_up_icon
1 out of 13
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.