Analysis of Biometric Verification Systems and Information Security
VerifiedAdded on 2025/04/29
|13
|1709
|316
AI Summary
Desklib provides past papers and solved assignments for students. This report assesses information security.
Information security assessment 2
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
Introduction.................................................................................................................................................3
Question 1...................................................................................................................................................4
Question 2...................................................................................................................................................6
Question 3...................................................................................................................................................7
Question 4...................................................................................................................................................9
Question 5.................................................................................................................................................11
Conclusion.................................................................................................................................................12
References.................................................................................................................................................13
List of Figures
Figure 1 CIA Triad......................................................................................................................................4
2
Introduction.................................................................................................................................................3
Question 1...................................................................................................................................................4
Question 2...................................................................................................................................................6
Question 3...................................................................................................................................................7
Question 4...................................................................................................................................................9
Question 5.................................................................................................................................................11
Conclusion.................................................................................................................................................12
References.................................................................................................................................................13
List of Figures
Figure 1 CIA Triad......................................................................................................................................4
2
Introduction
Information security systems should be able to protect the data of a person’s private information
from outside worlds and unauthorized access. To accomplish this factor, an information system
should possess these properties such as it should be confidential, integral and available all the
time to the users. These properties are highly desirable in an information system because data
breaches and exposure of a person's sensitive information can take place if confidentiality is
missing. On the other hand, the system should update itself with accurate transactions so that the
customer's information is not affected in any way. Unavailability of the system affects the users
in such a way that the customers may get disinterested in using its services. One such system is a
biometric verification system, the disadvantages of which are reported in this report. Also, false
negatives may result in various disadvantages.
3
Information security systems should be able to protect the data of a person’s private information
from outside worlds and unauthorized access. To accomplish this factor, an information system
should possess these properties such as it should be confidential, integral and available all the
time to the users. These properties are highly desirable in an information system because data
breaches and exposure of a person's sensitive information can take place if confidentiality is
missing. On the other hand, the system should update itself with accurate transactions so that the
customer's information is not affected in any way. Unavailability of the system affects the users
in such a way that the customers may get disinterested in using its services. One such system is a
biometric verification system, the disadvantages of which are reported in this report. Also, false
negatives may result in various disadvantages.
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Question 1
Confidentiality- In order to access an information system there are certain data that needs to be
entered to validate a person into the system. Hence it is the responsibility of the system to secure
and protect the personal data so that it cannot be accessed by an unauthorized person. Hence to
make information system work, confidentiality has to be embedded in it, such as encrypting
sensitive data. The system transaction must be secure to avoid data loss and data breach while
transmission. The data should be present at the specific storage devices in protected form so that
copying of data can be prohibited. Also, the user PIN should be changed regularly. Proper
encryption of data is mandatory to maintain the confidentiality of the system so that data
breaches and exposure of a person's sensitive information can be prevented. Therefore
confidentiality is the key part in maintaining a good information system (What is confidentiality,
integrity, and availability (CIA triad)? 2019).
Figure 1 CIA Triad
(Source: INFOBASICS-Basic Concept of Information Security 2019)
Integrity- the integrity of an information system can be maintained by allowing the system to
operate accurately when a transaction occurs. In the case of ATM machines, the account
4
Confidentiality- In order to access an information system there are certain data that needs to be
entered to validate a person into the system. Hence it is the responsibility of the system to secure
and protect the personal data so that it cannot be accessed by an unauthorized person. Hence to
make information system work, confidentiality has to be embedded in it, such as encrypting
sensitive data. The system transaction must be secure to avoid data loss and data breach while
transmission. The data should be present at the specific storage devices in protected form so that
copying of data can be prohibited. Also, the user PIN should be changed regularly. Proper
encryption of data is mandatory to maintain the confidentiality of the system so that data
breaches and exposure of a person's sensitive information can be prevented. Therefore
confidentiality is the key part in maintaining a good information system (What is confidentiality,
integrity, and availability (CIA triad)? 2019).
Figure 1 CIA Triad
(Source: INFOBASICS-Basic Concept of Information Security 2019)
Integrity- the integrity of an information system can be maintained by allowing the system to
operate accurately when a transaction occurs. In the case of ATM machines, the account
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
information is linked to a user's ATM card hence whenever the user links ATM card, the system
should correctly identify the user's account information. In addition to that, all the activities such
as withdraw and deposit, the system should update itself with accurate transactions so that the
customer's information is not affected in any way. Therefore integrity is important for a system
so that accurate changes can be reflected in it (Ghahrai 2019).
Availability- an information system should always be available for its users. In the case of ATM,
if it starts working poorly or becomes unavailable due to some fault in it, the customers will have
to suffer. To meet the increasing demands of users, more such systems should be built. For the
requirement of availability, the system should be checked properly and regularly so as to know if
the system needs an update or the system needs repair so that the system can remain available
throughout the time. Unavailability of the system affects the users in such a way that the
customers may get disinterested in using its services (Safa, Sookhak, Von Solms, Furnell, Ghani,
& Herawan 2015).
5
should correctly identify the user's account information. In addition to that, all the activities such
as withdraw and deposit, the system should update itself with accurate transactions so that the
customer's information is not affected in any way. Therefore integrity is important for a system
so that accurate changes can be reflected in it (Ghahrai 2019).
Availability- an information system should always be available for its users. In the case of ATM,
if it starts working poorly or becomes unavailable due to some fault in it, the customers will have
to suffer. To meet the increasing demands of users, more such systems should be built. For the
requirement of availability, the system should be checked properly and regularly so as to know if
the system needs an update or the system needs repair so that the system can remain available
throughout the time. Unavailability of the system affects the users in such a way that the
customers may get disinterested in using its services (Safa, Sookhak, Von Solms, Furnell, Ghani,
& Herawan 2015).
5
Question 2
To find out the maximum number of attempts that Thief will have to take to find out the correct
pin, the basic information of a PIN should be known. A PIN number has 4 digits where each
digit can be any number from 0-9, hence there are 10 possible numbers for each place. As the
thief broke 5 keys, so the remaining keys that can be used as valid PIN digit are 5. The range of
PIN that can be entered varies from 0000 to 9999. One number from this range will be the
correct answer. So the thief will pick up one digit randomly and enter it. After it again thief will
be left with all the five choices so he can pick any number from those five keys to generate a 4
digit PIN. For the first attempt the possible numbers are 5, for the second time also the possible
numbers are 5 and so on till fourth time hence the answer can be calculated by multiplying all
these possibilities, i.e. 5*5*5*5. Therefore the maximum number of attempts will be 625.
6
To find out the maximum number of attempts that Thief will have to take to find out the correct
pin, the basic information of a PIN should be known. A PIN number has 4 digits where each
digit can be any number from 0-9, hence there are 10 possible numbers for each place. As the
thief broke 5 keys, so the remaining keys that can be used as valid PIN digit are 5. The range of
PIN that can be entered varies from 0000 to 9999. One number from this range will be the
correct answer. So the thief will pick up one digit randomly and enter it. After it again thief will
be left with all the five choices so he can pick any number from those five keys to generate a 4
digit PIN. For the first attempt the possible numbers are 5, for the second time also the possible
numbers are 5 and so on till fourth time hence the answer can be calculated by multiplying all
these possibilities, i.e. 5*5*5*5. Therefore the maximum number of attempts will be 625.
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Question 3
Biometrics verification still has not achieved perfection which makes people trust it less. The
reasons for which people are reluctant to use it are
1. Cost problem- biometrics verification is quite costly because it involves a lot of scanners,
high-quality cameras, and algorithms to detect the pattern or face. Therefore it will be highly
undesirable for common people to invest into biometrics verification systems to protect their
system from attacks. These systems can also be efficiently deployed in companies for
commercial purposes and for government purposes. Therefore the increased cost of these
systems makes it reluctant.
2. Lack of Accuracy- biometric verification systems are not highly accurate in terms of detecting
retina and DNA to date, because patterns such as these have to be detected with high accuracy.
There are cases when a system can fail to recognize a face or voice in certain conditions that can
lead to several disadvantages.
3. Lack of privacy- it is still believed that biometrics is still not suitable because of lack of
privacy. The password is more private because only a person, who has made it, knows it and the
database where it is stored is also secured. Whereas fingerprint is present on everything we
touch. Someone can have the fingerprints and use it for illegal purposes. There are high chances
of recording voice, eyes and facial pattern also to attack the private data (Smith, Gannoni, &
Goldsmid, 2019).
Solutions to the problems stated above:
1. Biometrics system should be made cheaper and available to everyone by developing in budget
sensors and several other components that are involved in biometric systems.
2. Biometrics system is tested according to every condition that can occur, properly
before deploying it.
3. To increase the privacy of one's sensitive information, biometrics verification systems should
involve two or more recognition patterns together to make it more difficult for the attackers.
Also, the biometric verification system can use stories that a user will enter by selecting some
images from the given images to make a pattern which can be used as a verification pattern.
7
Biometrics verification still has not achieved perfection which makes people trust it less. The
reasons for which people are reluctant to use it are
1. Cost problem- biometrics verification is quite costly because it involves a lot of scanners,
high-quality cameras, and algorithms to detect the pattern or face. Therefore it will be highly
undesirable for common people to invest into biometrics verification systems to protect their
system from attacks. These systems can also be efficiently deployed in companies for
commercial purposes and for government purposes. Therefore the increased cost of these
systems makes it reluctant.
2. Lack of Accuracy- biometric verification systems are not highly accurate in terms of detecting
retina and DNA to date, because patterns such as these have to be detected with high accuracy.
There are cases when a system can fail to recognize a face or voice in certain conditions that can
lead to several disadvantages.
3. Lack of privacy- it is still believed that biometrics is still not suitable because of lack of
privacy. The password is more private because only a person, who has made it, knows it and the
database where it is stored is also secured. Whereas fingerprint is present on everything we
touch. Someone can have the fingerprints and use it for illegal purposes. There are high chances
of recording voice, eyes and facial pattern also to attack the private data (Smith, Gannoni, &
Goldsmid, 2019).
Solutions to the problems stated above:
1. Biometrics system should be made cheaper and available to everyone by developing in budget
sensors and several other components that are involved in biometric systems.
2. Biometrics system is tested according to every condition that can occur, properly
before deploying it.
3. To increase the privacy of one's sensitive information, biometrics verification systems should
involve two or more recognition patterns together to make it more difficult for the attackers.
Also, the biometric verification system can use stories that a user will enter by selecting some
images from the given images to make a pattern which can be used as a verification pattern.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Question 4
False negatives can be very harmful in biometrics verification systems. There are two case
scenarios which explain the disadvantages of false negatives.
1. Nowadays in concerts, meetings, exams or seminars, etc. People can register them online for
the event. Their personal information and facial pattern or image are also recorded so that it can
be matched with the person attending the event so that to allow an only registered person into the
event. If biometric produces false negative then the personal attending the session can get a
disadvantage. In the case of exams, it can be highly undesirable for these systems to fail to
recognize a student.
2. The major functionality of biometrics is to correctly identify a person's physical traits after
matching it with the same person's data stored previously in the database. But in a case where a
person wants to unlock his safe to get some money for an urgent situation and biometric systems
fails to match the fingerprint with the one already stored in the database. It will be a negative
response to the biometric verification system (Computer Security SS3: Biometric Authentication.
2019).
8
False negatives can be very harmful in biometrics verification systems. There are two case
scenarios which explain the disadvantages of false negatives.
1. Nowadays in concerts, meetings, exams or seminars, etc. People can register them online for
the event. Their personal information and facial pattern or image are also recorded so that it can
be matched with the person attending the event so that to allow an only registered person into the
event. If biometric produces false negative then the personal attending the session can get a
disadvantage. In the case of exams, it can be highly undesirable for these systems to fail to
recognize a student.
2. The major functionality of biometrics is to correctly identify a person's physical traits after
matching it with the same person's data stored previously in the database. But in a case where a
person wants to unlock his safe to get some money for an urgent situation and biometric systems
fails to match the fingerprint with the one already stored in the database. It will be a negative
response to the biometric verification system (Computer Security SS3: Biometric Authentication.
2019).
8
Question 5
Given cipher text is LC DOMX IZY XVHP XMJQSH AANW FIHABRT
It was encrypted with the help of one time pad encryption and cipher text sunstitution. To decode
it using the one time pad decrption tecnhnique the key has been given, which are
7,15,12,6,8,9,4,2,1,13,12,5,3,1,8,15,6,4,8,12,8,10,9,14,6,11,13,2,4,6. These keys have to be subtracted
from the the letter number. For example letter A is given a number 1, B -2 and so on for every letter. To
calculate the decrypted text, letter L which has a number of 12, will be used to subtract its respective
key which is 7. Hence 12-7 gives 5, the number for 5 is E hence the decrypted letter is E. whenever
subtraction will result into a negative number, 26 can be added to make it positive. Applying the
decryption to every letter it gives: ENRIEOEXXKJCMWEUKOZOSDNRCWNZNN
In the same way cipher text substitution can be applied for the key 567.
567 module 26 = 21
New key 21 has been achieved which will be used for every letter, applying the subscription technique
two times the cipher text will be :
1. JSWNJTJCCPOHRBJZPTETXISWHBSESS
2. OXBSOYOHHUTMWGOEUYJYCNXBMGXJXX (i.e. Plain text)
9
Given cipher text is LC DOMX IZY XVHP XMJQSH AANW FIHABRT
It was encrypted with the help of one time pad encryption and cipher text sunstitution. To decode
it using the one time pad decrption tecnhnique the key has been given, which are
7,15,12,6,8,9,4,2,1,13,12,5,3,1,8,15,6,4,8,12,8,10,9,14,6,11,13,2,4,6. These keys have to be subtracted
from the the letter number. For example letter A is given a number 1, B -2 and so on for every letter. To
calculate the decrypted text, letter L which has a number of 12, will be used to subtract its respective
key which is 7. Hence 12-7 gives 5, the number for 5 is E hence the decrypted letter is E. whenever
subtraction will result into a negative number, 26 can be added to make it positive. Applying the
decryption to every letter it gives: ENRIEOEXXKJCMWEUKOZOSDNRCWNZNN
In the same way cipher text substitution can be applied for the key 567.
567 module 26 = 21
New key 21 has been achieved which will be used for every letter, applying the subscription technique
two times the cipher text will be :
1. JSWNJTJCCPOHRBJZPTETXISWHBSESS
2. OXBSOYOHHUTMWGOEUYJYCNXBMGXJXX (i.e. Plain text)
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Conclusion
In order to make the information system more effective the factors confidentiality, integrity and
availability should be applied properly to the system. To make the biometric system more
feasible and useful for common people, the biometrics system should be made cheaper and
available to everyone by developing in budget sensors and several other components that are
involved in biometric systems. Biometrics system should be able to accurately detect and should
never generate a false negative. in order to secure the data while transmission various techniques
can be implied which will encrypt the data and can be decrypted at the end point to convert it
into a meaningful message.
11
In order to make the information system more effective the factors confidentiality, integrity and
availability should be applied properly to the system. To make the biometric system more
feasible and useful for common people, the biometrics system should be made cheaper and
available to everyone by developing in budget sensors and several other components that are
involved in biometric systems. Biometrics system should be able to accurately detect and should
never generate a false negative. in order to secure the data while transmission various techniques
can be implied which will encrypt the data and can be decrypted at the end point to convert it
into a meaningful message.
11
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.