Information Security Assignment: ATM, Biometrics, and Encryption

Verified

Added on 2022/09/17

AI Summary

This assignment explores several facets of information security. It begins by examining Automated Teller Machine (ATM) security, including confidentiality, integrity, and availability requirements, and the encryption of PINs. It then delves into the calculation of potential PIN combinations a thief might attempt. The assignment also investigates biometric authentication, discussing its advantages, user reluctance, and countermeasures. It differentiates between false positive and false negative errors in biometric systems, analyzing their implications. Finally, the assignment addresses encryption techniques, including transposition and Caesar ciphers, and provides a step-by-step decryption of a ciphertext to reveal a suspect's address using the Caesar cipher method. The solution also references several research papers to support the concepts discussed.

INFORMATION SECURITY
1
Information Security
Student's Name
Institutional Affiliation

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION SECURITY
2
Q1. Automated Teller Machine (ATM) is referred to as an electrical banking outlet that
makes it easier for the customers to carry out transactions using a debit or credit card without
getting assistance or direct interaction with the teller or bank staff (Kobres & Mouden, 2018).
Several confidentiality requirements examples are connected to Automated Teller Machine. One
of the examples is that the Personal Identification Card commonly known as PIN has to be
encrypted whenever stored. This is usually made possible when the hash property is used in
saving these PINs in the database of a particular financial company. By so doing, the PIN is
hidden and can only be seen as an unreadable text and can only be made readable by decrypting
using the correct code. Another example of confidentiality requirements is that there must be an
encryption of the channel of communication that links the Automated teller Machine and the
financial institution. This is mainly to ensure that the customers’ communication history is
safeguarded from both internal and external access.
Integrity is another requirement that is related to the Automated Teller Machine. An
example of integrity requirement is that the accomplishment of any activity via the Automated
Teller Machine must be connected to the financial bank account which is in turn linked up with
the customers’ debit cards or credit cards. Through this, ethical values of truthfulness and
honesty are adhered to by parties involved.
Availability is yet another requirement associated with the Automated Teller Machine.
With availability, almost a hundred percent availability of time of the Automated Teller Machine
system must be provided. This is for the bank customers to be able to access their accounts at
any given time without any restrictions in terms of time. The other example of availability
requirement is that the ATM must be able to serve a particular number of bank users
simultaneously at any particular time (Casares, & Murrone, 2016).
Q2. The maximum number of 4-digit PINs that the thief may have to enter is easily
computed by use of the permutation method (Li, Wang, & Chen, 2017). From ten distinct
numbers, those are, numbers zero to nine 4-digit permutation (PINs) can be made.
Number: 4-digit PIN
Ten distinct numbers used to create the PIN: 0,1,2,3,4,5,6,7,8 and 9
=> 10.10.10.10= 10^4
= 10,000 PINs
Below is a step by step formula of achieving this permutation.
For the first digit the number of choices I have is 10. After choosing the first digit, the
second digit will have 10 choices this will be 10*10=100. For every two digits choice, there are
10 choices for the third digit. This gives us 10*10*10=1000. Eventually, for the fourth and last
digit, we have 10 choices which give us 10*10*10*10*10=10000. Therefore, the maximum
number of PINs the thief will have to enter into the Automated Teller Machine before
discovering the correct PIN of the customer is ten thousand (10,000).
Q3. Biometric authentication is one that depends on the uncommon physical features or
unique characteristics of a person to make a verification that they are who they claim to be.

INFORMATION SECURITY
3
Usually, the biometric data is captured, stored in the database then used to confirm with the
actual person. Despite this good functionality of the biometric authentication, people are
reluctant in its usage. People may be reluctant to make use of biometrics because they fear
surveillance in case of any law-breaking. It is known that most institutions responsible for
enforcing the law are widely using biometric identification, especially facial recognition in
capturing lawbreakers (Boriev, Sokolov, & Nyrkov, 2015).
Another reason why biometric authentication is being held back is the unreliability of
Identification. In the case of facial recognition, we find that there is a certain thing that needs to
be set right before being recognized. The first one is the lighting. If lighting is not as sufficient as
the one used to register the face, then accurate results will not be achieved. Another thing is
positioning. For one to achieve correct results, the object positioning has to match the
biometrically saved positioning.
The third reason why people are reluctant to use biometrics is that they fear a breach of
privacy. Most people are not comfortable with being tracked around in search of their location
and what they do. People also dislike the fact that many institutions have allowed poor security
which has made their databases vulnerable to the cyber attacker to access and get people’s
personal information. This is why peoples are reluctant to use biometrics.
To counter these objections of the usage of biometric authentication, the implementers
should view this method as a complementary one whereby they are used together for verification
instead of viewing them separately to identify who you are (Jain, Klare & Ross, (2015). Another
countermeasure to these objections is to strongly protect our security with a hard-to-guess
password. The two-factor authentication can also be of great help; to assist people to accept this
method of authentication since it is the future we anticipate only if its ethics and policies are
adhered to by parties involved.
Q4. False Positive also known as false acceptance is when one is falsely stated that a
certain sample of biometric is his or hers when the truth is that it does not belong to that person
whereas false negative or false rejection is probably and falsely stating that a certain biometric
belongs to another person when in fact it belongs to him or her (Haque, Nasrollahi, & Moeslund,
2015). With false positive the probability of it occurring is low. For instance, when a person who
is not you manages to unlock your phone by the use of his fingerprint then that is a case of false
positive. On the other hand, when, say, you want to unlock your phone using fingerprint but it
tells you that your fingerprint is not detected, that is a case of a false negative. That is why to
prevent false acceptance is better than false rejection.
One extreme circumstance where false negative is more serious than false positive is
when one owns a very precious property like a safe for keeping money and other valuable things
like jewels and is locked but he or she is unable to access the money and maybe it is urgently
needed; this could be a serious problem. Similarly, in an institution that is at risk of losing
billions of money just because the biometric system at that moment has failed to recognize the
person in charge. Another extreme circumstance when false negative is serious is personal safety
is at risk. This is when a person in charge of a database suddenly collapses due to say, heart
attack but his/her cardiopulmonary resuscitation is inside a safe that needs facial unlock. Because
I cannot access the CPR, he or she may lose their life.

INFORMATION SECURITY
4
Q5. Transposition cipher, simply transposition is an encrypting method whereby the
positions of plaintext units have lurched following system to enable a ciphertext constitutes the
plaintext permutations (Krishna, Reddy, Kiran, & Reddy, 2016). To decrypt or decode a
ciphertext, one needs to set up two matrices based on two words to undo the transposition at
hand and then to eventually undo the substitution. Steps are applied in the breaking of a super-
encrypted ciphertext since the super-encryption make it more secure. For this to be achieved, the
substitution cipher needs to be decoded then one needs to do away with transpositions that are
remaining through testing of the transpositions which are possible.
To decipher a ciphertext, several steps need to be followed to crack an encrypted message
using the substitution cipher. The first step is to cut your encrypted message and then paste it in a
ciphertext box or one can randomly click on a ciphertext in case the message is not available.
Next step is clicking on a button with the label Individual Letters Frequency. A more frequent
letter will appear representing the letter, say, E. This letter is then fed into an empty box’s row
named Plaintext Alphabet (Marcet & Perea, 2018). The first step into message cracking will be
achieved when all the letters have been transformed into ‘E’s. Then match the rest of the
frequent letters with the English frequent letters which will then be a display of the frequencies.
This result will enable one to see readable words and also perform guesswork on the rest of the
letters (Wang, 2016).
In this particular police case, we are required to decrypt the message: DJOCIT WWDN
TYWTNAPRP BBMV SIWRVHCUTO to discover the suspect’s address. In ceasar cipher, the
key is usually determined by the number of letter for shifting the cipher alphabet. If we have:
Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext: BCDEFGHIJKLMNOPQRSTUVWXYZA, then it means that each letter of
the plain text is lurched up the alphabetical order. Mathematically, ‘A’=0, ‘B’=1,…,’Z’=25. For
the police case, the ciphertext: DJOCIT WWDN TYWTNAPRP BBMV SIWRVHCUTO is
decrypted in the manner below:
Ciphertext: DJOCIT WWDN TYWTNAPRP BBMV SIWRVHCUTO
Plaintext: CINBHS VVCM SXVSMZOQO AALU RHVQUGBTSN. Similarly this can
be achieved using the pycipher module where:
Caesar (key=1).decipher (' DJOCIT WWDN TYWTNAPRP BBMV SIWRVHCUTO ')
‘CINBHS VVCM SXVSMZOQO AALU RHVQUGBTSN ' (Johnson, 2019).
Therefore, the suspect’s address is found to be CINBHS VVCM SXVSMZOQO AALU
RHVQUGBTSN after decryption.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION SECURITY
5
References
Boriev, Z. V., Sokolov, S. S., & Nyrkov, A. P. (2015). Review of modern biometric user
authentication and their development prospects. In IOP Conference Series: Materials
Science and Engineering (Vol. 91, No. 1, p. 012063). IOP Publishing.
Casares, W., & Murrone, F. H. (2016). U.S. Patent No. 9,342,823. Washington, DC: U.S. Patent
and Trademark Office.
Haque, M. A., Nasrollahi, K., & Moeslund, T. B. (2015, June). Heartbeat signal from facial
video for biometric recognition. In Scandinavian Conference on Image Analysis (pp. 165-
174). Springer, Cham.
Jain, A., Klare, B., & Ross, A. (2015, May). Guidelines for best practices in biometrics research.
In 2015 International Conference on Biometrics (ICB) (pp. 541-545). IEEE.
Johnson, H. R. (2019). CS04ALL: Cryptography Module.
Kobres, E., & Mouden, B. J. J. (2018). U.S. Patent No. 9,922,370. Washington, DC: U.S. Patent
and Trademark Office.
Krishna, B. H., Reddy, I. R. S., Kiran, S., & Reddy, R. P. K. (2016, March). Multiple text
encryption, key entrenched, distributed cipher using pairing functions and transposition
ciphers. In 2016 International Conference on Wireless Communications, Signal
Processing and Networking (WiSPNET) (pp. 1059-1061). IEEE.
Li, Y., Wang, C., & Chen, H. (2017). A hyper-chaos-based image encryption algorithm using
pixel-level permutation and bit-level permutation. Optics and Lasers in Engineering, 90,
238-246.
Wang, Z. (2016). U.S. Patent No. 9,319,875. Washington, DC: U.S. Patent and Trademark
Office. Marcet, A., & Perea, M. (2018). Can I order a burger at rnacdonalds. com? Visual
similarity effects of multi-letter combinations at the early stages of word
recognition. Journal of Experimental Psychology: Learning, Memory, and
Cognition, 44(5), 699.