Analyzing Information Security in Automated Teller Machines

Verified

Added on 2021/04/17

AI Summary

This assignment delves into the multifaceted aspects of information security within Automated Teller Machines (ATMs). It begins by defining and explaining the critical roles of confidentiality, integrity, and availability in ensuring secure transactions and protecting user data. The document then presents a scenario involving a compromised ATM, calculating the maximum number of attempts a thief could make to guess a PIN, and explores the trade-offs in biometric authentication systems, discussing user reluctance and potential vulnerabilities. The assignment further examines scenarios where false negatives in biometric systems can have severe consequences, emphasizing the importance of accurate authentication. Finally, it provides an overview of transportation encryption methodologies, comparing and contrasting symmetric and asymmetric key algorithms, as well as hash functions, to secure data transmission. The document concludes with a list of relevant references.

[Type the company name]
Information Security

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Contents
Question 1: Role of Confidentiality, Integrity, and Availability in ATM system.....................2
Answer:......................................................................................................................................2
Part 1: Confidentiality............................................................................................................2
Part 2: Integrity:......................................................................................................................2
Part 3: Availability:................................................................................................................3
Question 2:.................................................................................................................................3
Answer:...................................................................................................................................3
Question 3:.................................................................................................................................4
Answer....................................................................................................................................4
Question 4:.................................................................................................................................5
Answer:...................................................................................................................................5
Question 5:.................................................................................................................................5
Answer....................................................................................................................................5
References:.................................................................................................................................6

Question 1: Role of Confidentiality, Integrity, and Availability in ATM system
Answer:
Part 1: Confidentiality
The confidentiality means restriction applies to the data to make it disclosed from the third
party. The information related with the account such as account number, ATM number, and
PIN number should be kept confidential which helps in keeping the account secure from
hacking.
Example:
The user can access their bank account directly from the ATM machine by using their ATM
card and PIN number to withdraw money. The Information of the PIN number should be kept
confidential during the transaction process. It should not be leaked from the host system and
bank server during the communication. The PIN number should be sent in the encrypted
form.
Importance:
 The leaking of the PIN number can result into the hacking of the account by the third
party. It should remain confidential
Part 2: Integrity:
The integrity means that the information should not be modified during the transaction by
the third party.
Example:
Suppose the user want to transfer 1500 rupees through online transaction but the amount
deducted from his account is 15000 rupees, than the problem occurs.
Importance:
The information related to filling of the amount should be sent in the encrypted form from
host to the bank server so that it can’t be modified by the third party and remain in the
integrated form (Tuli and Kaur, 2015).

Part 3: Availability:
It means that only the authorised user of the bank account will be able to retrieve relevant
information about their account details.
Example:
The account detail should be provided to the account user only. It should not be provided to
the third party. The loss of information due to natural disaster or malicious activity can slow
down the process of information available at user demand. The problem of availability can be
resolved with the management of backup database (Liang, 2016).
Importance:
The backup database helps in securing the information of the bank client even if the bank
databases get corrupted due to natural disaster or malicious activity.
Question 2:
Answer:
In the given scenario, the thief has broken down 5 keys from the keypad of the automated
teller machine and had jammed the card reader. The card user is able to withdraw out money
from the machine even though there were only 5 keys left on the keypad but his card was get
remain stuck to the machine due to the Jamming done by the thief. The thief gets a chance to
use the account of the user by entering the PIN number.
The PIN number is composed of four digits means the thief has to use four digits out of five
digits available on the Keypad of the automated teller machine (Smith, 2016). Therefore, the
maximum number of attempts which the thief can made is about 54 = 625 Keys.
The maximum number of times which the thief has to enter the PIN number for accessing the
account of the user is 625 keys.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Question 3:
Answer
Biometric is the method used for securing the bank accounts more secure by using the
physical characteristic of the human for making password such as Eyes, Fingerprints, voice,
and etc (Alsaadi, 2015).
The users are reluctant to the biometric system because of the following reason:
 Cost: The biometric system requires special hardware and software features which
should be used for entering password. The complexity increases due to the matching
of the recognition pattern (Gorman, 2014). Sometimes, It becomes difficult for the
machine to do the match of the finger print from the same person due to difference in
angle.
 Exposure of Biometric Password: Password is very confidential information which
should not be shared with any one. The features which are used in the biometric
system are face, eyes, fingerprint, and voice. These features can be easily read by the
hacker because the user leaves the finger print wherever he goes, exposure of eyes
and face identity, and others. The personal identifiable information can be used by the
user for stealing the account without the knowledge of the user.
 Accidental damage to the body part: The user cannot access their own account if the
body part which is used as password for the account is not matched with the pattern
stored in the database of the computer (Siddiqui, 2016). The computer allows the user
to access their account after performing the action of pattern matching. The accidental
damage to the body part will not make the same pattern stored in the database of the
computer so, the user will not be able to user their own account.
One time installation of the biometric system will secure the bank account of the user long
lasting to be hacked by the third party. It is not an easy task to capture the physical identity of
the person because they are uniquely defined. The alternative method can be used for
accessing the account in case the damage occurs in the body part which was used as a
password in the biometric system.

Question 4:
Answer:
A false negative is a situation when the biometric machine is unable to predict the person
characteristics and does not allow him to access his account (Timm, 2011). The two
circumstances in which false negative is more serious than the false positive are given below:
 On the Personal Basis: The person is in emergency situation due to health hazard and
he need instant money from the locker of his safe. He makes use of the biometric
system to access the locker but at the time of emergency, he is not able to access his
account to withdraw money (Mansfield, and Wayman, 2012). This instance can lead
to serious outcome.
 On the Organizational Basis: The project owner has to do 2 million dollar deal with
the client but due to the failure of the organization network he is not able to access the
required data. He decided to take the relevant information from the back up database
of the data centre (Matyas, and Riha, 2016). The Backup system depends on the
biometric accessing of the account which make use physical trait of the Owner but the
computer fails to make the pattern matching and denied the access of the account. The
delay in the process result into loss of 2 million dollar of the firm.
Question 5:
Answer
The transportation encryption methodology is used for converting plain text to cipher text
with the use of mathematical permutation procedures.
Symmetric key algorithm is used for getting plain text from cipher text. There are two keys
which are used for decrypting the encrypted text. The public key is not used in the symmetric
algorithm for decrypting the text. The secret key is used for getting back plain text from the
cipher text
Asymmetric Key Algorithm: IT makes use of two keys for converting cipher text into plain
text which are named as public key and private key. The combination of public key and
private key is used for getting the plain text

Hash Function: The hash function does not make use of keys for getting plain text. They
make use of hash value from the system to convert cipher text into plain text. The comparison
of the hash value helps in getting the desired result. The hash value of the encrypted text is
compared with the hash value of the decrypted text, if the match occurs the desired output is
received by the user.
References:
Alsaadi, I. (2015). Physiological biometric authentication system, advantages, disadvantages,
and future development: A Review. Retrieved from
https://pdfs.semanticscholar.org/a40f/223fe8cfaded962b6617a0a4315db32811f9.pdf
Gorman, L. (2014). Comparing tokens, passwords, and biometric for user authentication.
Retrieved from
https://pdfs.semanticscholar.org/9c0a/9717e77964f91dd0022ae0c958b6331c9d2c.pdf
Gupta, K. (2013). Different image encryption and decryption techniques. Retrieved from
http://www.iraj.in/journal/journal_file/journal_pdf/3-27-139087843544-48.pdf
Liang, D. (2016). A Survey on ATM security. Retrieved from
http://www.cse.wustl.edu/~jain/cis788-97/ftp/atm_security/index.html
Mansfield, A., and Wayman, J. (2012). Best Practices in testing and reporting performance
of the biometric devices. Retrieved from
http://www.idsysgroup.com/ftp/BestPractice.pdf
Matyas, V., and Riha, Z. (2016). Biometric authentication security and usability. Retrieved
from https://www.fi.muni.cz/usr/matyas/cms_matyas_riha_biometrics.pdf
Siddiqui, A. (2016). Biometrics to control ATM scams: A study. Retrieved from
https://www.researchgate.net/publication/274256399_Biometrics_to_Control_ATM_s
cams_A_study
Smith, M. (2016). Black Hat: ATM split out cash after chip and PIN hack. Retrieved from
https://www.csoonline.com/article/3104393/security/black-hat-atm-spits-out-cash-
after-chip-and-pin-hack.html

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Timm, K. (2011). Strategies to reduce false positive and false negatives in NIDS. Retrieved
from https://www.symantec.com/connect/articles/strategies-reduce-false-positives-
and-false-negatives-nids
Tuli, K., and Kaur, G. (2015). ATM safety and security. Retrieved
fromhttp://www.garph.co.uk/IJARIE/Feb2013/5.pdf