Information Security: ATM Security, Biometric Systems, and Encryption

Verified

Added on 2023/06/13

AI Summary

This report delves into various aspects of information security, focusing primarily on ATM security, biometric authentication systems, and encryption methodologies. It outlines the three key requirements of ATM systems: confidentiality, integrity, and availability, providing examples for each. The report analyzes a scenario involving a compromised ATM, calculating the probability of a thief cracking a PIN. It further discusses the reluctance towards biometric authentication due to issues like data accuracy, hardware requirements, and password resets, suggesting remedies for these concerns. The report also differentiates between physiological and behavioral biometric attributes, highlighting situations where false negatives can be more dangerous than false positives. Finally, it identifies the transposition cipher, particularly the rail fence cipher, as an effective encryption method and demonstrates the decryption of a cipher text using Caesar cipher and substitution algorithms to reveal the message: INCREASE THE PROCESSOR FREQUENCY. This assignment solution is available on Desklib, a platform offering a range of study tools for students.

Running head: INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
INFORMATION SECURITY
Table of Contents
Question 1..................................................................................................................................2
Question 2..................................................................................................................................3
Question 3..................................................................................................................................4
Question 4..................................................................................................................................5
Question 5..................................................................................................................................6
References..................................................................................................................................8

2
INFORMATION SECURITY
Question 1
ATMs are the most important and significant requirements in today’s world. It helps
in easy withdrawal of money. The bank staffs are not involved in this process. An ATM card
and the PIN are required (De Gramatica et al., 2015). The three requirements of ATM are
given below:
i) Confidentiality: It helps to maintain the privacy of the ATM card as well as the
PIN.
Two examples of confidentiality include:
a) Maintaining privacy of the card number and the personal identification number.
b) ATM card should be present while making a transaction.
ii) Integrity: It helps to maintain the integrity of data and so that the data is not
changed or altered.
Two examples of integrity include:
a) No changing of data of the ATM card and PIN (De Gramatica et al., 2015).
b) Unintentional deletion of data.
iii) Availability: Accurate information as well as hardware should be available while
making a transaction.
Two examples of availability include:
a) Accurate information is available.
b) ATM is available.

3
INFORMATION SECURITY
Question 2
ATM helps to make withdraw cash without even going to a bank from any valid bank
account.
A thief broke into an ATM with a screwdriver and also broke five keys from keypad.
He has jammed the card reader. A customer came in and entered his card into the card reader.
He even punched his PIN and withdrew cash. However, he was unable to take out the card.
Therefore, he went out to call for help.
The thief tried to crack the PIN of the customer.
Keys broken = 5.
Series of keys are from 0 to 9.
Number of PIN= 4.
The total number of possibilities of detecting the PIN number is as follows:
5P4 = 5!/(5 - 4)! = 5!/4! = 120.
He can detect in 120 ways; however, he will be allowed to enter the card only 3 times
and after the 3rd attempt, the card would be blocked.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
INFORMATION SECURITY
Question 3
Biometric authentication system helps to recognize any person with his biological
features. The biological traits are used as passwords in the system and they are matched for
identifying the person (Andress, 2014).
Few people are reluctant to use this system as there are few demerits. However, these
could be removed. Following are the three reasons with significant remedies.
i) Lack of Data Accuracy: Biometric authentication system often does not provide
100% accurate data.
To solve this problem, FAR and FRR could be utilized. They are the False Rejection
Rate and False Acceptance Rate.
ii) Additional Hardware Needed: Extra hardware is needed when biometric is
implemented (Peltier, 2016).
To solve this problem, installation of cheap hardware could be done.
iii) Resetting of Passwords: It is difficult to reset the passwords of biometric.
To solve this problem, HIPAA or PCI-DDs regulations can be used.

5
INFORMATION SECURITY
Question 4
The most famous biometric recognition systems are fingerprint, voice, or face
recognition, scanning of iris or cornea, heart rate scanning and palm scanning. These are
referred to as the physiological attributes and the behavioural attributes are the behaviour or
gait of the person (Peltier, 2016).
Various times occur when the biometric authentication system provide false negative
data. These are more dangerous than the false positive data. Two such situations are given
below:
i) Restriction in Accessing Own Objects: This type of problem arrives when the user
is restricted to use his own object for he is unable to give biometric passwords (Andress,
2014).
ii) Failure in Identification of Patients: This type of machine is unable to detect the
patients as they could not give biometric passwords due to illness like cardiac arrest or burnt
fingers.

6
INFORMATION SECURITY
Question 5
1st part
The most effective encryption methodology is transposition cipher. It helps to decrypt
the cipher by using unique algorithms (Singh, 2013). The best form of transposition cipher is
the rail fence cipher where encryption and decryption are done by following few steps in a
sequence. It is very effective and could be done quickly.
2nd part
After using algorithms for Caesar cipher and substitution for George’s company, the
cipher text could be decrypted.
Plain text: NTJWKHXK AMK WWUJJYZTX MWKXZKUHE
Substitution key: 234
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
Encrypted Text N T J W K H X K
Numeric value 14 20 10 23 11 8 24 11
Substitution Key 2 3 4 2 3 4 2 3
Decoded from the substitution
cipher 12 17 6 21 8 4 22 8
Shifting as Caeser cipher 3 3 3 3 3 3 3 3
Decoded from Caeser cipher 9 14 3 18 5 1 19 5
Decoded Text I N C R E A S E

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
INFORMATION SECURITY
Encrypted Text A M K
Corresponding numeric value 1 13 11
Substitution Key 4 2 3
Decoded from substitution
cipher 23 11 8
Shifting as Caeser cipher 3 3 3
Decoded from caeser cipher 20 8 5
Decoded Text T H E
Encrypted Text W W U J J Y Z T X
Corresponding numeric value 23 23 21 10 10 25 26 20 24
Substitution Key 4 2 3 4 2 3 4 2 3
Decoded from substitution cipher 19 21 18 6 8 22 22 18 21
Caeser cipher shift 3 3 3 3 3 3 3 3 3
Decoded from caeser cipher 16 18 15 3 5 19 19 15 18
Decoded Text P R O C E S S O R
Encrypted Text M W K X Z K U H E
Corresponding numeric value 13 23 11 24 26 11 21 8 5
Substitution Key 4 2 3 4 2 3 4 2 3
Decoded from substitution cipher 9 21 8 20 24 8 17 6 2
Shifting Caeser cipher 3 3 3 3 3 3 3 3 3
Decoded from caeser cipher 6 18 5 17 21 5 14 3 25
Decoded Text F R E Q U E N C Y
Hence, the decrypted text for the provided text of NTJWKHXK AMK WWUJJYZTX
MWKXZKUHE is

8
INFORMATION SECURITY
INCREASE THE PROCESSOR FREQUENCY.

9
INFORMATION SECURITY
References
Andress, J. (2014). The basics of information security: understanding the fundamentals of
InfoSec in theory and practice. Syngress.
De Gramatica, M., Labunets, K., Massacci, F., Paci, F., & Tedeschi, A. (2015, March). The
role of catalogues of threats and security controls in security risk assessment: an
empirical study with ATM professionals. In International Working Conference on
Requirements Engineering: Foundation for Software Quality (pp. 98-114). Springer,
Cham.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. CRC Press.
Singh, G. (2013). A study of encryption algorithms (RSA, DES, 3DES and AES) for
information security. International Journal of Computer Applications, 67(19).