IT Risk Management: Biometrics, Privacy Enhancing Techniques, and WSNs
VerifiedAdded on 2020/05/28
|10
|1985
|53
Report
AI Summary
This report provides a comprehensive overview of IT Risk Management, encompassing various aspects of security and privacy within information technology. The report begins by examining biometric systems, including palm print recognition, face recognition, and gait recognition, detailing their advantages and disadvantages as access control methods. It then delves into Privacy Enhancing Techniques (PETs), such as interactive anonymity, email anonymity, and communication privacy, emphasizing their importance in safeguarding data confidentiality online. Finally, the report explores the security threats associated with Wireless Sensor Networks (WSNs), specifically addressing Sybil attacks, spoofing attacks, and network flooding/DoS attacks, while also discussing threat mitigation strategies. The report provides a detailed analysis of these technologies and threats, offering valuable insights into the complexities of IT risk management.
Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student
Name of the University
Author Note
IT Risk Management
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
IT RISK MANAGEMENT
Table of Contents
Answer 1..............................................................................................................................2
1.1. Palm Print Recognition.............................................................................................2
1.2. Face Recognition......................................................................................................3
1.3. Gait Recognition.......................................................................................................4
Answer 2..............................................................................................................................5
2.1. Interactive Anonymity..............................................................................................5
2.2. Email Anonymity......................................................................................................5
2.3. Communication Privacy...........................................................................................6
Answer 3..............................................................................................................................6
3.1. Sybil Attack..............................................................................................................6
3.2. Spoofing Attack........................................................................................................7
3.3. Network Flooding and Dos Attack..........................................................................7
3.4. Threat Mitigation......................................................................................................7
References............................................................................................................................8
IT RISK MANAGEMENT
Table of Contents
Answer 1..............................................................................................................................2
1.1. Palm Print Recognition.............................................................................................2
1.2. Face Recognition......................................................................................................3
1.3. Gait Recognition.......................................................................................................4
Answer 2..............................................................................................................................5
2.1. Interactive Anonymity..............................................................................................5
2.2. Email Anonymity......................................................................................................5
2.3. Communication Privacy...........................................................................................6
Answer 3..............................................................................................................................6
3.1. Sybil Attack..............................................................................................................6
3.2. Spoofing Attack........................................................................................................7
3.3. Network Flooding and Dos Attack..........................................................................7
3.4. Threat Mitigation......................................................................................................7
References............................................................................................................................8
2
IT RISK MANAGEMENT
Answer 1
Biometric system is an information technology system that restricts the access of a
protected area or device only to authorized users. These technological systems make use of
physical and behavioral features of human. It is a security mechanism that authenticates the
access of a user to a system. The biometric access control system mainly deals with the
verification of the physical and biological characteristics of an individual in order to ensure
secure access. The physical, behavioral or biological characteristic of a person is generally pre
recorded in the system, which is verified once the person tries to use a protected area or system.
The biometric trait captured in the device is converted to electrical signal for verification
(Banerjee & Woodard, 2012). The examples of different types of biometric access control
system includes, fingerprint recognition, face recognition, palm print recognition, gait
recognition, iris recognition and so on. The advantages and disadvantages of face recognition,
palm print recognition and gait recognition are as follows.
1.1. Palm Print Recognition
The palm print recognition is authentication or access control system that collects the
biometric data of the entire palm for authentication. This captured biometric data of the palm is
compared with the recorded data in of the system. The advantages and disadvantages of palm
print recognition are as follows-
Advantages
The advantages of palm print access control are as follows (Cappelli, Ferrara & Maio, 2012)-
IT RISK MANAGEMENT
Answer 1
Biometric system is an information technology system that restricts the access of a
protected area or device only to authorized users. These technological systems make use of
physical and behavioral features of human. It is a security mechanism that authenticates the
access of a user to a system. The biometric access control system mainly deals with the
verification of the physical and biological characteristics of an individual in order to ensure
secure access. The physical, behavioral or biological characteristic of a person is generally pre
recorded in the system, which is verified once the person tries to use a protected area or system.
The biometric trait captured in the device is converted to electrical signal for verification
(Banerjee & Woodard, 2012). The examples of different types of biometric access control
system includes, fingerprint recognition, face recognition, palm print recognition, gait
recognition, iris recognition and so on. The advantages and disadvantages of face recognition,
palm print recognition and gait recognition are as follows.
1.1. Palm Print Recognition
The palm print recognition is authentication or access control system that collects the
biometric data of the entire palm for authentication. This captured biometric data of the palm is
compared with the recorded data in of the system. The advantages and disadvantages of palm
print recognition are as follows-
Advantages
The advantages of palm print access control are as follows (Cappelli, Ferrara & Maio, 2012)-
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
IT RISK MANAGEMENT
1. The authentication process is much stronger in comparison to fingerprint authentication as the
data of the entire palm is collected to be compared. This reduces the risk of errors in the
authentication process.
2. The process of palm print recognition can be easily integrated to different devices.
Disadvantages
The disadvantages of palm print recognition technique are as follows-
1. Since the entire data of the palm is recorded, the device size becomes considerably large as
more surface area is required for recording the data. This considerably increases the cost of the
system.
2. The time taken for data processing is higher.
1.2. Face Recognition
The access control system associated with face recognition deals with collecting the
digital image of a user to verify it with a stored record. The different patterns in the digital image
are verified for authentication purposes. The advantages and disadvantages of Face Recognition
technique are as follows (Beveridge et al., 2013)-
Advantages
The advantages of face recognition access control system are as follws-
1. It is a contact less and simple process of authentication
IT RISK MANAGEMENT
1. The authentication process is much stronger in comparison to fingerprint authentication as the
data of the entire palm is collected to be compared. This reduces the risk of errors in the
authentication process.
2. The process of palm print recognition can be easily integrated to different devices.
Disadvantages
The disadvantages of palm print recognition technique are as follows-
1. Since the entire data of the palm is recorded, the device size becomes considerably large as
more surface area is required for recording the data. This considerably increases the cost of the
system.
2. The time taken for data processing is higher.
1.2. Face Recognition
The access control system associated with face recognition deals with collecting the
digital image of a user to verify it with a stored record. The different patterns in the digital image
are verified for authentication purposes. The advantages and disadvantages of Face Recognition
technique are as follows (Beveridge et al., 2013)-
Advantages
The advantages of face recognition access control system are as follws-
1. It is a contact less and simple process of authentication
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
IT RISK MANAGEMENT
2. Since the process of authentication is simple, these types of biometric devices are cost
effective.
3. The process of identification and authentication in face recognition is very fast.
Disadvantages
The major disadvantages of face recognition are as follows-
1. Since it deals with the process of capturing and storing digital image, a larger storage space is
generally needed.
2. The quality of the image affects the authentication process
3. The relative angle of the face affects the authentication process as well.
1.3. Gait Recognition
Gait recognition collects and compares unique behavioral or biological characteristics of
human. It deals with the study of such characteristics, including the style of motion, movement
of the body and so on. The advantages and disadvantages of gait recognition are as follows-
Advantages
The advantages of Gait recognition are as follows-
1. Even an image of low resolution can be used for gait recognition unlike face recognition
technique.
2. This biometric authentication technique is generally non-invasive.
Disadvantages
IT RISK MANAGEMENT
2. Since the process of authentication is simple, these types of biometric devices are cost
effective.
3. The process of identification and authentication in face recognition is very fast.
Disadvantages
The major disadvantages of face recognition are as follows-
1. Since it deals with the process of capturing and storing digital image, a larger storage space is
generally needed.
2. The quality of the image affects the authentication process
3. The relative angle of the face affects the authentication process as well.
1.3. Gait Recognition
Gait recognition collects and compares unique behavioral or biological characteristics of
human. It deals with the study of such characteristics, including the style of motion, movement
of the body and so on. The advantages and disadvantages of gait recognition are as follows-
Advantages
The advantages of Gait recognition are as follows-
1. Even an image of low resolution can be used for gait recognition unlike face recognition
technique.
2. This biometric authentication technique is generally non-invasive.
Disadvantages
5
IT RISK MANAGEMENT
The disadvantages of gait recognition are as follows-
1. It is not as effective as face, fingerprint or palm recognition.
2. It fails to work properly if a person changes his style of movements.
Answer 2
The method or technique of ensuring proper privacy and confidentiality of data over
internet is known as Privacy Enhancing Technique or PET. It is essential to enforce proper PET
for ensuring safe online activities. The different privacy enhancing technique that can be
enforced for ensuring safe online operation is discusses in the following sections.
2.1. Interactive Anonymity
The increase use of internet has resulted in increase in the rate of online interaction as
well. An attacker can target online information flow in order to collect confidential data from the
same, leading to a subsequent loss of information. Furthermore, the attacker can modify the
information while it is transmitted. This increases the threat to privacy of data that is transmitted
online (Larsson et al., 2012). Therefore, proper privacy enhancing techniques are needed to be
enforced in order to eliminate such risk. Interactive anonymity is one such PET that ensuring
confidentiality of private data over internet. The examples of interactive anonymity include use
of onion routing, freedom network and Java Anon Proxy. Interactive Anonymity is therefore an
effective PET that is used on internet.
2.2. Email Anonymity
The use of remailer is an example of email anonymity. In this system, a particular mail is
at first sent to the remailer, from which the details of the user is removed and then sent to the
IT RISK MANAGEMENT
The disadvantages of gait recognition are as follows-
1. It is not as effective as face, fingerprint or palm recognition.
2. It fails to work properly if a person changes his style of movements.
Answer 2
The method or technique of ensuring proper privacy and confidentiality of data over
internet is known as Privacy Enhancing Technique or PET. It is essential to enforce proper PET
for ensuring safe online activities. The different privacy enhancing technique that can be
enforced for ensuring safe online operation is discusses in the following sections.
2.1. Interactive Anonymity
The increase use of internet has resulted in increase in the rate of online interaction as
well. An attacker can target online information flow in order to collect confidential data from the
same, leading to a subsequent loss of information. Furthermore, the attacker can modify the
information while it is transmitted. This increases the threat to privacy of data that is transmitted
online (Larsson et al., 2012). Therefore, proper privacy enhancing techniques are needed to be
enforced in order to eliminate such risk. Interactive anonymity is one such PET that ensuring
confidentiality of private data over internet. The examples of interactive anonymity include use
of onion routing, freedom network and Java Anon Proxy. Interactive Anonymity is therefore an
effective PET that is used on internet.
2.2. Email Anonymity
The use of remailer is an example of email anonymity. In this system, a particular mail is
at first sent to the remailer, from which the details of the user is removed and then sent to the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
IT RISK MANAGEMENT
actual receiver (Rainie et al., 2013). This helps in maintaining the privacy of the users and
protects the users from replay attacks.
2.3. Communication Privacy
The use of communication privacy system ensures that a third party accesses no
information. This is done in order to ensure that the information flow is kept private between the
two users. Use of secure socket layer, off record messaging and so on for communication, is
examples of communication privacy system. Secure socket layer encrypts all the web requests so
that is cannot be read or accessed by a third party user (Wessels et al., 2012). Off record
messaging on the other hand is a technology that ensures privacy and confidentiality of the
instant messaging systems. This PET is used by communication apps like iChat and Trillian.
Answer 3
WSNs or wireless sensor networks consists of interconnected nodes that provides a good
wireless connection to all the devices connected over a single network. The components of
WSNs consists of base stations and wireless sensors. The architecture of WSN consists of
different components, which includes application layer, transport layer, network, data link and
physical layer. The major threats associated with the wireless sensor networks are discussed
below-
3.1. Sybil Attack
This attack is quite common in wireless sensor network. Presence of a malicious node in
a wireless sensor network can infect all the tasks and subtasks running within the network
IT RISK MANAGEMENT
actual receiver (Rainie et al., 2013). This helps in maintaining the privacy of the users and
protects the users from replay attacks.
2.3. Communication Privacy
The use of communication privacy system ensures that a third party accesses no
information. This is done in order to ensure that the information flow is kept private between the
two users. Use of secure socket layer, off record messaging and so on for communication, is
examples of communication privacy system. Secure socket layer encrypts all the web requests so
that is cannot be read or accessed by a third party user (Wessels et al., 2012). Off record
messaging on the other hand is a technology that ensures privacy and confidentiality of the
instant messaging systems. This PET is used by communication apps like iChat and Trillian.
Answer 3
WSNs or wireless sensor networks consists of interconnected nodes that provides a good
wireless connection to all the devices connected over a single network. The components of
WSNs consists of base stations and wireless sensors. The architecture of WSN consists of
different components, which includes application layer, transport layer, network, data link and
physical layer. The major threats associated with the wireless sensor networks are discussed
below-
3.1. Sybil Attack
This attack is quite common in wireless sensor network. Presence of a malicious node in
a wireless sensor network can infect all the tasks and subtasks running within the network
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
IT RISK MANAGEMENT
(Venkatraman, Daniel & Murugaboopathi, 2013). The network is exposed to Sybil attack when a
number of sensor in s network is needed to work together.
3.2. Spoofing Attack
Network spoofing is another common attack that is prevalent in wireless sensor networks.
A malicious program can enter into the network disguised as a legitimate node thereby infecting
the entire network (Singla & Sachdeva, 2013). This might result in data corruption and loss or
modification of the data present in the network.
3.3. Network Flooding and Dos Attack
Presence of a malicious code in a network might trigger the generation of large amount of
traffic thus flooding the entire network. This is generally done with an aim of flooding the
network so that the legitimate users fail to access the system. This can also be termed as denial of
service attack that aims at generating unwanted traffic in a network.
3.4. Threat Mitigation
There are a number of threats associated with the wireless sensor network. Mitigation or
elimination of these threats is possible only if a proper intrusion detection system is installed in
the network that would analyze and prevent the entry of malicious particles into the network
(Alrajeh, Khan & Shams, 2013). However, it is essential to enforce proper authentication
mechanism in the system. The Denial of Service attack can however be prevented by limiting the
number of users per node.
IT RISK MANAGEMENT
(Venkatraman, Daniel & Murugaboopathi, 2013). The network is exposed to Sybil attack when a
number of sensor in s network is needed to work together.
3.2. Spoofing Attack
Network spoofing is another common attack that is prevalent in wireless sensor networks.
A malicious program can enter into the network disguised as a legitimate node thereby infecting
the entire network (Singla & Sachdeva, 2013). This might result in data corruption and loss or
modification of the data present in the network.
3.3. Network Flooding and Dos Attack
Presence of a malicious code in a network might trigger the generation of large amount of
traffic thus flooding the entire network. This is generally done with an aim of flooding the
network so that the legitimate users fail to access the system. This can also be termed as denial of
service attack that aims at generating unwanted traffic in a network.
3.4. Threat Mitigation
There are a number of threats associated with the wireless sensor network. Mitigation or
elimination of these threats is possible only if a proper intrusion detection system is installed in
the network that would analyze and prevent the entry of malicious particles into the network
(Alrajeh, Khan & Shams, 2013). However, it is essential to enforce proper authentication
mechanism in the system. The Denial of Service attack can however be prevented by limiting the
number of users per node.
8
IT RISK MANAGEMENT
References
Alrajeh, N. A., Khan, S., & Shams, B. (2013). Intrusion detection systems in wireless sensor
networks: a review. International Journal of Distributed Sensor Networks, 9(5), 167575.
Banerjee, S. P., & Woodard, D. L. (2012). Biometric authentication and identification using
keystroke dynamics: A survey. Journal of Pattern Recognition Research, 7(1), 116-139.
Beveridge, J. R., Phillips, P. J., Bolme, D. S., Draper, B. A., Givens, G. H., Lui, Y. M., ... &
Flynn, P. J. (2013, September). The challenge of face recognition from digital point-and-
shoot cameras. In Biometrics: Theory, Applications and Systems (BTAS), 2013 IEEE
Sixth International Conference on (pp. 1-8). IEEE.
Cappelli, R., Ferrara, M., & Maio, D. (2012). A fast and accurate palmprint recognition system
based on minutiae. IEEE Transactions on Systems, Man, and Cybernetics, Part B
(Cybernetics), 42(3), 956-962.
Froomkin, A. M. (2015). From anonymity to identification. Browser Download This Paper.
Larsson, S., Svensson, M., De Kaminski, M., Rönkkö, K., & Alkan Olsson, J. (2012). Law,
norms, piracy and online anonymity: Practices of de-identification in the global file
sharing community. Journal of Research in Interactive Marketing, 6(4), 260-280.
Rainie, L., Kiesler, S., Kang, R., Madden, M., Duggan, M., Brown, S., & Dabbish, L. (2013).
Anonymity, privacy, and security online. Pew Research Center, 5.
Singla, A., & Sachdeva, R. (2013). Review on security issues and attacks in wireless sensor
networks. International Journal of Advanced Research in Computer Science and
Software Engineering, 3(4).
IT RISK MANAGEMENT
References
Alrajeh, N. A., Khan, S., & Shams, B. (2013). Intrusion detection systems in wireless sensor
networks: a review. International Journal of Distributed Sensor Networks, 9(5), 167575.
Banerjee, S. P., & Woodard, D. L. (2012). Biometric authentication and identification using
keystroke dynamics: A survey. Journal of Pattern Recognition Research, 7(1), 116-139.
Beveridge, J. R., Phillips, P. J., Bolme, D. S., Draper, B. A., Givens, G. H., Lui, Y. M., ... &
Flynn, P. J. (2013, September). The challenge of face recognition from digital point-and-
shoot cameras. In Biometrics: Theory, Applications and Systems (BTAS), 2013 IEEE
Sixth International Conference on (pp. 1-8). IEEE.
Cappelli, R., Ferrara, M., & Maio, D. (2012). A fast and accurate palmprint recognition system
based on minutiae. IEEE Transactions on Systems, Man, and Cybernetics, Part B
(Cybernetics), 42(3), 956-962.
Froomkin, A. M. (2015). From anonymity to identification. Browser Download This Paper.
Larsson, S., Svensson, M., De Kaminski, M., Rönkkö, K., & Alkan Olsson, J. (2012). Law,
norms, piracy and online anonymity: Practices of de-identification in the global file
sharing community. Journal of Research in Interactive Marketing, 6(4), 260-280.
Rainie, L., Kiesler, S., Kang, R., Madden, M., Duggan, M., Brown, S., & Dabbish, L. (2013).
Anonymity, privacy, and security online. Pew Research Center, 5.
Singla, A., & Sachdeva, R. (2013). Review on security issues and attacks in wireless sensor
networks. International Journal of Advanced Research in Computer Science and
Software Engineering, 3(4).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
IT RISK MANAGEMENT
Venkatraman, K., Daniel, J. V., & Murugaboopathi, G. (2013). Various attacks in wireless
sensor network: survey. International Journal of Soft Computing and Engineering, 3(1),
208-211.
Wessels, B. (2012). Identification and the practices of identity and privacy in everyday digital
communication. New Media & Society, 14(8), 1251-1268.
IT RISK MANAGEMENT
Venkatraman, K., Daniel, J. V., & Murugaboopathi, G. (2013). Various attacks in wireless
sensor network: survey. International Journal of Soft Computing and Engineering, 3(1),
208-211.
Wessels, B. (2012). Identification and the practices of identity and privacy in everyday digital
communication. New Media & Society, 14(8), 1251-1268.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.