IT Risk Management Report: Biometric Systems, PETs, WSN Threats

Verified

Added on 2023/06/08

AI Summary

This report provides a comprehensive overview of IT risk management, addressing various aspects of security and privacy. It begins by examining different biometric systems, including face recognition, fingerprint recognition, voice recognition, iris recognition, and hand geometry, detailing their techniques, advantages, disadvantages, and practical applications. The report then delves into privacy-enhancing technologies (PETs) used on the Internet, such as Enhanced-Privacy ID (EPID), the use of incorrect online data, and communication anonymizers, providing examples to illustrate their functionalities. Finally, the report explores wireless sensor networks (WSNs), discussing their architecture and protocol stack, followed by an analysis of common threats like denial of service, tampering, and erroneous data injection, along with corresponding recommendations for mitigation. The report aims to provide a holistic understanding of IT risk management, equipping readers with knowledge of security measures, privacy protection, and network vulnerabilities.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1IT RISK MANAGEMENT
Table of Contents
Question 1..................................................................................................................................2
Question 2..................................................................................................................................7
Question 3..................................................................................................................................9
References................................................................................................................................11

2IT RISK MANAGEMENT
Question 1
Various Types of the Biometric System
The various kinds of the biometric authentication system are given below:
i) Face Recognition Systems: The most significant kind of the biometric system is
the respective face recognition system that helps in the verification or better identification of
the person from several digital images, by the analysis or comparison of the patterns (Anisi et
al., 2017).
The few techniques that are utilized for the face recognition system are given below:
a) Geometry Based: The most important technique for this particular face recognition
system is geometry based. The few relative poses as well as edge detection could be easily
done with the technique. Eyes, nose and mouth are considered while matching the faces.
b) Feature Based: The next technique of face recognition system is the feature based
system (Zhao, Yu & Leung, 2015). The lips, nose and eyes are utilized as the specific
predominant features to find the correct face.
ii) Fingerprint Recognition Systems: This particular kind of biometric system takes
the images of the fingerprints of that specific person and then records the features like the
arches, whorls and loops by taking the outlines of minutiae, edge and furrow.
The few techniques that are utilized for the fingerprint recognition system are as
follows:
a) Correlation: The most popular and significant technique for fingerprint recognition
is correlation, which eventually overlays two distinct fingerprint images with a proper
association in equivalent pixels (Meng et al., 2016).

3IT RISK MANAGEMENT
b) Minutiae: The next technique of fingerprint recognition is minutiae that
significantly store the plane only after the inclusion of point set in the I/O minutiae.
iii) Voice Recognition System: The third important and significant kind of the
biometric authentication system is the voice recognition system (Lei et al., 2013). This
particular system is used to produce the speech pattern by the simple combination of
behavioural and the physiological factors. All of the behavioural and the physiological factors
are subsequently captured by the processing of the speech technology.
The few techniques that are utilized for the voice recognition system are as follows:
a) Automated Detection of Voice Signals: This particular technique is responsible for
automatically detecting the several voice signals.
b) Feature Extraction: The second technique of voice recognition system is
responsible for extracting the voice features of that particular individual (Jiang, Xu & Lv,
2016).
iv) Iris Recognition System: Another significant type of the biometric authentication
system is the iris recognition system. The proper verification of individuals that is done based
on single patterns in the ring shaped regions within the pupil of the eyes. The eye colours are
also checked in this system.
The few techniques that are utilized for the iris recognition system are as follows:
a) Normalization: The first technique of this typical iris recognition system is
normalization (Kumar, Sivalingam & Kumar, 2013). Here, the specific remapping is
promptly done of iris region with the significant normalized and non centric polarized
representations.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4IT RISK MANAGEMENT
b) Segmentation: The next significant and noteworthy technique of the particular iris
recognition systems is segmentation. As the name suggests, this technique is responsible for
segmenting the specific iris of an individual into smaller circular images. Finally, this helps in
verifying that individual.
v) Hand Geometry: The fifth significant biometric system type, which helps in the
verification of an individual by a simple procedure of identification of the shapes of hands
(Zhao et al., 2015). This hand geometry could be easily measured with the help of numerous
dimensions and finally these dimensions could be compared with the last measurements.
The few techniques that are utilized for the hand geometry system are as follows:
a) False Acceptance Rate: The false acceptance rate evaluates the total ratio of the
unauthenticated number of users with the sum of number of attempts.
b) False Rejection Rate: The false rejection rate evaluates the total ratio of the
authenticated number of users, which is being rejected by this biometric system with the total
number of attempts made.
c) Equal Error Rates: The final technique is the equal error rate, which matches false
acceptance rate with the respective false rejection rate (Yang et al., 2013).
i) Fingerprint Recognition System: The several significant benefits of this biometric
system are given below:
a) Extremely Cost Effective: The first and the foremost benefit of this biometric
system is that it is extremely cost effective and could be afforded by everyone.
b) Better Security: The next significant benefit of this system is that it provides data
security to the users.

5IT RISK MANAGEMENT
c) Simple Architecture: The overall structural design of this system is extremely
simplified (Zhao et al., 2016).
The several disadvantages of this biometric system are given below:
a) Inaccurate Data: This biometric system often provides inaccurate data to the users.
b) Requires Additional Hardware: The biometric system requires implementation of
additional hardware.
The significant application of this fingerprint recognition system is while registration
and identification for voter’s card (Xie & Zhang, 2014).
ii) Hand Geometry: The several benefits of this biometric system are given below:
a) Cost Effective: The major benefit of this biometric system is that it is extremely
cost effective and could be afforded by everyone.
b) Easy Data Collection: The collection of data could be done easier.
The several disadvantages of this biometric system are given below:
a) Bulky Data: The data size is both bulky and huge.
b) Not Utilized Broadly: The data is often inaccurate and hence it is not used broadly
(Ali-Ahmad et al., 2013).
Application example is mainly in offices or schools.
iii) Iris Recognition System: The several benefits of this biometric system are given
below:
a) High Security: This system provides high security to data.

6IT RISK MANAGEMENT
b) Data Accuracy: The data is always accurate.
The several disadvantages of this biometric system are given below:
a) Costly: It is costly and hence could not be easily afforded (Wu et al., 2015).
b) Obscure: It is often obscured either by eyelashes or lenses.
Application of it is in police and army grounds.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7IT RISK MANAGEMENT
Question 2
Three PETs with Examples
The three distinct Privacy-Enhancing Technologies are given below:
i) EPID: Enhanced-Privacy ID or EPID is a algorithm of specific digital signature
that supports the distinct anonymity. Moreover, the public verification key or the private
signature key is also provided by the enhanced privacy ID. The EPID is eventually created to
provide any typical device for the external parties (Anisi et al., 2017). This even identifies the
kind of device is being used or the procedure to use this privacy ID. The most significant
benefit of the enhanced privacy ID is that the real identity is not revealed by this and hence
the user’s privacy is affected.
The basic example of this PET is the utilization of PKI within the digital signature
algorithm. This helps to maintain security and privacy eventually.
ii) Wrong Online Data: When an account is being created for MSN, wrong data is
being provided wither for the name, contact details or addresses. Then, a specific user’s ID as
well as password is eventually published on Internet. Thus, this user could easily use the
account, without any problem and he is ensured that all of his private details are safe and
secured and are not shared over the Internet (Zhao et al., 2015). Moreover, this type of
privacy-enhancing technology is helpful for making the confidential data preserved in a
database and thus maintenance of data integrity is possible.
The example of this PET could be that whenever any user is sharing forged data
online to make sure that the original data is secured.

8IT RISK MANAGEMENT
iii) Communication Anonymizers: The PET helps in hiding the real online identity by
simple replacement of the identity with a non-traceable identity. Communication anonymizer
is applied in the instant messaging, emails, P2P networking and various others (Meng et al.
2016).
The typical example of the PET could be disguising the IP addresses in the
anonymising networks.

9IT RISK MANAGEMENT
Question 3
WSN and the Three Threats for WSN with Proper Recommendations
Wireless sensor networks are the collection of sensors that helps in monitoring and
recording environmental physical conditions. The WSN architecture significantly follows the
basic OSI architecture. This particular architecture as well as the protocol stack comprises of
five distinct and five cross layers. These layers are physical, data link, network, transport and
application and the five cross layers are power, mobility, task, QoS management and security
management (Jiang, Xu & Lv, 2016). The five distinct WSN layers could be used to
accomplish the network objective and thus making these sensors to work together to hoist the
network effectiveness and efficiency. On the other hand, the five cross planes of the WSN
protocol stack is used for managing the features of power, mobility, task, quality of services
and security.
Figure 1: Wireless Sensor Network Architecture and Protocol Stack

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10IT RISK MANAGEMENT
(Source: Zhao et al., 2015)
The three types of vulnerabilities, which are utilized to attack WSN, are as follows:
i) Denial of Service: This is the most common type of vulnerability for WSN, where
the attacker seeks in the machine for making it unavailable for the user (Kumar, Sivalingam
& Kumar, 2013). It happens in physical layer in WSN architecture.
ii) Tampering: In this type of attack of tampering, the adversary compromises few
sensor nodes in the network for utilization of the nodes to mislead these network activities.
iii) Injecting Erroneous Data: Another significant threat for the WSN architecture is
injecting erroneous data. This data is being routed in the erroneous manner; hence previous
data is being replayed.
The suggestions for these threats are given below:
i) Denial of Service: The only suggestion is the prioritization of the messages for
jamming spread spectrum and hence the attack would be stopped (Xie & Zhang, 2014).
ii) Tampering: The utilization of tamper proofing to hide the sensitive data and to
maintain integrity is the only way out.
iii) Injecting Erroneous Data: Implementation of cryptography in the network is the
suggestion for injection of erroneous data.

11IT RISK MANAGEMENT
References
Ali-Ahmad, H., Cicconetti, C., De la Oliva, A., Mancuso, V., Sama, M. R., Seite, P., &
Shanmugalingam, S. (2013, November). An SDN-based network architecture for
extremely dense wireless networks. In Future Networks and Services (SDN4FNS),
2013 IEEE SDN for (pp. 1-7). IEEE.
Anisi, M. H., Abdul-Salaam, G., Idris, M. Y. I., Wahab, A. W. A., & Ahmedy, I. (2017).
Energy harvesting and battery power based routing in wireless sensor
networks. Wireless Networks, 23(1), 249-266.
Jiang, D., Xu, Z., & Lv, Z. (2016). A multicast delivery approach with minimum energy
consumption for wireless multi-hop networks. Telecommunication systems, 62(4),
771-782.
Kumar, A. K., Sivalingam, K. M., & Kumar, A. (2013). On reducing delay in mobile data
collection based wireless sensor networks. Wireless networks, 19(3), 285-299.
Lei, L., Zhong, Z., Zheng, K., Chen, J., & Meng, H. (2013). Challenges on wireless
heterogeneous networks for mobile cloud computing. IEEE Wireless
Communications, 20(3), 34-44.
Meng, T., Wu, F., Yang, Z., Chen, G., & Vasilakos, A. V. (2016). Spatial reusability-aware
routing in multi-hop wireless networks. IEEE Transactions on Computers, (1), 244-
255.
Wu, J., Cheng, B., Yuen, C., Shang, Y., & Chen, J. (2015). Distortion-aware concurrent
multipath transfer for mobile video streaming in heterogeneous wireless
networks. IEEE Transactions on Mobile Computing, 14(4), 688-701.

12IT RISK MANAGEMENT
Xie, X., & Zhang, X. (2014, April). Does full-duplex double the capacity of wireless
networks?. In INFOCOM (pp. 253-261).
Yang, J., Chen, Y., Trappe, W., & Cheng, J. (2013). Detection and localization of multiple
spoofing attackers in wireless networks. IEEE Transactions on Parallel and
Distributed systems, 24(1), 44-58.
Zhao, N., Yu, F. R., & Leung, V. C. (2015). Opportunistic communications in interference
alignment networks with wireless power transfer. IEEE Wireless
Communications, 22(1), 88-95.
Zhao, N., Yu, F. R., Li, M., Yan, Q., & Leung, V. C. (2016). Physical layer security issues in
interference-alignment-based wireless networks. IEEE Communications
Magazine, 54(8), 162-168.
Zhao, N., Yu, F. R., Sun, H., Yin, H., Nallanathan, A., & Wang, G. (2015). Interference
alignment with delayed channel state information and dynamic AR-model channel
prediction in wireless networks. Wireless Networks, 21(4), 1227-1242.