IT Risk Management Report: Biometrics, WSN Threats and Solutions
VerifiedAdded on 2020/05/28
|10
|2431
|53
Report
AI Summary
This report delves into the realm of IT risk management, exploring two primary areas: biometrics and wireless sensor networks (WSNs). The biometrics section categorizes and analyzes physiological biometrics (face, palm, gait, and iris recognition) and behavioral biometrics (voice and signature recognition), discussing their advantages, disadvantages, and applications. The report then examines privacy-enhancing technologies (PETs) such as anonymizers and enhanced privacy IDs. Furthermore, it investigates various threats and vulnerabilities in WSNs, including Denial of Service (DoS) attacks, Sybil attacks, and software-based attacks. For each type of attack, the report outlines potential mitigation strategies and countermeasures. References to relevant research papers and studies are included to support the analysis. The report aims to provide a comprehensive overview of these critical aspects of IT risk management and cybersecurity.
Running head: IT RISK MANAGEMENT 1
I T RISK MANAGEMENT
Name:
Institution Affiliation:
I T RISK MANAGEMENT
Name:
Institution Affiliation:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT RISK MANAGEMENT 2
Question (a)
The biometric sensors or the gain access to control systems usually are classified into two kinds
these are physiological Biometrics and the Behavioral Biometric.
The physiological biometrics might include the following; face recognition, palm and gait
recognition as well as the Iris recognition (Myers, 2017, pp. 43). On the other hand the
behavioral biometric include the signature, voice recognition.
Physiological biometrics
Palm and gait recognition
When it comes to the palm recognition there is a three dimensional image of the hand which is
collected and compared to the stored sample. This device performs a great amount of the
identification within a short time. These technologies are installed in the situations where there is
a large number of individuals such as the airports (Prabhakar, Pankanti & Jain, 2003, pp. 33-42).
On the other hand this technology is expressed not only by the way an individual looks or
sounds, but also the manner in which a person walks. The technology is applied to moving
perambulatory subjects. This technology is useful especially in the surveillance (Ross & Jain,
2004, pp. 134-145).
Advantages
They could be utilized in a range of the environment.
They can perform a great amount of identification within a short period of time (Ross &
Jain, 2004, pp. 145).
Disadvantage
Question (a)
The biometric sensors or the gain access to control systems usually are classified into two kinds
these are physiological Biometrics and the Behavioral Biometric.
The physiological biometrics might include the following; face recognition, palm and gait
recognition as well as the Iris recognition (Myers, 2017, pp. 43). On the other hand the
behavioral biometric include the signature, voice recognition.
Physiological biometrics
Palm and gait recognition
When it comes to the palm recognition there is a three dimensional image of the hand which is
collected and compared to the stored sample. This device performs a great amount of the
identification within a short time. These technologies are installed in the situations where there is
a large number of individuals such as the airports (Prabhakar, Pankanti & Jain, 2003, pp. 33-42).
On the other hand this technology is expressed not only by the way an individual looks or
sounds, but also the manner in which a person walks. The technology is applied to moving
perambulatory subjects. This technology is useful especially in the surveillance (Ross & Jain,
2004, pp. 134-145).
Advantages
They could be utilized in a range of the environment.
They can perform a great amount of identification within a short period of time (Ross &
Jain, 2004, pp. 145).
Disadvantage
IT RISK MANAGEMENT 3
The performance of the technology could deteriorate over time.
They have the added difficulty of having to sample and identify the movement especially
for the gait recognition.
Face recognition
This kind of biometric computer application that is capable of identifying as well as verifying a
individual from the digital image through comparing as well as analyzing the patterns. These
kind of biometric systems are used in the security systems (Prabhakar, Pankanti & Jain, 2003,
pp. 33-42). The application works with the face prints and the systems are capable of recognizing
80 nodal points on the human face.
Advantages
The technology is capable of searching against the static image such as the driver license
or even the passports.
It is the only biometric which is capable of operating without the cooperation of the user.
Matching of the accuracy is reduced as a result of the acquisition environment.
Disadvantages
Matching of the accuracy is reduced as a result of the reduced changes especially in the
physiological aspects.
Most of the devices are unable to enroll some percent of the users as well as performance
could be deteriorated over time.
Iris recognition
The performance of the technology could deteriorate over time.
They have the added difficulty of having to sample and identify the movement especially
for the gait recognition.
Face recognition
This kind of biometric computer application that is capable of identifying as well as verifying a
individual from the digital image through comparing as well as analyzing the patterns. These
kind of biometric systems are used in the security systems (Prabhakar, Pankanti & Jain, 2003,
pp. 33-42). The application works with the face prints and the systems are capable of recognizing
80 nodal points on the human face.
Advantages
The technology is capable of searching against the static image such as the driver license
or even the passports.
It is the only biometric which is capable of operating without the cooperation of the user.
Matching of the accuracy is reduced as a result of the acquisition environment.
Disadvantages
Matching of the accuracy is reduced as a result of the reduced changes especially in the
physiological aspects.
Most of the devices are unable to enroll some percent of the users as well as performance
could be deteriorated over time.
Iris recognition
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT RISK MANAGEMENT 4
In this kind of bio-metric the method used in identifying individual depends on the single
patterns in the region of the ring shaped encircled the pupil of eye (Prabhakar, Pankanti & Jain,
2003, pp. 33-42). Furthermore, it includes a blue, gray or brown color with the hard patterns
which are recognizable when one looks closely.
Advantages
There are high levels of accuracy with this biometric
This biometric technology can maintain stability of the features over some time.
Disadvantage
The disadvantage of iris biometric is that it has a propensity for the false rejection.
The acquisition of the images entails some moderate attention as well as training.
Behavioral Biometric
Voice recognition
This is a technology that is utilized to produce speech patterns via combining both behavioral
along with physiological aspects which are captured through processing the speech technology.
The significant properties that are utilized to authenticate the speech is the nasal tone (Ross &
Jain, 2004, 140). This biometric could be separated into the various categories based on the type
of authentication domain such as fixed text method, text independent method or even the
conversational techniques.
Signature recognition
In this kind of bio-metric the method used in identifying individual depends on the single
patterns in the region of the ring shaped encircled the pupil of eye (Prabhakar, Pankanti & Jain,
2003, pp. 33-42). Furthermore, it includes a blue, gray or brown color with the hard patterns
which are recognizable when one looks closely.
Advantages
There are high levels of accuracy with this biometric
This biometric technology can maintain stability of the features over some time.
Disadvantage
The disadvantage of iris biometric is that it has a propensity for the false rejection.
The acquisition of the images entails some moderate attention as well as training.
Behavioral Biometric
Voice recognition
This is a technology that is utilized to produce speech patterns via combining both behavioral
along with physiological aspects which are captured through processing the speech technology.
The significant properties that are utilized to authenticate the speech is the nasal tone (Ross &
Jain, 2004, 140). This biometric could be separated into the various categories based on the type
of authentication domain such as fixed text method, text independent method or even the
conversational techniques.
Signature recognition
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT RISK MANAGEMENT 5
This type of biometric method is used in analyzing as well as measuring the physical activity of
signing the pressure utilized, the order of the stroke and the speed. A number of the biometric are
utilized to review the visual images of the signatures. This biometric might be operated into
alternative ways for example the static and the dynamic.
Advantages and disadvantages of the biometrics
Advantages
Increased security: Biometric technology could offer a higher degree when it comes to
the security as compared to the other traditional authentication methods.
Increased convenience: the use of the biometric authentication allows higher levels of the
rights and the privileges with a much success to the authentication (Myers, 2017, pp. 49).
They allow an increase convenience since they can protect the data without any need for
the human intervention.
Increased accountability: the deployment of the biometric application to secure access to
the computers as well as other facilities eliminate any occurrences such as the buddy
punching, thus offer a higher level of certainty on who to access the system.
Disadvantages
There is tendency of privacy abuse due to the non-cooperative enrollment as well as
identification capabilities.
(b) Privacy-enhancing technologies (PETs) used on the Internet
This type of biometric method is used in analyzing as well as measuring the physical activity of
signing the pressure utilized, the order of the stroke and the speed. A number of the biometric are
utilized to review the visual images of the signatures. This biometric might be operated into
alternative ways for example the static and the dynamic.
Advantages and disadvantages of the biometrics
Advantages
Increased security: Biometric technology could offer a higher degree when it comes to
the security as compared to the other traditional authentication methods.
Increased convenience: the use of the biometric authentication allows higher levels of the
rights and the privileges with a much success to the authentication (Myers, 2017, pp. 49).
They allow an increase convenience since they can protect the data without any need for
the human intervention.
Increased accountability: the deployment of the biometric application to secure access to
the computers as well as other facilities eliminate any occurrences such as the buddy
punching, thus offer a higher level of certainty on who to access the system.
Disadvantages
There is tendency of privacy abuse due to the non-cooperative enrollment as well as
identification capabilities.
(b) Privacy-enhancing technologies (PETs) used on the Internet
IT RISK MANAGEMENT 6
Communications anonymizers: These technologies usually hide the real online identity such as
the IP address and the email address and then replace them with the non-traceable identity. These
technologies could be applied to the email, web browsing, as well as the instant messaging.
Enhanced privacy ID: It is a digital signature algorithm supporting anonymity. It provides a
typical grouping public verification crucial related to lots of the unique private signature keys.
The application was made to permit prove a device to the external party what type of the device
it is without necessary revealing the exact identity.
Access to personal data: This service provider’s provides the infrastructure that allows the users
to inspect, correct or perhaps remove all the data that is stored at the service provider.
Different types of threats and vulnerabilities which can be used to attack the WSN
Denial of service attack (DoS)
These occurs when the attacker continuously bombards the Access point which is targeted or
even a network with the bogus requests, failure information, as well as the commands (Alam &
De, 2014, pp. 67). DoS attack is an event which diminishes or even eliminate the capacity of the
network in performing the expected function through the failures of the hardware, bugs in the
software, exhaustion of the resources, as well as the malicious transmitting of the higher energy
signals . The communication techniques could be jammed entirely in case such attacks might be
successful (Lupu, Rudas, Demiralp & Mastorakis, 2009, pp.54). Other denial of the services
attacks is much possible such as inhibiting communication through the violation of the MAC
protocol (Lupu, Rudas, Demiralp & Mastorakis, 2009, pp. 59). These might result in authentic
end users to manage to get to the network and might cause the network in crashing (Ghildiyal,
Communications anonymizers: These technologies usually hide the real online identity such as
the IP address and the email address and then replace them with the non-traceable identity. These
technologies could be applied to the email, web browsing, as well as the instant messaging.
Enhanced privacy ID: It is a digital signature algorithm supporting anonymity. It provides a
typical grouping public verification crucial related to lots of the unique private signature keys.
The application was made to permit prove a device to the external party what type of the device
it is without necessary revealing the exact identity.
Access to personal data: This service provider’s provides the infrastructure that allows the users
to inspect, correct or perhaps remove all the data that is stored at the service provider.
Different types of threats and vulnerabilities which can be used to attack the WSN
Denial of service attack (DoS)
These occurs when the attacker continuously bombards the Access point which is targeted or
even a network with the bogus requests, failure information, as well as the commands (Alam &
De, 2014, pp. 67). DoS attack is an event which diminishes or even eliminate the capacity of the
network in performing the expected function through the failures of the hardware, bugs in the
software, exhaustion of the resources, as well as the malicious transmitting of the higher energy
signals . The communication techniques could be jammed entirely in case such attacks might be
successful (Lupu, Rudas, Demiralp & Mastorakis, 2009, pp.54). Other denial of the services
attacks is much possible such as inhibiting communication through the violation of the MAC
protocol (Lupu, Rudas, Demiralp & Mastorakis, 2009, pp. 59). These might result in authentic
end users to manage to get to the network and might cause the network in crashing (Ghildiyal,
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT RISK MANAGEMENT 7
Mishra, Gupta & Garg, 2014, pp. 1163). This attack generally rely on the abuse of the protocols
for instance the Extensible Authentication protocol.
How to mitigate the threat
The technique which is used to prevent this attack includes the payment for the network
resources, push back as well as a strong authentication along with the identification of the traffic.
Moreover, there are some other techniques which are used in securing the reprogramming
process such as the authentication flows (Lupu, Rudas, Demiralp & Mastorakis, 2009, pp. 65).
The choice for the DoS is to rekey the request packet. Therefore, it comes from the node only
when two consecutive keys have been invalidated or lifetime of the key has expired.
Sybil Attack:
Wireless sensor network is vulnerable to the Sybil attack. In this case the node could be more
than one node which is utilizing various identities of the legal nodes. A given single node could
present multi identities to the other nodes which are in the network (Lupu, Rudas, Demiralp &
Mastorakis, 2009). Sybil attack it tries to degrade the integrity of the data, security as well as the
utilization of the resource which the distributed algorithm attempts to achieve.
Mishra, Gupta & Garg, 2014, pp. 1163). This attack generally rely on the abuse of the protocols
for instance the Extensible Authentication protocol.
How to mitigate the threat
The technique which is used to prevent this attack includes the payment for the network
resources, push back as well as a strong authentication along with the identification of the traffic.
Moreover, there are some other techniques which are used in securing the reprogramming
process such as the authentication flows (Lupu, Rudas, Demiralp & Mastorakis, 2009, pp. 65).
The choice for the DoS is to rekey the request packet. Therefore, it comes from the node only
when two consecutive keys have been invalidated or lifetime of the key has expired.
Sybil Attack:
Wireless sensor network is vulnerable to the Sybil attack. In this case the node could be more
than one node which is utilizing various identities of the legal nodes. A given single node could
present multi identities to the other nodes which are in the network (Lupu, Rudas, Demiralp &
Mastorakis, 2009). Sybil attack it tries to degrade the integrity of the data, security as well as the
utilization of the resource which the distributed algorithm attempts to achieve.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT RISK MANAGEMENT 8
Figure 1: The diagram show the Sybil attack
How to mitigate the vulnerability
This vulnerability could be mitigated through authentication as well as encryption mechanisms
which prevent the outsiders from launching the attack to the wireless sensor networks (Ngo,
Makihara, Nagahara, Mukaigawa & Yagi, 2014, pp. 228-237). Moreover, the use of the public
key cryptography could be used to avoid the insider attack. This method could be very costly
especially to the resource constructed sensor networks. Identities need to be verified through use
of the public key cryptography (Fragkiadakis, Angelakis & Tragos, 2014, pp. 78). Other ways to
prevent the vulnerability would be through use of the radio resource testing, verification of the
key sets especially to the random pre-distribution of the key and the registration and position
verification particularly in the sensor networks.
Software attacks
When it comes to the software program dependent attacks on the WSNs, the attacker might try
making adjustment to the software code in the memory or perhaps exploiting the known
vulnerabilities when it comes to the code of the software (Galbally, Marcel & Fierrez, 2014, pp.
710-724). Example of a well known attack is the buffer overflow attack. In this attack the
method attempts to store the data beyond the boundaries of the set length of the buffer, therefore
results to overwriting extra data on the adjoining locations of the memory.
How to mitigate the vulnerability/threat
There are various countermeasures which could be employed to secure the WSN software and
prevent it against software attacks they are follows:
Figure 1: The diagram show the Sybil attack
How to mitigate the vulnerability
This vulnerability could be mitigated through authentication as well as encryption mechanisms
which prevent the outsiders from launching the attack to the wireless sensor networks (Ngo,
Makihara, Nagahara, Mukaigawa & Yagi, 2014, pp. 228-237). Moreover, the use of the public
key cryptography could be used to avoid the insider attack. This method could be very costly
especially to the resource constructed sensor networks. Identities need to be verified through use
of the public key cryptography (Fragkiadakis, Angelakis & Tragos, 2014, pp. 78). Other ways to
prevent the vulnerability would be through use of the radio resource testing, verification of the
key sets especially to the random pre-distribution of the key and the registration and position
verification particularly in the sensor networks.
Software attacks
When it comes to the software program dependent attacks on the WSNs, the attacker might try
making adjustment to the software code in the memory or perhaps exploiting the known
vulnerabilities when it comes to the code of the software (Galbally, Marcel & Fierrez, 2014, pp.
710-724). Example of a well known attack is the buffer overflow attack. In this attack the
method attempts to store the data beyond the boundaries of the set length of the buffer, therefore
results to overwriting extra data on the adjoining locations of the memory.
How to mitigate the vulnerability/threat
There are various countermeasures which could be employed to secure the WSN software and
prevent it against software attacks they are follows:
IT RISK MANAGEMENT 9
Authentication and validation of the software through remote software based attestation
especially to the sensor networks.
Defining accurate trust of the boundaries to the various components and users.
Utilizing of the restricted environment for example the Java Virtual Machine (Rao, Rai &
Narain, 2017, pp. 4-8).
Attestation of the hardware: It is the trusted computing group platform as well as the next
generation acquire computing base that provides this kind of attestation. A more
equivalent model might be utilized in the sensor networks (Kumar, Jain & Barwal, 2014,
pp. 859-868).
Dynamic runtime encryption and decryption for the software program. This really is
much like encrypting or even decrypting the data except that the code is running on the
device which is being decrypted (Wu, Ota, Dong & Li, 2016, pp. 416-424). This could
prevent any kind of malicious user from exploiting this particular software.
References
Authentication and validation of the software through remote software based attestation
especially to the sensor networks.
Defining accurate trust of the boundaries to the various components and users.
Utilizing of the restricted environment for example the Java Virtual Machine (Rao, Rai &
Narain, 2017, pp. 4-8).
Attestation of the hardware: It is the trusted computing group platform as well as the next
generation acquire computing base that provides this kind of attestation. A more
equivalent model might be utilized in the sensor networks (Kumar, Jain & Barwal, 2014,
pp. 859-868).
Dynamic runtime encryption and decryption for the software program. This really is
much like encrypting or even decrypting the data except that the code is running on the
device which is being decrypted (Wu, Ota, Dong & Li, 2016, pp. 416-424). This could
prevent any kind of malicious user from exploiting this particular software.
References
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT RISK MANAGEMENT 10
Alam, S., & De, D. (2014). Analysis of security threats in wireless sensor network. arXiv
preprint arXiv:1406.0298.
Fragkiadakis, A., Angelakis, V., & Tragos, E. Z. (2014). Securing cognitive wireless sensor
networks: a survey. International Journal of Distributed Sensor Networks, 2014.
Galbally, J., Marcel, S., & Fierrez, J. (2014). Image quality assessment for fake biometric
detection: Application to iris, fingerprint, and face recognition. IEEE transactions on
image processing, 23(2), 710-724.
Ghildiyal, S., Mishra, A. K., Gupta, A., & Garg, N. (2014). Analysis of Denial of Service (DOS)
Attacks in wireless sensor networks. IJRET: International Journal of Research in
Engineering and Technology, 3, 2319-1163.
Kumar, V., Jain, A., & Barwal, P. N. (2014). Wireless sensor networks: security issues,
challenges and solutions. International Journal of Information and Computation
Technology (IJICT), 4(8), 859-868.
Lupu, T. G., Rudas, I., Demiralp, M., & Mastorakis, N. (2009, September). Main types of attacks
in wireless sensor networks. In WSEAS International Conference. Proceedings. Recent
Advances in Computer Engineering (No. 9). WSEAS.
Myers, S. A. (2017). U.S. Patent No. 9697409B2. Washington, DC: U.S. Patent and Trademark
Office.
Ngo, T. T., Makihara, Y., Nagahara, H., Mukaigawa, Y., & Yagi, Y. (2014). The largest inertial
sensor-based gait database and performance evaluation of gait-based personal
authentication. Pattern Recognition, 47(1), 228-237.
Prabhakar, S., Pankanti, S., & Jain, A. K. (2003). Biometric recognition: Security and privacy
concerns. IEEE security & privacy, 99(2), 33-42.
Rao, J. D. P., Rai, M. S., & Narain, B. (2017). A study of Network Attacks and Features of
Secure Protocols. Research Journal of Engineering and Technology, 8(1), 04-08.
Ross, A., & Jain, A. (2004, May). Biometric sensor interoperability: A case study in fingerprints.
In ECCV Workshop BioAW (pp. 134-145).
Wu, J., Ota, K., Dong, M., & Li, C. (2016). A hierarchical security framework for defending
against sophisticated attacks on wireless sensor networks in smart cities. IEEE Access, 4,
416-424.
Alam, S., & De, D. (2014). Analysis of security threats in wireless sensor network. arXiv
preprint arXiv:1406.0298.
Fragkiadakis, A., Angelakis, V., & Tragos, E. Z. (2014). Securing cognitive wireless sensor
networks: a survey. International Journal of Distributed Sensor Networks, 2014.
Galbally, J., Marcel, S., & Fierrez, J. (2014). Image quality assessment for fake biometric
detection: Application to iris, fingerprint, and face recognition. IEEE transactions on
image processing, 23(2), 710-724.
Ghildiyal, S., Mishra, A. K., Gupta, A., & Garg, N. (2014). Analysis of Denial of Service (DOS)
Attacks in wireless sensor networks. IJRET: International Journal of Research in
Engineering and Technology, 3, 2319-1163.
Kumar, V., Jain, A., & Barwal, P. N. (2014). Wireless sensor networks: security issues,
challenges and solutions. International Journal of Information and Computation
Technology (IJICT), 4(8), 859-868.
Lupu, T. G., Rudas, I., Demiralp, M., & Mastorakis, N. (2009, September). Main types of attacks
in wireless sensor networks. In WSEAS International Conference. Proceedings. Recent
Advances in Computer Engineering (No. 9). WSEAS.
Myers, S. A. (2017). U.S. Patent No. 9697409B2. Washington, DC: U.S. Patent and Trademark
Office.
Ngo, T. T., Makihara, Y., Nagahara, H., Mukaigawa, Y., & Yagi, Y. (2014). The largest inertial
sensor-based gait database and performance evaluation of gait-based personal
authentication. Pattern Recognition, 47(1), 228-237.
Prabhakar, S., Pankanti, S., & Jain, A. K. (2003). Biometric recognition: Security and privacy
concerns. IEEE security & privacy, 99(2), 33-42.
Rao, J. D. P., Rai, M. S., & Narain, B. (2017). A study of Network Attacks and Features of
Secure Protocols. Research Journal of Engineering and Technology, 8(1), 04-08.
Ross, A., & Jain, A. (2004, May). Biometric sensor interoperability: A case study in fingerprints.
In ECCV Workshop BioAW (pp. 134-145).
Wu, J., Ota, K., Dong, M., & Li, C. (2016). A hierarchical security framework for defending
against sophisticated attacks on wireless sensor networks in smart cities. IEEE Access, 4,
416-424.
1 out of 10
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.