Comprehensive Report on IT Risk Management: Biometrics, PETs & WSNs

Verified

Added on 2023/06/07

AI Summary

This report provides an overview of IT risk management, focusing on biometric access control systems, privacy-enhancing technologies (PETs), and wireless sensor network (WSN) security. It discusses different types of biometric systems such as fingerprint, hand geometry, and iris recognition, detailing their techniques, technologies, advantages, disadvantages, and applications. The report also explores PETs like communication anonymizers, enhanced privacy IDs (EPID), and digital rights management, explaining how they protect user privacy online. Furthermore, it examines WSN architecture, potential threats and vulnerabilities like blackmail, Sybil, and wormhole attacks, and recommends mitigation strategies for each. This analysis provides valuable insights into managing IT risks associated with these technologies. Desklib offers a wealth of similar solved assignments and resources for students.

Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1IT RISK MANAGEMENT
a. Different Types of Biometric System
The biometric access control system is the recognition system for humans with the help
of their physical uniqueness and characteristics. The access control system is based on the
substantiation (Galbally, Marcel & Fierrez, 2014). The unique biometric data is stored in the
database of the organization or the secured zone, and this stored data is used to match the input
to the biometric system.
Fingerprint
The fingerprint sensor is the most widely used as access control system. The fingerprints
are unique, and even the fingerprints of identical twins do not have the same fingerprints.
Techniques and Technologies
The surface of the finger is made of furrows and ridges and the patterns such as arches
and swirls ensure uniqueness of each pattern. The illuminated image of the fingerprint is
translated into the digital codes for the authentication process, and it is stored in database. A
CMOS sensor is used for the extraction and mapping of characteristics of fingerprint. There are
various fingerprint scanner which can be used such as capacitive, ultrasonic and optical.
Whenever a fingerprint is provided as input in the sensor, a new template of digital data is
created (Sousedik & Busch, 2014). The matching algorithm is used to match the new template
from the template of the database and when the input template matches the database template the
user is authenticated.
Advantages and Disadvantages

2IT RISK MANAGEMENT
The advantage of fingerprint recognition is that they are unique and provides accuracy.
The disadvantages are that if the database of a system is hacked or fingerprint is stolen from
surface of objects, then it can be a threat to the security.
Applications
The application of fingerprint is in security check, access and attendance in organizations
and institutes. It is used to access the mobile phones and various devices.
Hand Geometry
The hand geometry identifies the user by measuring the dimensions of hand. The hand
geometry recognition concept was developed in 1980.
Techniques and Technologies
The technology involved in hand geometry is using a camera for capturing an image of
the hand. The input data is captured by a charged couple device camera, and both the top surface
and side image of the hand is captured with the help of angle mirror. The silhouette image is
used to analyze 90 measurements including the distance between knuckles, thickness and length
of fingers (Ren et al., 2013). The three sequential image of the hand is stored as a template in the
database. This template is used for recalling the data when a user inputs their hand geometry.
Advantages and Disadvantages
The advantage of hand geometry is public acceptance of this system, ease of using and
the integration capabilities. The disadvantages of using hand geometry is that it is not as unique
as fingerprints.
Applications

3IT RISK MANAGEMENT
It is used in international banks for security and also used for recording attendance of the
employees and students in organizations and institutions.
Iris Recognition
It is the automated biometric method for access control system. It uses the technique of
recognition of mathematical pattern.
Techniques and Technology
The image of the iris is captured from a distance of about 10 inches. The pattern is
processed in software which extracts the pattern from the outer and inner boundary of the iris.
The iris pattern is encrypted into 512 bit code using Daugman’s algorithm (Kaur & Juneja, 2014,
March). This encrypted iris code is then matched with the codes contained in the database for the
verification. The speed of data matching is very high about 10,000 codes can be analyzed per
second.
Advantages and Disadvantages
The advantage of Iris recognition is that are that it provides accuracy. It provides more
speed and scalability. The disadvantage is that it requires high quality photographic technologies.
Applications
The application of Iris recognition technique is in the aviation industry, airports and for
records of criminals.
b. Different Privacy Enhancing Technologies
The Privacy enhancing technologies (PET) is the standardization used for enhancing the
privacy of users of information technologies. It functions in accordance with the data protection

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4IT RISK MANAGEMENT
laws. The aim of the PET is the protection of confidential data of the user, and they take the
responsibility of personally identifiable information. It provides the possibility to audit the terms
and condition of the merchants and online service provider (Hafiz, 2013). The different types of
privacy enhancing technologies can be explained as follows.
Communication Anonymizers
This privacy enhancing technology is used to hide the real identity with an identity which
is non traceable. This would help in enhancing the privacy of the online identity. For instance,
the online identity like IP address and email address can be replaced with a no traceable identity
like random IP address and one time email id for security (Hoepman, 2014, June). This helps in
empowering the cryptographic property. It can be applied to any category where data identity is
required to keep private.
Enhanced Privacy ID (EPID)
The enhanced privacy id is abbreviated as EPID, and it is the digital algorithm that
ensures the anonymity. The EPID provides a public verification key which is associate with a
distinguishable and unique signature key. These signature keys are private in nature for ensuring
the privacy. The EPID was introduced in 2008 (Gürses & Diaz, 2013). It helps the device to
prove their identity to the external party. It also gives the information about the category of
software running on the device. The retrieval of these information does not require revealing of
data identity.
Digital Rights Management and Metadata
This technology provides the framework for describing the semantics or defining the
various types of data. It can be helpful in achieving the standardization of data protection

5IT RISK MANAGEMENT
legislation. It will differentiate between the sensitive data and personal data over the internet.
The controllability, transparency and auditability of the data can be set according to the different
data type (Liao & Shu, 2015). The metadata and digital right management are effective in
supporting the privacy of the users of information technology.
c. Wireless Sensor Networks
Wireless sensor network (WSN) is the networks of nodes which are dedicated sensors
used for recording and monitoring the conditions of the network environment. It is used to
organize the collected data at a central node or location. The WSN provides the measurement of
various environmental conditions such as sound, temperature, pollution level, wind and humidity
with the help of autonomous sensors (Yang, 2014).
Area of WSN
The areas of Wireless sensor networking are healthcare monitoring, earth sensing and
Industrial monitoring. The examples of area of WSN can be given as bellows.
Environmental Sensing: The examples are air pollution monitoring, detection of forest fire, water
quality monitoring and prevention of natural disaster.
Industrial Monitoring: The examples are data center monitoring, machine health monitoring,
structural health monitoring and data logging (Rawat et al., 2014).
WSN Architecture and Protocol Stack
The architecture of Wireless sensor network is based on the Open system Interconnection
(OSI) architecture model. It is a five layered architecture with 3 cross layers. The five layers of
WSN are physical, network, data link, application layer and transport layer. The cross layers are
management layers which include the task management, power management and mobility

6IT RISK MANAGEMENT
management (Pantazis, Nikolidakis & Vergados, 2013). The function of these three layers is to
make the sensor work together for obtaining the efficiency of the network.
Different Types of Threat and Vulnerabilities that can attack WSN
The threats and vulnerabilities of WSN are mainly of two types namely active attack and
passive attack. The passive attacks to WSN are limited to analyzing the exchanged traffic
whereas the active attacks aim at removing or modification of the data transmitted over a
network. The three threats and vulnerabilities that can be used to attack WSN can be described as
follows
Blackmail attack: It is a malicious node that provides the fake information that another
authentic node is malicious. It can affect the normal operation of the network.
Sybil attack: In this type of attack the user uses the identity of another node in order to
participate in the distributed algorithm.
Wormhole Attack: In this type of attack the attackers receive the messages and use them to
replay indifferent parts of the tunnels (Alrajeh, Khan & Shams, 2013).
Recommendation for Mitigation of the above explained three threats
The recommendation for the mitigation of threats and vulnerabilities of WSN attacks can
be as follows.
Blackmail attack: the blackmail attack can be mitigated by encryption and authentication of
data. The segmentation of networking system is also useful for the mitigation of blackmail
attack.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7IT RISK MANAGEMENT
Sybil Attack: The mitigation for Sybil attack are authentication flow, pushback and payment for
network resources. The authentication flow is the re-programming process for avoiding the Sybil
attack.
Wormhole attack: It can be mitigated with the implementation of distributed detection
algorithm and centralized algorithm (Alrajeh, Khan & Shams, 2013). This is the detection phase
which provides the information about the attack and provides relevant mitigation.

8IT RISK MANAGEMENT
References
Alrajeh, N. A., Khan, S., & Shams, B. (2013). Intrusion detection systems in wireless sensor
networks: a review. International Journal of Distributed Sensor Networks, 9(5), 167575.
Galbally, J., Marcel, S., & Fierrez, J. (2014). Image quality assessment for fake biometric
detection: Application to iris, fingerprint, and face recognition. IEEE transactions on
image processing, 23(2), 710-724.
Gürses, S., & Diaz, C. (2013). Two tales of privacy in online social networks. IEEE Security &
Privacy, 11(3), 29-37.
Hafiz, M. (2013). A pattern language for developing privacy enhancing technologies. Software:
Practice and Experience, 43(7), 769-787.
Hoepman, J. H. (2014, June). Privacy design strategies. In IFIP International Information
Security Conference (pp. 446-459). Springer, Berlin, Heidelberg.
Kaur, N., & Juneja, M. (2014, March). A review on iris recognition. In Engineering and
Computational Sciences (RAECS), 2014 Recent Advances in (pp. 1-5). IEEE.
Liao, X., & Shu, C. (2015). Reversible data hiding in encrypted images based on absolute mean
difference of multiple neighboring pixels. Journal of Visual Communication and Image
Representation, 28, 21-27.
Pantazis, N. A., Nikolidakis, S. A., & Vergados, D. D. (2013). Energy-efficient routing protocols
in wireless sensor networks: A survey. IEEE Communications surveys & tutorials, 15(2),
551-591.

9IT RISK MANAGEMENT
Rawat, P., Singh, K. D., Chaouchi, H., & Bonnin, J. M. (2014). Wireless sensor networks: a
survey on recent developments and potential synergies. The Journal of
supercomputing, 68(1), 1-48.
Ren, Z., Yuan, J., Meng, J., & Zhang, Z. (2013). Robust part-based hand gesture recognition
using kinect sensor. IEEE transactions on multimedia, 15(5), 1110-1120.
Sousedik, C., & Busch, C. (2014). Presentation attack detection methods for fingerprint
recognition systems: a survey. Iet Biometrics, 3(4), 219-233.
Yang, K. (2014). Wireless sensor networks. Principles, Design and Applications.