ITC595 Information Security Assessment Item 2: Security Fundamentals
VerifiedAdded on 2025/04/29
|10
|1183
|493
AI Summary
Desklib provides past papers and solved assignments for students. This solved assignment covers information security, focusing on encryption, decryption, and biometrics.
ITC595 - INFORMATION
SECURITY ASSESSMENT ITEM 2
SECURITY FUNDAMENTALS
Student name:
Student id:
SECURITY ASSESSMENT ITEM 2
SECURITY FUNDAMENTALS
Student name:
Student id:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
Introduction......................................................................................................................................3
Question 1........................................................................................................................................4
Question 2........................................................................................................................................5
Question 3........................................................................................................................................6
Question 4........................................................................................................................................7
Question 5........................................................................................................................................8
Conclusion.......................................................................................................................................9
Introduction......................................................................................................................................3
Question 1........................................................................................................................................4
Question 2........................................................................................................................................5
Question 3........................................................................................................................................6
Question 4........................................................................................................................................7
Question 5........................................................................................................................................8
Conclusion.......................................................................................................................................9
Introduction
the document presented here is prepared for Assessment 2 of the course. This comprises of the
answers that were asked in the Assessment 2 testing the knowledge of the ciphertext, encryption
& decryption techniques and their implementation. The documents also contain the knowledge
of the reasons why the biometric is not preferred by the people and the ways in which the false
negatives of the biometric authentication can have consequences.
the document presented here is prepared for Assessment 2 of the course. This comprises of the
answers that were asked in the Assessment 2 testing the knowledge of the ciphertext, encryption
& decryption techniques and their implementation. The documents also contain the knowledge
of the reasons why the biometric is not preferred by the people and the ways in which the false
negatives of the biometric authentication can have consequences.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Question 1
Considering the case of the ATM and the Personal Identification Number used to authenticate
the user at the time of the use of the ATM, the examples for the integrity, confidentiality, and
availability that are related to the system are as following:
1. Integrity needs:
To maintain the integrity of the customer and the ATM, the transactions that are
performed via ATM should be done in the account associated with the respective
ATM card.
2. Confidentiality needs:
The PIN used by the user to authenticate itself should be in encrypted form.
The channel of the communication between the Bank and the ATM must be in
the encrypted form to maintain integrity.
3. Availability needs:
The system is for the user ease; therefore, the system should be available all the
time.
The system should have no limit to the number of users served (Konheim, 2016).
Considering the case of the ATM and the Personal Identification Number used to authenticate
the user at the time of the use of the ATM, the examples for the integrity, confidentiality, and
availability that are related to the system are as following:
1. Integrity needs:
To maintain the integrity of the customer and the ATM, the transactions that are
performed via ATM should be done in the account associated with the respective
ATM card.
2. Confidentiality needs:
The PIN used by the user to authenticate itself should be in encrypted form.
The channel of the communication between the Bank and the ATM must be in
the encrypted form to maintain integrity.
3. Availability needs:
The system is for the user ease; therefore, the system should be available all the
time.
The system should have no limit to the number of users served (Konheim, 2016).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Question 2
The ATM PIN is the main key that is used to authenticate the user holding the card. The ATM
PINs are known to be the most secure method and are a combination of the digits starting from
0-9. The digits in the ATM PIN can be any order and any sequence. There is no constraint on the
repetition of the digits (Nelligani, Reddy, & Awasti, 2016). The only constraint is that it should
be of 4 digits only.
As per the case study, 5 keys (key 1- key 4) of the ATM numeric board have been destroyed by
the thief, and only five are remaining. This means that the PIN will be made of the remaining 5
keys.
As the PIN is a combination of the remaining 5 keys:
The probability of using key 1 as the first entry of PIN is equal to 5
The probability of using key 2 as the first entry of PIN is equal to 5
The probability of using key 3 as the first entry of PIN is equal to 5
The probability of using key 4 as the first entry of PIN is equal to 5
So, the complete number of hit and trails chances that a thief can use will be the multiplication of
all the probabilities: 5*5*5*5= 25*25= 625. So mathematically there are 625 combinations that
need to be tried. So, a number of unsuccessful attempts are 624.
The ATM PIN is the main key that is used to authenticate the user holding the card. The ATM
PINs are known to be the most secure method and are a combination of the digits starting from
0-9. The digits in the ATM PIN can be any order and any sequence. There is no constraint on the
repetition of the digits (Nelligani, Reddy, & Awasti, 2016). The only constraint is that it should
be of 4 digits only.
As per the case study, 5 keys (key 1- key 4) of the ATM numeric board have been destroyed by
the thief, and only five are remaining. This means that the PIN will be made of the remaining 5
keys.
As the PIN is a combination of the remaining 5 keys:
The probability of using key 1 as the first entry of PIN is equal to 5
The probability of using key 2 as the first entry of PIN is equal to 5
The probability of using key 3 as the first entry of PIN is equal to 5
The probability of using key 4 as the first entry of PIN is equal to 5
So, the complete number of hit and trails chances that a thief can use will be the multiplication of
all the probabilities: 5*5*5*5= 25*25= 625. So mathematically there are 625 combinations that
need to be tried. So, a number of unsuccessful attempts are 624.
Question 3
The following are the major reasons why the biometrics are not preferred by the people:
1. The main reason why biometrics are not preferred by people is that they are not private.
As per the password policy, the password is only known to the user but, biometrics
include ears, eyes, fingerprints which are exposed to the external environment daily
which makes their copy easily available.
2. Biometrics being hackable is the most common reason for people being reluctant towards
biometric use. The famous hacker Jan Krissle found the ways to hack the biometric
security of Apple right after the launch of the iPhone.
3. The consequences of biometric hacking can be very severe. Once someone’s biometrics
is hacked, the hacker can easily use those to falsify many things like criminal records and
passports. The main problem with someone else having access to your biometrics is that
once the biometric is stolen, unlike the PIN the biometrics cannot be changed (Pendke, et.
al., 2019).
For making people more and more comfortable with the biometrics, the following can be done:
1. Use of double step authentication having the first step as password and second as
biometrics.
2. Use of biometrics that is not easily detectable by others like iris.
3. Not using biometrics for the ultimate security and using them only for the preliminary
purpose.
The following are the major reasons why the biometrics are not preferred by the people:
1. The main reason why biometrics are not preferred by people is that they are not private.
As per the password policy, the password is only known to the user but, biometrics
include ears, eyes, fingerprints which are exposed to the external environment daily
which makes their copy easily available.
2. Biometrics being hackable is the most common reason for people being reluctant towards
biometric use. The famous hacker Jan Krissle found the ways to hack the biometric
security of Apple right after the launch of the iPhone.
3. The consequences of biometric hacking can be very severe. Once someone’s biometrics
is hacked, the hacker can easily use those to falsify many things like criminal records and
passports. The main problem with someone else having access to your biometrics is that
once the biometric is stolen, unlike the PIN the biometrics cannot be changed (Pendke, et.
al., 2019).
For making people more and more comfortable with the biometrics, the following can be done:
1. Use of double step authentication having the first step as password and second as
biometrics.
2. Use of biometrics that is not easily detectable by others like iris.
3. Not using biometrics for the ultimate security and using them only for the preliminary
purpose.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Question 4
The case of false negative in the biometric system means that the system is not able to recognize
the individual’s biometrics. the rate of false negative and false positive can be tuned as per the
requirement of the system for which the biometric is being used. The following two can be
serious cases of consequences of false negative:
1. In the case of the data retrieval from the biometric authentication, the data can be
permanently blocked or self-destructed when the rate of the false negatives increment is
higher. For example, in the case of the iPhone, the device is permanently locked if the
fingerprints are not right.
2. There are systems in the world that are operated based on the recognized voice
commands. These types of the system might seize to not operational stage if the right
biometric or voice is not detected (Mukherjee, 2015).
The case of false negative in the biometric system means that the system is not able to recognize
the individual’s biometrics. the rate of false negative and false positive can be tuned as per the
requirement of the system for which the biometric is being used. The following two can be
serious cases of consequences of false negative:
1. In the case of the data retrieval from the biometric authentication, the data can be
permanently blocked or self-destructed when the rate of the false negatives increment is
higher. For example, in the case of the iPhone, the device is permanently locked if the
fingerprints are not right.
2. There are systems in the world that are operated based on the recognized voice
commands. These types of the system might seize to not operational stage if the right
biometric or voice is not detected (Mukherjee, 2015).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Question 5
The ciphertext is the text that is generated after the plain text is encrypted. The ciphertext that is
provided for the assessment is:
LCDOMXIZYXVHPXMJQSHAANWFIHABRT
The available key is of length 30.
The following process will be done to obtain the plain text from the cipher:
1. One-time pad decryption will be done in the first step and in this, a variable key is used
and the resultant of this process is the conversion of cipher into numbers. The following
numbers were obtained after this step:
4,13,17,8,4,14,4,23,23,10,9,2,12,22,4,20,10,14,25,14,18,3,13,17,2,26,13,25,13,13 (with
mod 26)
2. For obtaining the plain text the from the cipher, Vignere Cipher Decryption with the
given key – 567 will be used. The result is as following:
25,7,10,3,24,7,25,17,16,5,3,21,7,16,23,15,4,7,20,8,11,24,7,10,23,16,6,20,7,6 (with mod
26)
3. Caesar Cipher Substitution will be used in the next step in order to generate the final
plain text. For this method, the alphabets will be verified for all feasible shifts till 25.
On shifting to three places, the plain text is obtained:
WEHAVEWONCASENUMBERFIVEHUNDRED
The ciphertext is the text that is generated after the plain text is encrypted. The ciphertext that is
provided for the assessment is:
LCDOMXIZYXVHPXMJQSHAANWFIHABRT
The available key is of length 30.
The following process will be done to obtain the plain text from the cipher:
1. One-time pad decryption will be done in the first step and in this, a variable key is used
and the resultant of this process is the conversion of cipher into numbers. The following
numbers were obtained after this step:
4,13,17,8,4,14,4,23,23,10,9,2,12,22,4,20,10,14,25,14,18,3,13,17,2,26,13,25,13,13 (with
mod 26)
2. For obtaining the plain text the from the cipher, Vignere Cipher Decryption with the
given key – 567 will be used. The result is as following:
25,7,10,3,24,7,25,17,16,5,3,21,7,16,23,15,4,7,20,8,11,24,7,10,23,16,6,20,7,6 (with mod
26)
3. Caesar Cipher Substitution will be used in the next step in order to generate the final
plain text. For this method, the alphabets will be verified for all feasible shifts till 25.
On shifting to three places, the plain text is obtained:
WEHAVEWONCASENUMBERFIVEHUNDRED
Conclusion
The report prepared here is for Assessment 2 and the questions that were asked in the
assessment. The questions asked were correctly answered in the document presented here. The
biometrics and encryption & decryption knowledge are tested in the assessment. The assignment
presented here provided help in learning the key concepts of the encryption & decryption and the
concepts of the biometric authentication and the problems related to them.
The report prepared here is for Assessment 2 and the questions that were asked in the
assessment. The questions asked were correctly answered in the document presented here. The
biometrics and encryption & decryption knowledge are tested in the assessment. The assignment
presented here provided help in learning the key concepts of the encryption & decryption and the
concepts of the biometric authentication and the problems related to them.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
References
Konheim, A. G. (2016). Automated teller machines: their history and authentication
protocols. Journal of Cryptographic Engineering, 6. 1. 1-29.
Mukherjee, A. (2015). Physical-layer security in the internet of things: Sensing and
communication confidentiality under resource constraints. Proceedings of the IEEE, 103. 10.
1747-1761.
Nelligani, B. M., Reddy, N. U., & Awasti, N. (2016, August). Smart ATM security system using
FPR, GSM, GPS. In 2016 International Conference on Inventive Computation Technologies, 3.
1-5.
Pendke, K., Singh, S., Dhoble, N., Kewat, S., & Patil, S. (2019). Privacy-Preserving of Data
using Bio-Metric in Cloud Storage.
Konheim, A. G. (2016). Automated teller machines: their history and authentication
protocols. Journal of Cryptographic Engineering, 6. 1. 1-29.
Mukherjee, A. (2015). Physical-layer security in the internet of things: Sensing and
communication confidentiality under resource constraints. Proceedings of the IEEE, 103. 10.
1747-1761.
Nelligani, B. M., Reddy, N. U., & Awasti, N. (2016, August). Smart ATM security system using
FPR, GSM, GPS. In 2016 International Conference on Inventive Computation Technologies, 3.
1-5.
Pendke, K., Singh, S., Dhoble, N., Kewat, S., & Patil, S. (2019). Privacy-Preserving of Data
using Bio-Metric in Cloud Storage.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.