Biometric Security System Assignment
Question
Question 1: Automated Teller Machines (ATM) are designed so that users will provide a personal identification number (PIN) and a card to access their bank accounts. Give examples of confidentiality, integrity and availability requirements associated in such a system and describe the degree of importance for each requirement.
Question 2: A thief broke into an Automated Teller Machine (ATM) using a screwdriver and was able to jam the card reader as well as breaking five keys from the keypad. The thief had to halt the process of break-in and hide, as a customer approached to use the ATM. The customer was able to successfully enter their ATM card, punch in the 4 digit PIN and was able to draw out some cash. Since the card reader was jammed, the customer was however not able to withdraw the ATM card and drove off to seek some help. In the meantime, the thief came back and decided to try to discover the customer’s PIN so that he can steal money from the customer. You are required to calculate the maximum number of PINs that the thief may have to enter before correctly discovering the customer’s PIN?
Question 3:Thinking about bio-metric authentication, list three reasons why people may be reluctant to use bio-metrics. Describe various ways of how to counter those objections.
Question 4: In bio-metric authentication, false positive and false negative rates can be tuned according to the requirement, and they are often complementary i.e. raising one lowers the other. Describe two circumstances where false negatives are significantly more serious than false positives.
Question 5: Transposition is one known method of encrypting the text. What can be one way that a piece of cipher text can be determined quickly if it was likely a result of a transposition? Utilising some of the decryption techniques (substitution and others) covered in the subject so far, you are required to decipher (find the plain text) the cipher text that will be proviced to you closer to the assessment due date via the subject site. In order to present your solution, you need to demonstrate and explain the steps taken to decipher this text.
Answer
Answer 1:
Confidentiality:To access debit or credit cards one must enter a security password which is available only to authorized users and aimed at further enhancing the level of security. While securing the PIN of a respective card it is the responsibility of end user to ensure they use a strong pin. Banks also need to ensure privacy whenever a communication is happening in between ATM and bank server to prevent hacking. The entire transaction needs to be properly secured so to avoid any kind of harm or hackers cracking the card pins and accessing (Ajaykumar & Kumar, 2013).
Proper encryption of PIN ensures that high level of confidentiality is maintained while lack of attention towards the same could lead to breach of data or customers information. Moreover, the policy related to changing PIN after regular intervals will help boost the customers and keep data and information secure.
Integrity:Use of advanced, efficient technology and proper optimization & Collaboration of ATMs is necessary to ensure their integrity is maintained and customers information is secure. Both in case of withdraw and deposit, systems must be updated chronologically with authentic data and does not affect the customer account in any manner. Withdrawals of money should reflect as debits on the account, deposit of funds would result in credit of account.
Moreover, a section or committee should be incorporated to handle queries of customers which are related with mismatch of account due to use of ATM.
Availability:The frequency of ATM should enhance depending upon the demand of the customers and further should be frequently updated with cash to provide accurate services. While ATM which is out of service could lead to customer dissatisfaction, that of ATM with accuracy in services could attract more and more customers.
Answer 2:It is noticed that an ATM machine contains 0-9 numeric key along with some special key. According to the given scenario, it is identified that the thief already breaks the 5 numeric keys. Therefore, he has the opportunities of making combination for ATM password that should be followed within the rest 5 keys. As an ATM pin consists 4 number, it will allow thief in entering 4 digits where the number will be 0000 at lower level and 9999 at higher level because in integer value, 0 is the lowest and 9 is the highest value. Therefore, the maximum combination will be the following: -
5P4 = 5! / (5-4)! =5! /1! = (5*4*3*2*1)/1=120
Answer 3:
Detailed elaboration in the context of using bio-metrics is mentioned below:
Accuracy problem:Authorization of proper user is the major problem with the implementation of bio-metrics. It often becomes inaccurate in terms of analyzing the body parts and should be properly authenticated in order to draw proper outcomes or results (Müller and Fritz, 2016). Moreover, lack of attention in the authentication of bio-metrics could severely damage the outcomes of the same.
Cost:Being costly in nature, the use of bio-metrics becomes complex to use which could be either for country or company level. Thus, proper evaluation or analysis of area or location needs to be done before implementing bio-metrics. Moreover, assistance from financial institutions could also be availed for the purpose of implementing bio-metrics properly.
Points of failure:The entire system is connected with each other and single point failure could lead to shutdown of the entire system. ATM machines would also not perform properly and further could disturb the accounts of customers using the same. The functionality of bio-metrics depends upon recognizing the face of the individuals and disturbance in the same could lead to failure of the entire system (Bakry & Elgammal, 2013).
Answer 4:Following scenario highlights the presence of false negatives over and above false positives.
Scenario 1:As mentioned above that major functionality of bio-metrics is based on recognition of face, it would be treble the owner of a safe in case of an emergency situation. Urgent need of funds could not be properly processed by the elements of bio-metrics as a result of which the owner suffers and situation tends to become false negatives. It is also identified that in a negative kind of approach in bio-matric can allow in accessing location details. There, it is described that the date of the person will store in various database. Sometime, it is also identified that due to technical issue, identification of a person cannot be accessed. The first issues which can be encountered is identity of a person is not known.
Scenario 2:This situation deals with hurting individual physically and creating situation close to death. Employees who are running with cardiac arrest would not get much assistance from other colleagues as bio-metrics would not recognize the same. Instead it could impose more medical damage to primary employees and could play with the life of the same. This type of situation tends to become false negative and could be dangerous for the entire workplace (Takahashi & Hirata, 2011). Second sort of issues which can be experienced is loss of character of individual. There are expansive number of illicit action that can be performed as of late is the utilization of biometric. Thinking about the level of association, it has the ability to close down the general foundation, alongside different sorts of things which is required for putting away of information. It comes up reestablishing of extensive number of administrations which is required for this specific idea or thought.
Answer 5:
|
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z |
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
2 |
13 |
14 |
5 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
|
Encrypted Text |
N |
T |
J |
W |
K |
H |
X |
K |
|
|
Corresponding numeric value |
13 |
19 |
9 |
22 |
10 |
7 |
23 |
10 |
|
|
Key |
1 |
2 |
3 |
1 |
2 |
3 |
1 |
2 |
|
|
Decoded from the substitution cipher |
11 |
16 |
5 |
20 |
>7 |
3 |
21 |
7 |
|
|
Caeser cipher shift |
2 |
2 |
2 |
2 |
2 |
2 |
2 |
2 |
|
|
Decoded from the caeser cipher |
8 |
13 |
2 |
17 |
4 |
0 |
18 |
4 |
|
|
Decoded Text |
I |
N |
C |
R |
E |
A |
S |
E |
|
|
Encrypted Text |
A |
M |
K |
||||||
|
Corresponding numeric value |
0 |
12 |
10 |
||||||
|
Key |
3 |
1 |
2 |
||||||
|
Decoded from the substitution cipher |
22 |
10 |
7 |
||||||
|
Caesar cipher shift |
2 |
2 |
2 |
||||||
|
Decoded from the Caesar cipher |
19 |
7 |
4 |
||||||
|
Decoded Text |
T |
H |
E |
||||||
|
Encrypted Text |
W |
W |
U |
J |
J |
Y |
Z |
T |
X |
|
Corresponding numeric value |
22 |
22 |
20 |
9 |
9 |
24 |
25 |
19 |
23 |
|
Key |
3 |
1 |
2 |
3 |
1 |
2 |
3 |
1 |
2 |
|
Decoded from the substitution cipher |
18 |
20 |
17 |
5 |
7 |
21 |
21 |
17 |
20 |
|
Caesar cipher shift |
2 |
2 |
2 |
2 |
2 |
2 |
2 |
2 |
2 |
|
Decoded from the Caesar cipher |
15 |
17 |
14 |
2 |
4 |
18 |
18 |
14 |
17 |
|
Decoded Text |
P |
R |
O |
C |
E |
S |
S |
O |
R |
|
Encrypted Text |
M |
W |
K |
X |
Z |
K |
U |
H |
E |
|
Corresponding numeric value |
12 |
22 |
10 |
23 |
25 |
11 |
20 |
7 |
4 |
|
Key |
3 |
1 |
2 |
3 |
1 |
2 |
3 |
1 |
2 |
|
Decoded from the substitution cipher |
8 |
20 |
7 |
19 |
23 |
7 |
16 |
5 |
1 |
|
Caesar cipher shift |
2 |
2 |
2 |
2 |
2 |
2 |
2 |
2 |
2 |
|
Decoded from the Caesar cipher |
5 |
17 |
4 |
16 |
20 |
4 |
13 |
2 |
24 |
|
Decoded Text |
F |
R |
E |
Q |
U |
E |
N |
C |
Y |
References:Ajaykumar, M. & Kumar, N.B., 2013. Anti-theft ATM machine using vibration detection sensor. international journal of advanced research in computer science and software engineering, 3(12).
Bakry, A. & Elgammal, A., 2013, June. Mkpls: manifold kernel partial least squares for lipreading and speaker identification. In Computer Vision and Pattern Recognition (CVPR), 2013 IEEE Conference on (pp. 684-691). IEEE.
Müller, S.C. & Fritz, T., 2016, May. Using (bio) metrics to predict code quality online. In Proceedings of the 38th International Conference on Software Engineering (pp. 452-463). ACM.
Takahashi, K. & Hirata, S., 2011. Cancelable biometrics with provable security and its application to fingerprint verification. IEICE transactions on fundamentals of electronics, communications and computer sciences, 94(1), pp.233-244.
