Task This assessment aims to develop and gauge student understanding of the key topics covered so far by answering the following questions. Answering these questions will help you build some understanding for the next assessment item as well as for the entire subject. It is expected that answers to the assignment questions be succinct (i.e. precise and concise) with all sources of information fully referenced as per APA referencing style. You have to reference the text book and any additional material you have used in your answers..
Question 1: Automated Teller Machines (ATM) are designed so that users will provide a personal identification number (PIN) and a card to access their bank accounts. Give examples of confidentiality, integrity and availability requirements associated in such a system and describe the degree of importance for each requirement.
Question 2: A thief broke into an Automated Teller Machine (ATM) using a screwdriver and was able to jam the card reader as well as breaking five keys from the keypad. The thief had to halt the process of break-in and hide, as a customer approached to use the ATM. The customer was able to successfully enter their ATM card, punch in the 4 digit PIN and was able to draw out some cash. Since the card reader was jammed, the customer was however not able to withdraw the ATM card, and drove off to seek some help. In the meantime, the thief came back and decided to try to discover the customer’s PIN so that he can steal money from the customer. You are required to calculate the maximum number of PINs that the thief may have to enter before correctly discovering the customer’s PIN?
Question 3: Thinking about bio-metric authentication, list three reasons why people may be reluctant to use bio-metrics. Describe various ways of how to counter those objections.
Question 4 : In bio-metric authentication, false positive and false negative rates can be tuned according to the requirement, and they are often complementary i.e. raising one lowers the other. Describe two circumstances where false negatives are significantly more serious than false positives.
Question 5: Transposition is one known method of encrypting the text. What can be one way that a piece of cipher text can be determined quickly if it was likely a result of a transposition? Utilising some of the decryption techniques (substitution and others) covered in the subject so far, you are required to decipher (find the plain text) the cipher text that will be proviced to you closer to the assessment due date via the subject site. In order to present your solution, you need to demonstrate and explain the steps taken to decipher this text.
Importance of ATM Machine: This particular section of the assignment on information security describes about the importance of ATM Machine. The Automated Teller Machine allows the customer to perform transactions by themselves without any help from the bankers. It also allows the customer to draw the cash and deposit the cash in it. There are two types of ATM machines such as the basic machine and the complex machine. The basic machine allows the customer to withdraw the amount and get the receipt back whereas the complex machine allows the customer to withdraw the amount, deposit the amount, pay the credit card payment and generate the reports. It is defined in this assignment on information security as the electronic device where the transactions could be processed only by the bank customers. ATM credit card or the debit card is the hard plastic card which is being encoded with the magnetic strip. Here the user need to insert the ATM card into the machine and process it. The user needs the debit card or the credit card along with the PIN. It is mandatory to have the card and the PIN in order to perform the transaction. In order to perform the transaction the internet is much important. The chip in the debit or the credit card allows the user to perform the transactions.
Examples of Confidentiality, Integrity and Availability
Confidentiality, here the PIN number and the card details needs to be kept confidentially. It is possible to perform the transaction. All the details needs to be maintained in the confidential manner and the details should not be disclosed to any of the unauthorized users. There are possibilities where the card could be jammed and it could be scanned.
Integrity of the ATM depends on the data remaining the same even after performing the transaction. The amount withdrawn or deposited should be the same based on the transaction. The system needs to update each of the transaction done over it.
In order to depict the availability, the ATM machine needs to be available 24/7 and provide support to its users from all the location. It should allow only the authorized users to perform the transaction. (Flook, 2011)
Thief at the ATM: It’s given that the thief was in ATM to attack the ATM machine and steal the money from it. Hence the thief, plans to jam the card reader in the machine. He uses the screw driver in order to break the keys first so that if the customer enters the PIN which are left over he can able to find the PIN. While performing this action, the customer had entered in to the ATM machine to withdraw the amount. The customer insert the card and enters the PIN to perform the transaction. Since the thief has broken few keys, the customer even then managed to enter his PIN, and then the amount to be withdrawn is also entered. Then the ATM process the requests but can’t able to deliver the amount out of the machine. This is because the customer has implemented the jamming hence the card remains in the machine and even the money too. By seeing this, the customer planned to get help from others and goes out of the ATM Machine. The thief has utilized this opportunity and planned to try the various combinations of the PIN since only 5 keys are left over. There are two options such as the one being the repetition of the same number and the other option is different numbers. The probability of the first option is 5*5*5*5* = 625 and the other option is 5*4*3*2*1=120. Hence the thief needs to perform this much tries in order to get the correct PIN. (Kataria, 2014)
Biometrics reluctant to people: The biometrics authentication is defined I this assignment on information security as the most secured process to verify each of the individual from other individual. Here the biometric data is being captured and it is being stored in the database. If the biometric data matches between them, then the authentication is being confirmed. By using the biometric authentication, the resources can be managed. There are different types of the biometric authenticated technologies are the finger scanning, facial recognition, voice identification, etc. it is defined as the simple process to verify the identity and the unique features of the human. It could be any of the measurements and the calculations. It also verifies the body measurements.
Biometric is not secured at most of the time because the data is stored in the database and it is hacked by the unauthorized users and they are accessing it when needed for illegal purposes. When it is done then the people face more issues where they have not done any illegal activities. When the hacking is done the data of the authorized used is swapped with the unauthorized user so that the criminal escapes from the criminal activities and the people will suffer for that.
In many of the biometric scanning process partial scanning is done and the unlocking is done. Because of this anyone can hack any device with the proper authentication procedure. Due to partial authentication, finger prints are scanned partially and the multiple attempts will make the system to get unlocked. Even the face recognition system is more dangerous where the photo can be scanned for device authentication.
The maintenance of the biometric details is hectic so that big database is required for storing the details of all employees in the organization. If the employee id and the biometric details are mismatched then he is considered as vulnerable to the organization at any decade. (Bhattacharyya, 2009)
False Negative and the False Positive Rates: The false negative and the false positive rates n this assignment on information security refers to the individual processing, accessing and authenticating the materials. There are various consequences which are faced during the false positive and the false negative.
The false negative occurs when the user access the information and it’s being prevented by the other users which leads to the information not accessing. This affects the infrastructure and hence the resources such as the server and the functions are being lagged. It also leads to the loss in the organization and hence the reputation gets affected of the workers. The database information also gets damaged due to various health issues.
When considering the false positive rate in this assignment on information security, it involves in the accessing and authenticating the materials. When those materials gets accessed, it gets duplicated. This process involves in the identification and verification involves the error called the typing 2 error. The serious error occurs when the system is being accessed without the authentication and the authorization. The information which are prone to the hacked are the customer information and the user information.
When the scanning is done at the investigation process to identify the criminal and if the system fails to identify the criminal by the scanning process then he can be declared as innocent. Even he is the criminal but the system shows like his biometric scan is mismatched then nothing can be done at any circumstances.
Even in the medical field biometric scanning is used for the doctors to activate the machines. At the time of activation and at the emergency time if the system fails to show the doctor is authenticate then there can be many issues and human losses will occur. So that false negative is the more serious when compared to false positive. (Smet, 2004)
In cryptography, transposition cipher is the encryption method. In this process the plain text is being changed to the cipher text. The plain text is changed by the process of changing the process of each of the character. This method is also verified by the use of the evaluation methods. There are different types of the cipher methods such as the double transposition, rail fence cipher, route cipher, columnar transposition, etc. it is method where the plaintext is being shifted based on the regular method and hence the cipher text is being obtained. The given plaintext over here is 7,15,12,6,8,9,4,2,1,13,12,5,31,8,15,6,4,8,12,8,10,9,14,6,11,13,2,4,6. This is the text that needs to be encrypted by using the offset value of 1 and hence the plaintext which is provided with the offset 1 is 8,16,13,7,9,10,5,3,2,14,13,6,32,9,16,7,5,9,13,9,11,10,15,7,12,14,3,5,7
It is the alphabetical order value in the sequence of the data is L represents the 8, M represents 9, N represents 10 and so one. Based on this the formed sequence over here is LC DCMX IZY XUHP XMJQSH AANW FIHABRT. The Caesar cipher is applied to this text and the key used over here is 567. When the keys are being added in the 567 sequence the characters that are formed is DM QHDN DWW JIBL VDTJNY NRCM QBVMYA and finally by applying the keys and the offset the result is WE HAVE WON CASE NUMBER FIVE HUNDRED. This method of transforming the given text to the cipher text based on the key and the offset is called as the caser transposition cipher. (Ritter, 1991)
Bhattacharyya, D., Ranjan, R., Alisherov, F., & Choi, M. (2009). Biometric authentication: A review. International Journal of u-and e-Service, Science and Technology, 2(3), 13-28.
Kataria, A. N., Adhyaru, D. M., Sharma, A. K., & Zaveri, T. H. (2013, November). A survey of automated biometric authentication techniques. In 2013 Nirma University International Conference on Engineering (NUiCONE) (pp. 1-6). IEEE.
De Smet, F., Moreau, Y., Engelen, K., Timmerman, D., Vergote, I., & De Moor, B. (2004). Balancing false positives and false negatives for the detection of differential expression in malignancies. British Journal of Cancer, 91(6), 1160.
Ritter, T. (1991). Transposition cipher with pseudo-random shuffling: The dynamic transposition combiner. Cryptologia, 15(1), 1-17.
Flook, R. A., Rakoff, S. B., & Parkitny, M. (2011). U.S. Patent No. 7,995,791. Washington, DC: U.S. Patent and Trademark Office.