Importance of Confidentiality, Integrity, and Availability in ATM Machines
1. Examples of confidentiality, integrity and availability requirements associated ATM machines describing the degree of importance for each requirement.
2. Calculation for the maximum number of PINs that the thief might have to enter before correctly discovering a customer’s PIN.
3. Three reasons why people may be reluctant to use biometrics and ways to counter those objections.
4. Description of two circumstances where false negatives are significantly more serious than false positives.
5. One way that a piece of cipher text can be determined quickly if it was likely a result of a transposition. Deciphering the plain text for the Caeser cypher “NTJWKHXK AMK WWUJJYZTX MWKXZKUHE” with key 234 that George wanted to send his employees.
1.Automated Teller Machines or ATMs have become one of the integral parts of a common mass nowadays. It has made lives easier with the ready availability of cash in case of an emergency or by making people travel safely going cashless (Sharma, Misra & Misra, 2014). However, Automated Teller Machines or ATMs express the examples of confidentiality, integrity and availability. These examples would be further described with the degree of importance for each as below:
Confidentiality: A customer uses the unique access PINs or Personal Identification Numbers to access their personal bank accounts using ATM cards. Therefore, it is natural that a customer expects the PIN to be extremely confidential in every transaction made between the host system and the bank server along the line of communication (Bachu, 2017). The degree of importance for this requirement is very high since a PIN should be appropriately encrypted otherwise it may lose the level of confidentiality is it supposed to possess. Otherwise, there is a chance that the account could be compromised.
Integrity: Integrity of an Automatic Teller Machine or ATM is only maintained when the customer’s expectation of zero malevolent or inadvertent changes in his or her transactions is sustained (Katz & Lindell, 2014). The degree of importance of having integrity in ATM machines should be high since it directly affects a customer’s personal account while transactions are happening.
Availability: ATM machines have become a necessity and it has now become a need. It is not always possible for a customer to rush to a nearby bank to access account details or withdraw cash. It is even possible a bank holiday has occurred when a customer is in dire necessity of instant cash. The degree of importance of the availability of ATM machines is even necessary for the banks since it would increase the economic growth of a bank. Therefore, it is necessary that an ATM should be made available at almost all times.
Reasons for Reluctance to Use Biometrics and Ways to Counter Them
2.The thief was able to jam the card reader and five keys of the Automated Teller Machine. Therefore, there are four keys left for guessing the password of the person who had a successful transaction after the forgery was done.
The number of keys left = 4
The maximum number of PINs that the thief would require to guess the correct PIN of the customer who had a successful transaction would be the permutation of the total number of keys and the number of combinations that the keys can deliver, that is, 5!/(5-4)!
The result equals to 120 times. Therefore, the thief has to enter a maximum of 120 times before guessing the correct PIN.
3.Biometric systems require the intimate details of the behaviour and body determinants of a person because these attributes are unique to a person. Therefore, it is necessary to keep in mind the cultural, legal as well as the social contexts before deploying a biometric system (Ketab, Clarke & Dowland, 2016). Due to the infiltration of these intimate details, many people display reluctance in using biometric systems.
The social issues that may form an obligation for using biometric can be manifold. A person may find it unsafe to give away their photographs or face attributes for this system for they may have doubt about these information to be used for some unauthorized activity. Some may even have obligations to give away their face details because of any deformity present in their face, such as burn marks or scars. In some cultures, there may be a prime significance of long nails, but having those limits a person to place their fingers in the biometric system for fingerprint details. Moreover, it is beyond the moral rights of a person to ask for these intimate details about any person without their consent since maintaining privacy of intimate data is a lawful right.
Countering these objections to make people use the biometric systems can either be done by evoking the fear of violating law or by making people understand the discrete nature of the information that is recorded through this system for the unique identification attributes of each person. This may counter the cultural and legal obligations. It is important that people be made to understand the fact that the use of biometric is absolutely safe as it is encrypted at a firmware level that it is device specific and information stored can never be duplicated from one device to another
The Severity of False Negatives Over False Positives
4.False negatives are the situations when a system denies a condition when it has existence, where on the other hand, false positives are the situations where system accepts a condition even if it has no existence in real.
In biometrics, false positives are more severe than the false positives. For example, if a biometric system does not acknowledge the fingerprint of authorized personnel as permeable, the incident is a false positive issue that is still manageable (Martinovic et al., 2017). However, accepting the biometrics of an unauthorized malicious person is a false negative case, which has the potential to wreck havoc in the system.
Again, in another case if a person installs a biometric lock in a safe but the false positive situation do not allow his identification as authorized is hazardous but safer than the situation where it allows a thief the access to open the lock in a false negative situation (Eberz et al., 2017). This is a much more dangerous situation when the thief would be provided with the facility of the safe being opened and his job to be completed.
5.Transposition is a method of encryption that is different from the other models as this system deals with the permutation of the position of a plaintext (Pandey & Verma, 2015). Many techniques are followed to encrypt a text in the transposition method. One of them is the reverse order method that explains a cipher text decryption easily (Konheim, 2016). For example, a reverse order cipher text written in transposition as “LUFITUAEB SI DLROW EHT” can be easily and quickly deciphered in reverse order as “THE WORLD IS BEAUTIFUL”.
|
Solution |
|||||||||
|
Encrypted Text |
N |
T |
J |
W |
K |
H |
X |
K |
|
|
Corresponding numeric value |
14 |
20 |
10 |
23 |
11 |
8 |
24 |
11 |
|
|
Key |
2 |
3 |
4 |
2 |
3 |
4 |
2 |
3 |
|
|
Decoded from the substitution cipher |
12 |
17 |
6 |
21 |
8 |
4 |
22 |
8 |
|
|
Caeser cipher shift |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
|
|
Decoded from the caeser cipher |
9 |
14 |
3 |
18 |
5 |
1 |
19 |
5 |
|
|
Decoded Text |
I |
N |
C |
R |
E |
A |
S |
E |
|
|
Encrypted Text |
A |
M |
K |
||||||
|
Corresponding numeric value |
1 |
13 |
11 |
||||||
|
Key |
4 |
2 |
3 |
||||||
|
Decoded from the substitution cipher |
23 |
11 |
8 |
||||||
|
Caeser cipher shift |
3 |
3 |
3 |
||||||
|
Decoded from the Caeser cipher |
20 |
8 |
5 |
||||||
|
Decoded Text |
T |
H |
E |
||||||
|
Encrypted Text |
W |
W |
U |
J |
J |
Y |
Z |
T |
X |
|
Corresponding numeric value |
23 |
23 |
21 |
10 |
10 |
25 |
26 |
20 |
24 |
|
Key |
4 |
2 |
3 |
4 |
2 |
3 |
4 |
2 |
3 |
|
Decoded from the substitution cipher |
19 |
21 |
21 |
6 |
8 |
22 |
22 |
18 |
21 |
|
Caeser cipher shift |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
|
Decoded from the Caesar cipher |
16 |
18 |
18 |
3 |
5 |
19 |
19 |
15 |
18 |
|
Decoded Text |
P |
R |
O |
C |
E |
S |
S |
O |
R |
|
Encrypted Text |
M |
W |
K |
X |
Z |
K |
U |
H |
E |
|
Corresponding numeric value |
13 |
23 |
11 |
24 |
26 |
11 |
21 |
8 |
5 |
|
Key |
4 |
2 |
3 |
4 |
2 |
3 |
4 |
2 |
3 |
|
Decoded from the substitution cipher |
9 |
21 |
8 |
20 |
24 |
8 |
17 |
6 |
2 |
|
Caeser cipher shift |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
|
Decoded from the Caesar cipher |
6 |
18 |
5 |
17 |
21 |
5 |
14 |
3 |
|
|
Decoded Text |
F |
R |
E |
Q |
U |
E |
N |
C |
Y |
Therefore, the plain text that George had sent his employees was “INCREASE THE PROCESSOR FREQUENCY”
References
Bachu, S. (2017). Three-step authentication for ATMs.
Eberz, S., Rasmussen, K. B., Lenders, V., & Martinovic, I. (2017, April). Evaluating behavioral biometrics for continuous authentication: Challenges and metrics. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (pp. 386-399). ACM.
Katz, J., & Lindell, Y. (2014). Introduction to modern cryptography. CRC press.
Ketab, S. S., Clarke, N. L., & Dowland, P. S. (2016). The Value of the Biometrics in Invigilated E-Assessments.
Konheim, A. G. (2016). Automated teller machines: their history and authentication protocols. Journal of Cryptographic Engineering, 6(1), 1-29.
Martinovic, I., Rasmussen, K., Roeschlin, M., & Tsudik, G. (2017). Authentication using pulse-response biometrics. Communications of the ACM, 60(2), 108-115.
Pandey, R. M., & Verma, V. K. (2015). Data Security using Various Cryptography Techniques: A recent Survey.
Sharma, A., Misra, P. K., & Misra, P. (2014). A Security Measure for Electronic Business Applications. International Journal of Computer Applications, 102(7).
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
