Information Security for Integrity and Availability Requirements

Question: Discuss about theInformation Security for Integrity and Availability Requirements. Answer: Confidentiality, integrity and availability requirements The below points shows the examples of confidentiality, integrity and availability requirements of ATM. Confidentiality: The example of entering PIN shows the confidentiality scenario. The customer intends to use their card such as debit card or credit card by entering PIN to get access their account through swiping the card into ATM system (Saxena Patel, 2017). Thus, the customer eventually expects that the PIN to be secure and confidential in the ATM system. This expectation is not only while swiping but also during transactions through the communication between the bank server and the ATM system. The degree of importance for confidentiality is unsecure and unsafe PIN while the transaction occurred may result in compromising of bank account. This shows that encryption of PIN is necessary and should be done properly. Integrity: The example of withdrawing cash shows the integrity scenario. The customer withdraws $350 from ATM and the account balance is $3350 (Ghafari, Arian Analoui, 2015). The ATM if accidentally updates $2950 in the account of customer instead of showing and updating $3350 then this causes unexpected havoc and loss of balance amount. The degree of importance for integrity is the transaction performed in the system can directly affect the account of customer. Hence, transaction should have integrity that is without any accidental or malicious changes. Availability: The example of serving to all customers at all times shows the availability scenario. The customer go to ATM system and wants to withdraw cash however, the system is out of service (Salnitri, Dalpiaz Giorgini, 2014). This can result into problems for the customer if the customer has emergency for cash. The degree of importance for availability is that ATM system should be available to the customers at all times without any hassle. It can serve to all customers at all times. Maximum number of PINs entered by the thief before entering the correct PIN Solution: The thief tries to enter the correct pin however, before entering the correct pin the thief has to try different number of PINs. The calculation for the maximum number of PINs to be entered for getting the correct PIN number is given as follows. The PIN is of 4 digit number and the thief has to enter between 0000 to 9999 because 0 and 9 are the lowest and highest number in the keypad of ATM. Thus the maximum number of PINs to be entered by the thief is 5P4. Reasons for reluctance to use bio-metrics and possible measures Solution: The below points provide reasons for reluctance in using bio-metrics for people. Accuracy issues- The biometrics is not accurate as there are several factors that hinder the accuracy of bio-metrics. There is probability that bio-metrics can control illegitimate access because of wrong matching is close to zero (Akhtar et al., 2017). However, there is less probability that it will verify legitimate user. The accuracy issues can be countered by using all the possible body parts that can be used for authentication in bio-metrics. Cost- The cost factor is another reason because bio-metrics is costly to use and implement at any place whether at company level or country level (Hadid, 2014). The ways to counter the cost factor is by implementing the bio-metrics that is required for particular area and reasons. Single points of failure- The biometrics if fails to function will lead to halt the entire system in an organization or ATM system or any other place where bio-metrics is used (Martinovic et al., 2017). The biometrics recognizes people and if it fails then all the system will stop functioning. The single points of failure can be countered by controlling the entire system. Circumstances for seriousness of false negatives are more than false positives The two circumstances are given below for false negatives are more than false positives. The situation when a person is an owner of safe and the person wants to access its safe for an emergency because the person needs money (Eberz et al., 2015). However, the owner is prevented from accessing its safe because biometrics does not recognize the owner. Then this causes serious false negatives which poses problems for the person. The other situation when an employee in an organization collapses due to cardiac arrest and the employee is unable to go out. In this situation when another employee goes to the employee to help and at that situation when the biometric does not recognizes the employee then the employees who is collapsed could die (Pandey Verma, 2015). This is the case where false negative can lead to compromise of an individuals health. Transposition technique for a cypher text The step by step demonstration for decipher of text is given below in the following table. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 Encrypted Text N T J W K H X K Corresponding numeric value 14 20 10 23 11 8 24 11 Key 2 3 4 2 3 4 2 3 Decoded from the substitution cipher 12 17 6 21 8 4 22 8 Caeser cipher shift 3 3 3 3 3 3 3 3 Decoded from the caeser cipher 9 14 3 18 5 1 19 5 Decoded Text I N C R E A S E Encrypted Text A M K Corresponding numeric value 1 13 11 Key 4 2 3 Decoded from the substitution cipher 23 11 8 Caeser cipher shift 3 3 3 Decoded from the caeser cipher 20 8 5 Decoded Text T H E Encrypted Text W W U J J Y Z T X Corresponding numeric value 23 23 21 10 10 25 26 20 24 Key 4 2 3 4 2 3 4 2 3 Decoded from the substitution cipher 19 21 18 6 8 22 22 18 21 Caeser cipher shift 3 3 3 3 3 3 3 3 3 Decoded from the caeser cipher 16 18 15 3 5 19 19 15 18 Decoded Text P R O C E S S O R Encrypted Text M W K X Z K U H E Corresponding numeric value 13 23 11 24 26 11 21 8 5 Key 4 2 3 4 2 3 4 2 3 Decoded from the substitution cipher 9 21 8 20 24 8 17 6 2 Caeser cipher shift 3 3 3 3 3 3 3 3 3 Decoded from the caeser cipher 6 18 5 17 21 5 14 3 25 Decoded Text F R E Q U E N C Y References Akhtar, Z., Hadid, A., Nixon, M., Tistarelli, M., Dugelay, J. L., Marcel, S. (2017). Biometrics: In Search of Identity and Security (Q A).IEEE MultiMedia. Eberz, S., Rasmussen, K. B., Lenders, V., Martinovic, I. (2017, April). Evaluating behavioral biometrics for continuous authentication: Challenges and metrics. InProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security(pp. 386-399). ACM. Ghafari, Z., Arian, T., Analoui, M. (2015). SFAMSS: a secure framework for atm machines via secret sharing.arXiv preprint arXiv:1505.03078. Hadid, A. (2014). Face biometrics under spoofing attacks: Vulnerabilities, countermeasures, open issues, and research directions. InProceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops(pp. 113-118). Martinovic, I., Rasmussen, K., Roeschlin, M., Tsudik, G. (2017). Authentication using pulse-response biometrics.Communications of the ACM,60(2), 108-115. Pandey, R. M., Verma, V. K. (2015). Data Security using Various Cryptography Techniques: A recent Survey. Salnitri, M., Dalpiaz, F., Giorgini, P. (2014). Modeling and verifying security policies in business processes. InEnterprise, Business-Process and Information Systems Modeling(pp. 200-214). Springer, Berlin, Heidelberg. Saxena, P., Patel, R. B. (2017). Analysis Of Distributed Environment Based Online Banking Security.