1.The CIA (Confidentiality, Integrity, Availability) triad is mainly important for security of the information transmitted from different servers and user’s devices or end points (Beng et al., 2018). For the Confidentiality it is about restricting the users who may have access to some specific information or data.For integrity, it is about the administration of the modification of the transmitted information through any medium. Finally, the availability of the data is about making it sure that authorised users can access the information at any time without any difficulties.
Following are the examples of the above triad from the perspective of the ATM information system and how these attributes are helpful for the security of the data of such system.
Example of confidentiality
For the ATM system, the confidentiality of the of data it is related to securing the access of user data only to the authorized users. For the ATM information system, the customer detail, PIN of the used ATM card to withdraw money from the ATM system should be protected from unauthorised access to the user data. In case any unauthorised user have access to the data, this may lead to the adverse situations for the customer (Rawat & Bajracharya, 2015). One of such technique is Eavesdropping to get unauthorised access to the data transmitted through the server and the ATM systems. Therefore, in order to secure the confidentiality of the information it is suggested to use encryption technique and SSL for data transmission mediums so that even though the data is intercepted by the hackers or attackers they would not be able to get the decrypted data. As the lack of confidentiality of the data an lead to severe results thus it is rated with “High” degree of importance.
Example of Integrity
The integrity of the data in the information system is another important aspect which needs to protected. Integrity of the data ensure that the data is not modified by any unauthorized user or hacker.
Unauthorized modification of the data can adversely impact on the users of the ATM as well as on the financial institutions who maintains it. For the information system the data is valuable if and only if the data is correct. As an example it can be said that, by the unauthorized modification of data transmitted from the ATM, it can result into financial loss of the customers (Rawat & Bajracharya, 2015). As use of the simple encryption techniques can help in protecting the integrity of data, thus it is rated with “Moderate” degree of importance.
Example of Availability
Availability of data is about making sure that, data from the information system is available to the authorized users whenever they need it. This availability of data can be interrupted through the DoS, Man in the Middle Attacks (Beng et al., 2018). Thus routine offline backups can be very helpful in ensuring the availability of data to the users. As lack of availability of the data will lead to the unavailability of all the services from the ATM system, thus it can be marked with “Moderate” degree of importance.
2.For the given scenario, it is given that the thief was successful in breaking five of the total ten keys on the board of the ATM. Now, as the customer was able to enter his/her pin using the remaining five keys thus the users PIN is combination of 4 keys out of the remaining five keys.
Using the concept of permutation and combination we can state that the number of efforts remains for the thief to find the customers pin is given by following formula,
5P4 = 5! / (5-4)!
=120
Thus the number of attempts that can be used by the thief is, 120 times.
3.The main working principle of Biometrics can be stated as, comparison of two data set one is previously inserted data in the device and another one inserted by the different user’s every time they want to enter the secure premises. In order to grant access for a user the Biometric does not requires an exactly identical for the above mentioned two data sets. This matching technique is used as due to sweat or water in the fingertips may disrupt the whole process of identification (Beng et al., 2018). Errors in the processing of the biometric elements consist of a long chain of processing steps which are considered as imperfect by the researchers. For each step the processing chain introduces a slight degree of uncertainty for identification. Uncertainty in this process is inescapable if the first processing step too. As the body part used for biometric can never appear exactly same as it was appeared when registered at first. Pressure and angle of a finger on a scanner. This interruption includes false Positive; where an invalid user is identified as a valid user and given access to the restricted data or premises. Another issue related to this is false Negative. In case of false negative, a valid user is rejected from the biometric authentication process.
Biometrics are hackable: On the other hand, in case of iris scanning and voice recognition it can be said that, they can have hacked using the pictures of the Iris and voice samples. From the example of hacking of German minister Ursula von der Leyen finger prints, it is evident that the fingerprints and iris biometrics can be easily hacked by using their high definition images.
Vulnerabilities in the software’s used for authentication: security researchers also found that, most of the software’s used s for the biometric devices contains different backdoors which can be exploited by the hackers to extract the stored information about the users.
Lack of recovery options: even though the biometric elements are unique for everyone but it does not make sure that these are secure passwords (Eberz et al., 2017). Unfortunately, if any user lost their fingers, eyes then it becomes impossible for them to access the secured data or premises as they longer possess their passwords. In this scenario this password is also not recoverable which leads to more complexity.
4.For biometric authentication process, there are two factors that are used to measure the performance and efficiency of the biometric devices. These are, false positive and false negative. False positive identification happens in case the biometric system mistakenly finds a match for an invalid user’s fingerprint entry which is not enrolled previously in the biometric system.
On the contrary, false negative identification happens if the biometric system finds no match or responds with an error for a query fingerprint that is previously registered in the system. Following are the two scenarios in which the false negatives results into severe results compared to the results of the false positives which accept the biometric of an unregistered user as a registered one.
Personal lockers: At present there are personal lockers are available that recognises its owner using the biometric. In case of any emergency, it is possible that the biometric of the locker responds with false negative. In any emergency situation there may be some critical resources in the locker which will be unavailable for its owner due to the False negative response.
Safety and recovery of IT infrastructure: In every organization where a significant amount of business processes depends on the IT infrastructure, there the IT resources like databases, servers are placed inside a restricted premise which is accessible some of the officials of the organization (Eberz et al., 2017). In case of any failure or attack on the severs, if the biometric system responds with false negative then the officials would not be able to isolate the affected servers so that other servers can be used to support the business process.
5.For any cipher text which is encrypted using the transposition technique then the one of the easiest and quick way to decrypt the text is the letter frequency count and a Trigram count. In this technique the at first the frequency of each letter in the given encrypted text. After this the count of the frequency of triple characters in a sequence is calculated. In this way, the encrypted text can be decrypted.
The encrypted sentence is given by,
NTJWKHXK AMK WWUJJYZTX MWKXZKUHE
For the decryption of the given string the positional values of the letters will play a vital role. Which are given by,
A=1,
B=2,
C=3,
D=4,
E=5,
F =6,
G=7,
H=8,
I =9,
J = 10;
K = 11,
L = 12,
M = 13,
N = 14,
O = 15,
P = 16;
Q = 17,
R = 18,
S = 19,
T = 20;
U = 21,
V = 22,
W = 23,
X = 24,
Y = 25,
Z = 26.
Now for the given string of text, we get the following values for every word,
N=14, T=20, J=10, W=23, K=11, H=8, X=24 K=11;
A=1, M=13, K=11;
W=23, W=23, U=21, J=10, J=10, Y=25, Z=26 T=20, X=24;
M=13, W=23, K=11, X=24, Z=26, K=11 U=21 H=8 E=5;
Now considering the substitution key, 234, we get the transformed sequences as follows,
N=12 T=17 J=6 W=21 K=8 H=4 X=22 K=8
A=23, M=11, K=8
W=19, W=21, U=18, J=6, J=8, Y=22, Z=22 T=18, X=21
M=9, W=21, K=8, X=20, Z=24, K=8 U=17 H=6 E=2
In this sage now we will apply the principles of decrypting Caesar cipher text, we get the following sequences,
|
N |
T |
J |
W |
K |
H |
X |
K |
|
9 |
14 |
3 |
18 |
5 |
1 |
19 |
5 |
|
A |
M |
K |
|
20 |
8 |
5 |
|
W |
W |
U |
J |
J |
Y |
Z |
T |
X |
|
16 |
18 |
15 |
3 |
5 |
19 |
19 |
15 |
18 |
|
M |
W |
K |
X |
Z |
K |
U |
H |
E |
|
6 |
18 |
5 |
17 |
21 |
5 |
14 |
3 |
25 |
Now using the positional values of the last stage, we get the decrypted message as,
|
9 |
14 |
3 |
18 |
5 |
1 |
19 |
5 |
|
I |
N |
C |
R |
E |
A |
S |
E |
The second word,
|
20 |
8 |
5 |
|
T |
H |
E |
Third word,
|
16 |
18 |
15 |
3 |
5 |
19 |
19 |
15 |
18 |
|
P |
R |
O |
C |
E |
S |
S |
O |
R |
|
6 |
18 |
5 |
17 |
21 |
5 |
14 |
3 |
25 |
|
F |
R |
E |
Q |
U |
E |
N |
C |
Y |
The decoded sentence becomes,
INCREASE THE PROCESSOR FREQUEN CY
References
Beng, T. C., Hijazi, M. H. A., Lim, Y., & Gani, A. (2018). A survey on Proof of Retrievability for cloud data integrity and availability: Cloud storage state-of-the-art, issues, solutions and future trends. Journal of Network and Computer Applications.
Eberz, S., Rasmussen, K. B., Lenders, V., & Martinovic, I. (2017, April). Evaluating behavioral biometrics for continuous authentication: Challenges and metrics. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (pp. 386-399). ACM.
Mohanty, S., Ganguly, M., & Pattnaik, P. K. (2018). CIA Triad for Achieving Accountability in Cloud Computing Environment.
Purnama, B., & Rohayani, A. H. (2015). A New Modified Caesar Cipher Cryptography Method with LegibleCiphertext From a Message to Be Encrypted. Procedia Computer Science, 59, 195-204. Oktaviana, B., & Siahaan, A. P. U. (2016). Three-Pass Protocol Implementation in Caesar Cipher Classic Cryptography. IOSR Journal of Computer Engineering (IOSR-JCE), 18(4), 26-29.
Rawat, D. B., & Bajracharya, C. (2015, April). Cyber security for smart grid systems: Status, challenges and perspectives. In SoutheastCon 2015 (pp. 1-6). IEEE.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download