Discuss about the Security of Biometric ATM Authentication.
ATM is the specific device of telecommunication that helps to withdraw money successfully in spite of going to the bank. The cash withdrawal could be done from bank account. The best benefit that any user gets form the Automated Teller Machine is that there is no time restriction or limitation for withdrawing cash. It could be done anywhere and at anytime. The question is dealing with the CIA triad, that is, Confidentiality, Integrity and Availability. These are the three most important and significant requirements for any ATM. The customers have an ATM card and a unique PIN or personal identification number for their accounts. For users or clients using an ATM banking system, it is extremely vital that their personal information is kept private and confidential. To ensure that the CIA triad is well followed, then below are case examples that need to be taken into considerations.
Confidentiality: This is the first and the most important requirement in any ATM transaction. The confidentiality should be solely maintained by the users. Confidentiality can also be referred to as privacy. This particular type of requirement mainly includes the set of rules or regulations, which eventually restricts the access to any confidential or important place or information. The details of the user are needed to be kept confidential at all times and every interaction level. Such information includes; credit card details, debit card details, personal bank accounts credentials, user PIN among others. If these information will not be kept confidential, the user could suffer major losses management.
The use of unsecured PIN when doing transactions in an ATM may lead to the bank account being compromised. To avoid this, the PIN being used should be appropriately encrypted.
Integrity: This is the second important requirement of the ATM. It helps to maintain the data integrity. This particular requirement provides accuracy to the data and thus helps in ensuring that the data does not lose consistency. For integrity to be guaranteed in a system such as that of an ATM of a bank, then the transactions that a client is performing need to be carried out with consistency and be free of errors. Take a case example, when a customer has a balance of $496,and on querying the ATM, they are given a balance of $4960. The scenario will cause loss of money for the bank. Because the integrity of the ATM and bank as a whole affects the customer account directly, then it should be implemented on every transaction being carried out.
Availability: The third important requirement of the ATM transaction is availability. It is the most critical factor when it comes to the use of any system. Both the data, personal information, all the database, both back end and front end should be available when a user wants to use the system. The system should be responsive enough to guarantee that the user will be able to carry out their transactions any time that they want to do so. Availability affects the growth of the bank directly. If the customers find bank services unavailable most of the times when they need to use it, then most of them will shift to other banks. The degree of importance for a bank should always be to try and be available 99.99% of times that a user wants to use the system.
For the three CIA triad concepts, the degree of importance is highest for confidentiality, followed by integrity and then in the third place is availability respectively.
Facts from the problem indicated that the customer management was able to withdraw the cash using their 4-digit PIN, but because the thief jammed the card reader, then they left their card to go and seek help.
The thief, therefore, wants to try and guess the customer’s PIN and use it to withdraw cash. The thief will try the remaining five numbers on the keypad that he has not already broken –those keys that are functioning correctly. The ATM PIN number is a four digit number.
The aggregate number of times that the criminal will attempt will be 54
54 = 625 times. In this manner the criminal needs to enter 625 keys before entering the right keys.
The system of biometric is the technological system, which substantially utilizes biological information or attributes of any specific person for his or her identification. The use of biometrics for authentication purposes is considered the most robust. This type of system completely relies on the particular data or information regarding unique biological attributes for working effectively. The authentication or authorization of any individual my means of biometrics is known as biometric authentication system. Biometrics is the use of standard physical features of a human body such as the eyes or the fingerprints for authentication. These features of the human body are carefully chosen in a way that they are available or present in every person but also are unique to a particular individual. Biometric authentication is always available giving it an edge over other means of authentication. These means that if you use biometrics as the method of authentication, it cannot be forged, cannot be stolen or even lost. However, there are some reasons why a user may hesitate to use biometric authentication such as:
Cost: Biometric recognition involves complex computational procedures which mean that it will read the authentication feature, g. the fingerprints, then from there; it derives a unique pattern for a particular user. The data for every user is then stored in the database for processing. These complex computational procedures make the biometric devices very costly especially at the initial stages of acquiring the system.
Point of failure: Take a case scenario when a system using biometrics for authentication faces problems. Such as a valid user is invalidated a therefore locked out of the system. If the user had used a fingerprint as the biometric feature then, there is no way that specific user can be issued with another finger like in the case of passwords. To avoid such problems from happening, a high-quality device should be acquired and maximum details of the user collected and saved in the database. A high-quality biometric device translates into a higher cost.
Accuracy: When it comes to efficiency of biometric systems, then we can take a case example of a user who had registered voice as their unique feature, then on a particular instance, due to a throat problem, their voice changes a bit and therefore they are locked out of the system. Since there is always a possibility that a user may fall ill, then many people will want systems that are universal, and therefore they will shy away from using biometrics.
Biometric authentication system is utilized for the purpose of identification of any individual systematically and without any type of complexity. This type of system comprises of an information system and database. The information system within the biometric authentication system does the operation of storing, retrieving, manipulating and collection of confidential data or information. The database within the system of biometric helps to identify the person. The data is matched with the previously existing data. If the data is matched, the person is allowed to enter into the building or is allowed to access the thing. However, if the data does not match with the previously existing data, the person is not allowed to enter into the building. The main advantage of this particular biometric authentication system is that any type of false data or false information is absolutely restricted here. The data entered is always perfect and accurate. There are some of the significant examples of biometric authentication systems. They mainly include fingerprint recognition, scan of palm geometry, scanning of iris and cornea, scanning of retina, voice recognition and the scanning of heartbeats. However, in spite of all these advantages, there are some situations where the biometric authentication systems cannot provide any advantage and rather provides disadvantages. These are known as false negative rates. These types of situations are extremely dangerous as well as serious for the users as they become major problems. Following are the examples of two such situations where the false negative data rates become more serious issue than the false positive rates.
Take a scenario where biometrics is exclusively used as the means of authentication for entering into a company premises such as a server room. The person in charge can be abducted by lawbreakers and his fingerprints used as evidence of the break-in. In this case, the technician in cost will end up being punished,yet they were just victims of their jobs.
I will take another case scenario where two people work in a datacenter, the boss, and their assistant. The boss is the only one that is recognized by the biometric system while the assistant is not. The boss collapses on the floor due to cardiac arrest, and because the biometric device does not identify the assistant, the boss might die on the floor especially if the assistant cannot help resuscitate the boss.
Transposition cipher is one of the most effective encryption technologies in the field of cryptography. The data encryption scheme where the plain text is being shifted to some distinct regular pattern is known as cipher text. In the manual systems, these transpositions are usually carried out with an aid of easy remembrance mnemonic. Any type of confidential plain text is eventually encrypted with this particular type of transposition cipher. This specific kind of encryption technique does its work by simply shuffling all the characters or texts. The positions of the characters or the letters of the plain text are substantially changed or altered and then moved to the regular systems. The algorithm of transposition cipher completes it work by means of permutation. The letters or characters are shuffled in such a manner that the unauthorized or unauthenticated users do not get any track of it.
“Transposition Ciphers work by messing with the order of the letters to hide the message being sent. You can think of this in a way similar to an anagram, but with a more set structure so it can be decrypted easily if you know how it was encrypted.An excellent example of a Transposition Cipher is Columnar Transposition. For this, we’ll take a message (plaintext) and arrange it into a few columns. Let’s try the phrase WE ARE IN DANGER HIDE AT ONCE– and add a bit of padding (random characters) to the end to make each column equal.”
From the above arrangement, one can take the columns vertically and come up with a ciphertext. As you can see, this a safer and easy ciphertext. When decrypting the above message one can opt for below two methods.
It should be noted that in this kind of transposition ciphers, the key would be only knowing the initial number of letters that were in each column and then know the number of columns that were originally written.
The significant and the most important benefit of this columnar transposition over any other encryption methodology is that the algorithm of the columnar transposition encryption technology could be utilized as many times possible for the purpose of encryption and decryption. However, the other methods of encryption could be used in a restricted time. Mathematically, the particular bijective function could be utilized on the positions of the characters of the plain text for the purpose of encryption and a specific inverse function on the positions of the characters of the plain text for the purpose of decryption. Thus, transposition cipher is the most effective form of encryption of any confidential data or information easily as well as effectively.
References
Biometric skimmers threaten the security of biometric ATM authentication. (2016). Biometric Technology Today, 2016(10), 1. doi:10.1016/s0969-4765(16)30145-x
Cantoni, Virginio, Dimov, Dimo, Tistarelli, & Massimo. (2015). Biometric Authentication: First International Workshop, Biomet 2014, Sofia, Bulgaria, June 23-24, 2014, Selected Papers. Springer-Verlag New York Inc.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download