Confidentiality

Discuss about the Information Security for Data Encryption Process.

Confidentiality, integrity, and availability are the three basic privacy factors that deals with the securing the data in the system. According to Triad, there are many reasons to involve the three factors in data security.

Confidentiality: The confidentiality ensures to keep the data confidential while the data is transmitting (Kim et al., 2015). One example of confidentiality is that the data is to be kept confidential while processing transaction in an ATM. The data that is confidential is only available with the authorized user, and no other unauthorized user gets the access of the data. The pin number, card number, and the CVV number are extremely confidential and is to be kept secret by the user (Bhagavatula et al., 2015). The process by which the data can be kept confidential is by using the data encryption technique. Data encryption process is applied to the original text and then the cipher text is transmitted from the sender to the receiver. The passwords of the account and the CVV number are to be kept private by the user.

Integrity: The process of integrity involves to keep the data accurate, the data consistent and the data should be have trustworthiness throughout its life. Data integrity ensures that the information should remain same while it is being transmitted from the receiver to the sender or vice-versa (Ghosh et al., 2017). Any other unauthorized person should not have the accessibility of change the data. The file permission should not be given to unauthenticated person. There are many cryptography methods that can be used to keep the data integrity (Ciuffo & Weiss, 2017). Example of data integrity is the information that is involved in the ATM is kept to be kept same while user is using the ATM card. There can also be redundancy algorithms that are used for data integrity.

Availability: The data availability is the most important part in the privacy method of data security. The data that are available should be present with all the security to the user. The hardware and the software that are associated with the data should be available to the user, and there should always a backup storage of data that is available with the user (Alsaadi, 2015). The firewalls can also be used as an proxy servers to give security to the data available. The user of the ATM should not lose their data to other some other unauthorized person, which can lead to data breach (He & Wang, 2015). The systems involved with the system should be upgraded and the systems should always perform all its functions correctly.

Integrity

There are many security systems that the ATM that are implemented by the system developers of ATM. The ATM system provides with many security process. One of those securities states that the user is not able to enter the ATM pin wrong more than three times. The customer can enter wrong pin of maximum three times (Rahman & Choo, 2015). The wrong pin by a customer can be dialed accidentally, or it can be deliberate as well. The security of the ATM allows three wrong pins and that after that the card usually gets blocked and no more transaction is possible for that time. In the given scenario, a thief broke into an ATM and jammed the card reader of the atm. He also broke down keys from the keypad of the ATM machine. After breaking five keys on the keypad, he was interrupted by a customer who can to withdraw money from the account. After the successful transaction of the customer, he was not able to take out the ATM card as the reader was jammed. When he went outside to get some helps, the thief in the meantime tried with the customer’s card to withdraw some cash. With five keys available, there are many possibilities to generate a four digit pin. The total outcome of possibilities is 5! / (5-4)! = 120 times.

Since, there is no possibility in the ATM to input 120 times the trial pin, the thief has only three hit and trial method to input the pin in the machine. Only three times, the ATM pin can be tried (Ciuffo & Weiss, 2016). If the thief is lucky enough to get the pin within the three trial methods, he will be successful in withdrawing the money from the ATM. If all the three trail pins, tried by the thief gets wrong then the card will be blocked and the there cannot be any transaction possible for that time. If the card gets blocked there are many security process the user has to go through. The user will have to call the customer care service of the bank to unblock the card with certain credentials that will be asked by the customer care agent, and the second process is that the customer will have to wait for 24 hours before the card starts working.

There are many reasons for which the people finds reluctant to use the biometric authentication. The following are the reasons for not depending on the biometric authentication.

Availability

1) Providing Security: The system of biometric authentication ensures to provide security to all the organization and the people they work for. The biometric authentication system are to provide convenience of data, accountability of data, and the system demands that the data available in the system are very difficult to forge. But, none of the security is totally fulfilled by the concept of biometric authentication (Layton, 2016). There are many data breach case that are involved in organizations that uses biometric authentication. The system so biometric has some other problems as well in the sector of security. There are false acceptance case and false rejection case in the system for which security cannot be provided properly. The system sometimes falsely detects the data of an authenticated user as a unauthenticated one, and sometimes the data of an authenticated user does not match the data in the database and rejects the authentication of the user (Alaskar, Vodanovich & Shen, 2015). These are very usual problems that users face while dealing with the biometric system.

2) As the biometric deals with physiological part of the body, there are many chances of making a fake fingerprint if the attacker wants to breach the data. the attacker can make a high quality printing of fingerprint and can do the authentication without the acknowledgement of the authenticated user (Memon, 2017). The iris scanning can also be tricked  by the attacker by the process of taking photo with a cheap camera at night mode, and then print the paper and also use a lens to detect the roundness of the eye.

3) The biometric system does not allow the user to change the print of the finger, or scanning or retina or iris. The Biometric scanning is very difficult to change. This is not the case in authentication that deals with passwords or ID cards. The passwords can be changed easily, and there is also a recovery mode if the password is forgotten. So, using the biometric authentication, it is very difficult to recover the password (Chen, Pande & Mohapatra, 2014). Using another password or new ID card is much easier than changing the biometric scanning for the authentication process. The data in the biometric system cannot be changed remotely as done in password authentication. The user have to be present with the system at the time of scanning.

The case of false positive implies when a biometric system falsely accepts the data of an unauthenticated user as a valid one and allows the authentication for the unauthorized user. This hampers the login security of the system (Barbosa & Silva, 2015). There are false positive rates or false acceptance rate that is determined by the ratio of the total number of data that are false positive to the total number of identification that is done. False negative generally occurs when the system does not recognize the data of an authenticated user and rejects the authentication even if the user is an authorized one. There is false negative rate as well. The ratio between the total number of false negative identification, to that of the total number of identification is the false negative rate or the false rejection rate (De Luca et al., 2015). There are many examples that depict the fact that the false negative rate is basically more than the false acceptance rate. In the month of October 2011, the company named Microsoft Security Essentials faced false negative rate by thinking Chrome Browser as a malware known as Zbot. Another example of false negative rate is software developers spens lot of time for tracking the flagged vulnerabilities.

ATM Security Processes

There are many process of converting the text to cipher text. Caesar substitution method can be used that is similar to transposition method of encrypting as well as decrypting a text. There are other methods as well. Substitution method can also be used for encryption process. Other methods that are used for encrypting and decrypting the text are Baconian method, columnar transposition method, Affine method, Double transportation method.

The given text for decryption is:

NTJWKHXK AMK WWUJJYZTX MWKXZKUHE

The decryption process is firstly done by applying the given key to the numeric alphabet values of the text. Then substitution method is applied. After substitution method, a Caesar cipher shift for 3 digit is followed from where the decrypted text can be obtained. The tables shows the entire process.

Final decrypted text is

INCREASE THE PROCESSOR FREQUENCY 

References

Alsaadi, I. M. (2015). Physiological Biometric Authentication Systems, Advantages, Disadvantages And Future Development: A Review. International Journal Of Scientific & Technology Research, 4(8), 285-289.

Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., & Savvides, M. (2015). Biometric authentication on iphone and android: Usability, perceptions, and influences on adoption. Proc. USEC, 1-2.

De Luca, A., Hang, A., Von Zezschwitz, E., & Hussmann, H. (2015, April). I feel like I’m taking selfies all day!: towards understanding biometric authentication on smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (pp. 1411-1414). ACM.

Ghosh, S., Majumder, A., Goswami, J., Kumar, A., Mohanty, S. P., & Bhattacharyya, B. K. (2017). Swing-Pay: One Card Meets All User Payment and Identity Needs: A Digital Card Module using NFC and Biometric Authentication for Peer-to-Peer Payment. IEEE Consumer Electronics Magazine, 6(1), 82-93.

Kim, H., Park, J., Lee, J., & Ryou, J. (2015). Biometric authentication technology trends in smart device environment. In Mobile and Wireless Technology 2015 (pp. 199-206). Springer, Berlin, Heidelberg.

Memon, N. (2017). How Biometric Authentication Poses New Challenges to Our Security and Privacy [In the Spotlight]. IEEE Signal Processing Magazine, 34(4), 196-194.

Ab Rahman, N. H., & Choo, K. K. R. (2015). A survey of information security incident handling in the cloud. Computers & Security, 49, 45-69.

He, D., & Wang, D. (2015). Robust biometrics-based authentication scheme for multiserver environment. IEEE Systems Journal, 9(3), 816-823.

Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. CRC Press.

Chen, S., Pande, A., & Mohapatra, P. (2014, June). Sensor-assisted facial recognition: an enhanced biometric authentication system for smartphones. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services (pp. 109-122). ACM.

Chen, S., Pande, A., & Mohapatra, P. (2014, June). Sensor-assisted facial recognition: an enhanced biometric authentication system for smartphones. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services (pp. 109-122). ACM.

Alaskar, M., Vodanovich, S., & Shen, K. N. (2015, January). Evolvement of Information Security Research on Employees’ Behavior: A Systematic Review and Future Direction. In System Sciences (HICSS), 2015 48th Hawaii International Conference on (pp. 4241-4250). IEEE.

Barbosa, F. G., & Silva, W. L. S. (2015, November). Support vector machines, Mel-Frequency Cepstral Coefficients and the Discrete Cosine Transform applied on voice based biometric authentication. In SAI Intelligent Systems Conference (IntelliSys), 2015 (pp. 1032-1039). IEEE.

Thomas, K. P., Vinod, A. P., & Robinson, N. (2017, March). Online Biometric Authentication Using Subject-Specific Band Power features of EEG. In Proceedings of the 2017 International Conference on Cryptography, Security and Privacy (pp. 136-141). ACM.

Ciuffo, F., & Weiss, G. M. (2017, October). Smartwatch-based transcription biometrics. In Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), 2017 IEEE 8th Annual (pp. 145-149). IEEE.

Ciuffo, F., & Weiss, G. M. (2017, October). Smartwatch-based transcription biometrics. In Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), 2017 IEEE 8th Annual (pp. 145-149). IEEE.