ATM Assignment Addressing Security Fundamentals

Posted on the 30 January 2020 by Jaxon Smith @jaxonsmith32

Question 1: Automated Teller Machines (ATM) are designed so that users will provide a personal identification number (PIN) and a card to access their bank accounts. Give examples of confidentiality, integrity and availability requirements associated in such a system and describe the degree of importance for each requirement.

Question 2: A thief broke into an Automated Teller Machine (ATM) using a screwdriver and was able to jam the card reader as well as breaking five keys from the keypad. The thief had to halt the process of break-in and hide, as a customer approached to use the ATM. The customer was able to successfully enter their ATM card, punch in the 4 digit PIN and was able to draw out some cash. Since the card reader was jammed, the customer was however not able to withdraw the ATM card, and drove off to seek some help. In the meantime, the thief came back and decided to try to discover the customer's PIN so that he can steal money from the customer. You are required to calculate the maximum number of PINs that the thief may have to enter before correctly discovering the customer's PIN?

Question 3: Charles Sturt University Subject Outline ITC595 201960 S I Version 2 - Published 10 July 2019 Page 12 of 29 Thinking about bio-metric authentication, list three reasons why people may be reluctant to use bio-metrics. Describe various ways of how to counter those objections.

Question 4: In bio-metric authentication, false positive and false negative rates can be tuned according to the requirement, and they are often complementary i.e. raising one lowers the other. Describe two circumstances where false negatives are significantly more serious than false positives.

Question 5: Transposition is one known method of encrypting the text. What can be one way that a piece of cipher text can be determined quickly if it was likely a result of a transposition? Utilising some of the decryption techniques (substitution and others) covered in the subject so far, you are required to decipher (find the plain text) the cipher text that will be proviced to you closer to the assessment due date via the subject site. In order to present your solution, you need to demonstrate and explain the steps taken to decipher this text.

Answer 1:
Confidentiality: It is discussed in this ATM assignment that the level of confidentiality gets increased by keeping the approach towards the identification of cards like credit or debit protected with a password which will only be possessed by the owner of that card. Protection towards the PIN of the card is the duty owned by the user itself but it should be the duty of bank as well to keep the privacy between the bank server and ATM. Transactions from the ATM should be kept ultra-secured to avoid considerate attacks or harm by the hackers or attackers for succeeding in getting consumer's satisfaction in the open - air market (Varadarajan & Malpani, 2017).

Proper encoding of PIN could ensure confidentiality being efficiently maintained while absence of awareness towards the same could lead to violation of individual's information or data. So, basically policy of ATM pin being changed in regular intervals for the security of customers information and data will prove to be very fruitful in the long run.

Integrity: To ensure customer satisfaction it is necessary to optimize ATM properly and maintain its integrity by utilizing an efficient technology. For the cases of both deposit or withdrawal, the computer system should be upgraded in a chronological manner so that the authenticity of the data is maintained and does not lead to any harm in the customer's respective account. Depositing money to the individual's account means crediting and withdrawal of money means debiting.

Moreover, a governing body should be constituted to resolve customer issues/queries associated with account mismatch as a result of ATM usage.

Availability: The area density of ATMs should directly be proportional to customer demand in that region and frequency of cash refilling should be in accordance with user requirements so that highest level of customer satisfaction can be provided (Saxena et al., 2019). The other factor that needs to be kept under control is frequent monitoring and servicing of non-functional ATMs.

Answer 2: We all know that an ATM machine contains numerals from 0-9, also including few special keys. As per the mentioned instance, it's known that the thief broke 5 keys. So as for now he is having the suitable moment of making a mix match combination of passwords that should come in accordance or in order within the left 5 keys of that particular ATM. As we all know that an ATM pin is made up of 4 whole number, making it easy for the thief in entering 4 digits key where 9999 will be highest number and 0000 the lowest because its an integer value, 0 and 9 being the minimal and maximal integer value. Therefore, the possible alliance of the pin will be the following: -

5P4= 5! / (5-4)! =5! /1! = (5*4*3*2*1)/1=120

Answer 3: The concerns related to biometrics can lead to customer being reluctant and its usage: -

Accuracy problem: The most important problem with biometrics that is discussed in this ATM assignment is getting the authorization of the correct user. As the in accuracies are very high while analyzing the body parts accurate outcomes cannot be properly authenticated (Hadid et al., 2015). In addition, users pay less attention during the authentication process which results in an unfavorable outcome.

Cost: The biometric system is complex in nature to be handled in a company or at country level. Higher cost for this system also makes it less economical. The designated area and location should be properly evaluated and analyzed so that implementation process is less cumbersome. Support from government or financial institutions could help in lowering the biometric installation expenses.

Failure Points: The whole system is interlinked and dependent on one another for proper functioning and hence failure of any single unit can result entire system shutdown. This could result in high customer dissatisfaction and they may not be willing to use it the next time. Face recognition is an important factor impacting the success of biometric authentication and any one-point failure could impact the whole system (Zhou et al., 2018).

Answer 4: Below two instances describe how false negatives are significantly higher than false positives.

Instance 1: As we understand from the above portion of this ATM assignment that face recognition plays a critical role in biometrics functionality, users could be in trouble in using this facility during an emergency situation. Important needs of customer may not be correctly identified by the biometric elements leading to customer suffering which is a false negative situation. In addition, incorrect user location and date might be recorded in case of a failure and the identity of the person cannot be determined correctly.

Instance 2: This circumstance relates to a situation where a user is injured seriously and might be facing a near death condition. Taking the case of a heart- attack where the user might not be able to use this facility his or her friends or colleagues might also not be able to assist. These scenarios related to cardiac arrest and other serious medical conditions could lead to permanent physical damage to the users and put their life a great risk. This scenario becomes a false negative and is threatening for the whole firm. The other issue that can arise is related to character less of an individual (Varadarajan & Malpani, 2017). There can be a huge number of illegal actions that can be taken using the biometric.

Answer 5: Simple matrix of transposition ciphertext are as follows -

  1. Counts the letters of a given cipher text
  2. Creation of all possible metrices that relates to the ciphertext length.
  3. Creation of minimum two different matrices of each ciphertext size
  4. Writing the ciphertext row wise for every matrix size [ciphertext has to be written in in one row of matrix and the text will be written in columns]

Checking of reading perpendicular if anything sensible is found

  1. Counting the number of letters in cipher text
  2. Counting the factor of ciphertext length
  3. Creation of all possible matrices for ciphertext length
  4. Writing the ciphertext column-by-column
  5. Consideration of all permutations in ciphertext column
  6. Reading the text column-by-column
  7. Rearrange the text and found if anything sensible

Example:-
Ciphertext: THGNRO RESEEN OAOEWS ODUDE PITMA SNHOP
Here, the count of cipher text is 33
Hence, the possible metrices can be 5*7 or 7*5, 6*6
To fill column by column manner, 6*6 matrix is best suitable here
Hence, the matrix table will be-

As per the explained criteria,
Here we need to read the matrix row by row manner Hence, the text will be TROOPS HEADIN GSOUTH NEEDMO REWEAP ONS
Above message is not meaningful. Hence, if we convert this into plain text and meaningful text it will be TROOPS HEADING SOUTH NEED MORE WEAPONS

Reference List
Hadid, A., Evans, N., Marcel, S., & Fierrez, J. (2015). Biometrics systems under spoofing attack: an evaluation methodology and lessons learned. IEEE Signal Processing Magazine, 32(5), 20-30.

Saxena, S., Vyas, S., Kumar, B. S., & Gupta, S. (2019, February). ATM assignment. Survey on Online Electronic Paymentss Security. In 2019 Amity International Conference on Artificial Intelligence (AICAI) (pp. 756-751). IEEE.

Varadarajan, R., & Malpani, A. (2017). U.S. Patent No. 9,836,741. Washington, DC: U.S. Patent and Trademark Office.

Zhou, B., Lohokare, J., Gao, R., & Ye, F. (2018, October). EchoPrint: Two-factor Authentication using Acoustics and Vision on Smartphones. In Proceedings of the 24th Annual International Conference on Mobile Computing and Networking (pp. 321-336). ACM.