Biometrics-Based Authentication Scheme-Free-Samples for Students

Questions: 1.Automated Teller Machines (ATM) are designed so that users will provide a personal identification number (PIN) and a card to access their bank accounts. Give examples of confidentiality, integrity and availability requirements associated in such a system and describe the degree of importance for each requirement. 2.A thief broke into an Automated Teller Machine (ATM) using a screwdriver and was able to jam the card reader as well as breaking five keys from the keypad. The thief had to halt the process of break-in and hide, as a customer approached to use the ATM. The customer was able to successfully enter their ATM card, punch in the 4 digit PIN and was able to draw out some cash. Since the card reader was jammed, the customer was however not able to withdraw the ATM card, and drove off to seek some help. In the meantime, the thief came back and decided to try to discover the customers PIN so that he can steal money from the customer. You are required to calculate the maximum number of PINs that the thief may have to enter before correctly discovering the customers PIN? 3.Thinking about bio-metric authentication, list three reasons why people may be reluctant to use bio-metrics. Describe various ways of how to counter those objections. 4.In bio-metric authentication, false positive and false negative rates can be tuned according to the requirement, and they are often complementary i.e. raising one lowers the other. Describe two circumstances where false negatives are significantly more serious than false positives. Answers: 1.Confidentiality: Confidentiality involves keeping the information secure and protected from some unauthorized person. The information involved in ATM cards has some important values and are to be kept confidential. The users of ATM must keep the credentials of their cards secret so that the information on the card and the security of their bank details are kept safe (Tchernykh et al., 2016). The confidentiality of data can be done by applying encryption method on the information that is to be kept secured. The process of encryption ensures the right person to read the right information. Confidentiality ensures proper encryption and is used in every part of the security where the data is to be kept secured. The credentials of the ATM are to be kept secured so that any third person cannot get the details of the ATM pin. Integrity: From the term integrity, it can be ensured that the information of the ATM card is to be protected from being changed or altered by some unauthorized parties. The information or the data that is in the ATM has values if the information stored in the system is correct. The information transmitting from one network to another should not be tampered (Sumra, Hasbullah AbManan, 2015). With the encryption process, the data integrity is also kept secured. The methods that helps to keep the integrity of the data includes the hashing function. Availability: The data that are available includes that the information that is involved in the ATM transaction process should be available only with the authorized parties and the authenticate users can only access the data. If the right person accesses the information at right time, then only the information is considered to be valid. The availability of the data can also be hampered includes natural disasters and power outages. To ensure availability of data, the information is to be kept as a backup to keep secure from any type of security breach that may occur. 2.Several ways are there by which the thief can identify the pin of the ATM from the remaining pin that are good. The maximum number of possibility that the thief can attempt to get the pin is 5! / (5 - 4)! that is 120 set of pins. The thief can enter all total of 120 times the secret pin. But keeping the security of the ATM, the system of ATM does not allow a user to enter the pin several times. The number of time the pins that can be entered by a user is maximum of three times. After entering the wrong pin three times, the card will be blocked and the thief will not be able to withdraw money from the ATM machine. 3.Three advantages of biometric authentication because of which the users use them for security purpose are: While using the biometric authentication, the user does not have to enter their usernames and passwords multiple times to login their account (Bhagavatula et al., 2015). The biometric helps to replace the password and the user name and is considered to be an alternative to enter the password many times. The second advantage that biometric authentication can provide is the advantage of not remembering the password all the time the user have to login. Biometric systems use physical parts to keep the system secure. So, using the biometric system is the user can login with the body part whose data is stored in the database (He Wang, 2015). The user do not have to remember the password and enter the forgot password page many times that may hamper the security of the system. The third advantage that the biometric authentication provide is accountability to the users. 4.False positive authentication for biometric is basically a technique in which the system accepts a user who is unauthorized as a authorized person (Pinto et al., 2014). The false positive case arise when the system rematches the data of an authorized one similar to that of the unauthorized person. According to many surveys, the rate of false positive is more than the rate of false negative. The rate of false negative is a technique in which the system rejects an authorized person even when its data is present in the database (Hadid et al., 2015). The system cannot match the data of the authorized person with that which is stored in the database. Generally, the percentage of false positive starts from zero whereas the percentage of false negative starts from 0.00066%. 5.The process by which a text encrypted with transposition cipher can be decrypted back is using the columnar transposition method for decrypting it. The given text that is t be decrypted is: NTJWKHXK AMK WWUJJYZTX MWKXZKUHE Text N T J W K H X K Numbers of alphabets 14 20 10 23 11 8 24 11 The key 2 3 4 2 3 4 2 3 Applying the substitution method 12 17 6 21 8 4 22 8 After shifting by Caesar Cipher 3 3 3 3 3 3 3 3 Decoding the text 9 14 3 18 5 1 19 5 The final text decoded I N C R E A S E Text A M K Numbers of alphabets 1 13 11 The key 4 2 3 Applying the substitution method 23 11 8 After shifting by Caesar Cipher 3 3 3 Decoding the text 20 8 5 The final text decoded T H E Text W W U J J Y Z T X Numbers of alphabets 23 23 21 10 10 25 26 20 24 The key 4 2 3 4 2 3 4 2 3 Applying the substitution method 19 21 18 6 8 22 22 18 21 After shifting by Caesar Cipher 3 3 3 3 3 3 3 3 3 Decoding the text 16 18 15 3 5 19 19 15 18 The final text decoded P R O C E S S O R Text M W K X Z K U H E Numbers of alphabets 13 23 11 24 26 11 21 8 5 The key 4 2 3 4 2 3 4 2 3 Applying the substitution method 9 21 8 20 24 8 17 6 2 After shifting by Caesar Cipher 3 3 3 3 3 3 3 3 3 Decoding the text 6 18 5 17 21 5 14 3 25 The final text decoded F R E Q U E N C Y The decrypted text is Increase the Processor Frequency References Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., Savvides, M. (2015). Biometric authentication on iphone and android: Usability, perceptions, and influences on adoption.Proc. USEC, 1-2. Hadid, A., Evans, N., Marcel, S., Fierrez, J. (2015). Biometrics systems under spoofing attack: an evaluation methodology and lessons learned.IEEE Signal Processing Magazine,32(5), 20-30. He, D., Wang, D. (2015). Robust biometrics-based authentication scheme for multiserver environment.IEEE Systems Journal,9(3), 816-823. Pinto, J. R., Cardoso, J. S., Loureno, A., Carreiras, C. (2017). Towards a Continuous Biometric System Based on ECG Signals Acquired on the Steering Wheel.Sensors,17(10), 2228. Sumra, I. A., Hasbullah, H. B., AbManan, J. L. B. (2015). Attacks on security goals (confidentiality, integrity, availability) in VANET: a survey. InVehicular Ad-Hoc Networks for Smart Cities(pp. 51-61). Springer, Singapore. Tchernykh, A., Schwiegelsohn, U., Talbi, E. G., Babenko, M. (2016). Towards understanding uncertainty in cloud computing with risks of confidentiality, integrity, and availability.Journal of Computational Science