Question

Task

This assessment aims to develop and gauge student understanding of the key topics covered so far by answering the following questions. Answering these questions will help you build some understanding for the next assessment item as well as for the entire subject. It is expected that answers to the assignment questions be succinct (i.e. precise and concise) with all sources of information fully referenced as per APA referencing style. You have to reference the text book and any additional material you have used in your answers.

Note that the guide for APA referencing is provided in the resources section of Interact site of this subject.

Answers MUST be written in your own words. If an answer contains more than 10% direct quote (referenced or unreferenced), 0 marks will be awarded for this question. One or two sentence answers will be too short and only receive low marks. Answers longer than 1.5 pages (12 point font, single line spacing) may incur a penalty if too much non-relevant information is stated. For mathematical questions it is expected that you show intermediate steps of your working. Just stating the correct solution will result in low marks, on the other hand if the working is correct and you only made minor mistakes, you will still be awarded marks, even though the final answer is wrong.

Question 1   [5 Marks]

Automated Teller Machines (ATM) are designed so that users will provide a personal identification number (PIN) and a card to access their bank accounts. Give examples of confidentiality, integrity and availability requirements associated in such a system and describe the degree of importance for each requirement.

Question 2   [5 Marks]

A thief broke into an Automated Teller Machine (ATM) using a screwdriver and was able to jam the card reader as well as breaking five keys from the keypad. The thief had to halt the process of break-in and hide, as a customer approached to use the ATM. The customer was able to successfully enter their ATM card, punch in the 4 digit PIN and was able to draw out some cash. Since the card reader was jammed, the customer was however not able to withdraw the ATM card, and drove off to seek some help. In the meantime, the thief came back and decided to try to discover the customer’s PIN so that he can steal money from the customer. You are required to calculate the maximum number of PINs that the thief may have to enter before correctly discovering the customer’s PIN?

Question 3   [5 Marks]

Thinking about bio-metric authentication, list three reasons why people may be reluctant to use bio-metrics. Describe various ways of how to counter those objections.

Question 4   [5 Marks]

In bio-metric authentication, false positive and false negative rates can be tuned according to the requirement, and they are often complementary i.e. raising one lowers the other. Describe two circumstances where false negatives are significantly more serious than false positives.

Question 5 [10 Marks]

Transposition is one known method of encrypting the text. What can be one way that a piece of cipher text can be determined quickly if it was likely a result of a transposition? Utilising some of the decryption techniques (substitution and others) covered in the subject so far, you are required to decipher (find the plain text) the cipher text that will be provided to you closer to the assessment due date via the subject site. In order to present your solution, you need to demonstrate and explain the steps taken to decipher this text.

Answer 1

1)

Confidentiality:

• The details of the user need to be confidential
• like credit card details
• personal account details
• Debit card details
• User PIN

Integrity:

• The transactions need to be consistent and error-free

Availability:

• The machine needs to be available when the user needs money
• for transactions, the machine should be responsive.

the degree of importance is high for confidentiality, then integrity and then comes the availability.

2)

The following is the calculation to find the maximum number of PINs that the thief may have to enter before correctly discovering the customer’s PIN:

• PIN is a 4-digit number. The maximum number of PIN’s the thief can enter in a single digit of the PIN is 10 {0,1,2,3,4,5,6,7,8,9}.

• The maximum number of PIN’s the thief can enter can be calculated as follows:

• Each digit of the PIN can be filled with any of the 10 numbers.

• 10*10*10*10 = 10000.

• It is provided that the thief broke 5 keys in the keypad.

• The maximum number of PIN’s the thief can enter after breaking 5 keys in the keypad can be calculated as follows:

• Each digit of the PIN can be filled with any of the 5 numbers.

• 5*5*5*5 = 625.

Therefore, maximum number of PINs that the thief may have to enter before correctly discovering the customer’s PIN is 625.

3)

Biometrics Biometrics is the authentication on the basis of common physical characteristics of human body Till now, the biometric authentication is considered to be the most robust. It includes features that are unique to an individual but present in every human body, the features such as finger print, retina, iris can be identified uniquely. Authentication with biometrics has an advantage over other mode, since these data cannot be lost, forged, or cannot be stolen. The authentication is always available

The user may hesitate to use the biometrics authentication due to the reasons given below Cost factor The biometrics recognition involves complex computation procedures. It involves reading the authentication feature and then it derives a specific and unique pattern in relation to every user Now, the data are stored in the database and further processing is done. The complex procedure requires high computation and fine accuracy. Thus, increasing the device's cost. With the growing use of the Biometrics, the cost will reduce substantially Point of failure A time may occur when the system might face problems like the authentication of the valid user is invalidated, like while signing-in to a system the biometrics machine invalidates the user finger print. The user has no option since he cannot change or issue a new finger. To avoid this problem, the device should be of good quality and different samples should be provided to have maximum information about the features Accuracy There will be cases when due to throat infection voice may get choked, at that time the user authentication features does not match with the stored pattern hence it authenticates the user. This scenario is very common, which creates some reluctance in the user's mind for using biometrics. A presage filter device to filter the qualities of the authentication feature can be used.

4)

False negative authentication False positive rate is the situation when an unauthenticated user identity is accepted, which should have been rejected while the false negative rate is the situation when the authenticated user is rejected when it should have be accepted. False positive and false negative are the complementary situation. They share an inverse relation, so as the rate of false positive authentication increases, the rate of false negative authentication decreases and vice versa.

Generally, the false positive rate has higher consequences than the false negative. The examples where the false negative authentication plays the crucial role are given below: Example1 Consider a person, in an unknown place and he has to pay at the petrol pump. He has no cash so he went to ATM, there he found that his authentication was not accepted due to which he cannot perform the transactions. Example2 In the nuclear reactor there may arise some emergency situation where the whole system need to shut down. A scram is used in this situation, it is the emergency shutdown of the system. In this system electronic sensor gadgets are used to scan the user authentication. The system shuts down within seconds as the authentication get validated. In this situation if the user is falsely rejected by the authenticating system than it will leads to a disastrous situation. Hence, in situation like these false negatives are more serious than the false positives.

5)

If the cipher is transposition cipher then try all the types of transposition cipher with their variant to decode the cipher.

Cracking simple matrix transposition ciphers:

1. First count the letters of the ciphertext
2. Create all the possible matrices corresponding to the length of ciphertext. Create at least two matrices of each size.
3. For every matrix size, write ciphertext in rows in one matrix and on other matrix, write        the ciphertext in columns.
4. Check if anything sensible is found by reading perpendicular to how the ciphertext were put in.

Cracking Column-scrambled matrix transposition ciphers:

1. Count the number of letters present in the ciphertext and factor the length of ciphertext.
2. Create all the possible matrices corresponding to the length of ciphertext.
3. Write down the ciphertext in the matrix column-by-column manner.
4. For each matrix, consider all permutations of the columns.
5. Check if anything sensible is found by rearrange the matrices. Read the text off in the row-by-row manner.

Example Ciphertext: THGNRO RESEEN OAOEWS ODUDE PITMA SNHOP LENGTH OF CIPHERTEXT IS 33 Possible matrices are 6*6. 7*5 and 5*7 Trying The Matrix 6 *6 matrices, filling the ciphertext column-by-column manner is as follows TROO P S HE A DI N GSOUT H NE E D M O REWE A P ON S Now, reading the matrix in the row-by-row manner The message obtained is as follows: TROOPS HEADING IN SOUTH NEED MORE WEAPONS The above message in meaningful. Hence, the plaintext is TROOPS HEADING IN SOUTH NEED MORE WEAPONS