Introduction to CIA Security Triad

The confidentiality, integrity, and the availability of the data is also by CIA traid, which is a model mainly designed to maintain the laws and policies of information security in the system. Confidentiality involves some set of rules that generally limits the access of the information. Integrity ensures assurance of accuracy and trustworthy, that is to be provided with the information that is available. And availability in the security triad guarantees the true access of the information that is available is with the authorized person only. The details of the triad are detailed below:

Confidentiality:

• Confidentiality ensures of providing privacy of data.
• All the sensitive information related with the system is to be stored safely and kept secured with all type of information breach that can take place.
• In an ATM system, there can arise many chances for getting the data in the wrong hand. Confidentiality ensures such type of protection (Rao & Nayak, 2014).
• The data can be only be viewed by the authorized user.
• The security risks that are involved with the system is maintain by the confidentiality measure.
• Example of confidentiality includes to keep the account number of an account as a confidential one while dealing with the online banking transactions.
• The most common measure that can be taken to keep the data confidential is by implementing the data encryption method to the system (Raspotnig, Karpati & Opdahl, 2017).
• Many other systems can also help to keep the data confidential is by using the biometric authentication, security tokens, soft tokens or many other methods to keep the data confidential.

Integrity:

• The integrity process keeps the data consistent, accurate, and also maintains the trustworthiness of all the information that follows the integrity measure.
• Integrity ensures the information that are with the user does not change and remains same throughout the life of the data (Salnitri, Dalpiaz & Giorgini, 2017).
• Any other outsider cannot change the content of the information or data.
• Data integrity mainly happens at the time of data breach and consecutive measures have to taken to secure data integrity.
• Example of data integrity is when transaction is taking place in an ATM, the pin or the secret credentials should not be shared or changed by someone other present in the ATM line or by someone else (Kubbo et al., 2016).
• Many integrity measures can be taken to secure data integrity. The processes can be checksum process, cryptographic algorithms, and many more.
• Backups can also be arranged to maintain the data integrity.

Availability:

• All the hardware and the software that are required for a successful transaction should be made available with the system.
• Availability also ensures maintaining all the components that are involved with the system and repairs immediately when needed (Beng et al., 2018).
• Availability also helps to keep all the system upgraded so that the user do not face any problem while transaction process is on the way.
• Example of availability involves that the secret information that are needed for a successful ATM transaction is to be available with the user while proceeding with the transaction.
• There can also be safeguards that can be implemented with the data loss that can happen with the availability of data.
• The data that are confidential can be kept in another place as a backup storage such that appropriate measures can be taken while there is denial-of-service attack.

The security that is provided by the ATM machine ensures security to the data that in included with the system (Farooq et al., 2015). The security that is provided by automated teller machines is that if the user enters the pin wrong three times consecutively, either deliberately or accidentally, then the card gets locked and the customer will not be able to proceed with the transaction. Once the card gets locked, a security alert is send to the registered phone number or email id of the customer. The customer will not able to proceed with the transaction if the card is blocked. Once two-time wrong pin is input in a transaction, then the machine shows an alert about only a single attempt is left with the user to put the pin correctly. Even if the customer is not able input the pin correctly, then the card gets locked. Once the card gets locked, the user can call the customer care of the bank to unlock the card immediately or another way is to wait for 24 hours till the card gets unlocked. Only after 24 hours, any kind of transaction is possible with that card.

In the case that is stated in the question states that a thief broke in an ATM machine and was successful in spoiling five keys of the keypad. The ATM keypad is used for entering the security pin of the account associated with the ATM card. In the question, the thief broke down the card reader, and also broke down five keys of the ATM machine. While he was continuing with this work of breaking down other keys as well, a customer stopped at the ATM for transaction (Cooper & Zywicki, 2017). The customer was able to collect cash successfully from the ATM machine. But, as the card reader was jammed, the customer could not take out the ATM card from the card reader. The customer went out to fetch some help from someone outside, in the meanwhile the thief thought of giving some attempts for the pin of the card so that he can take out some amount of cash from the ATM. With the five digits on the keypad working, the thief can find out many combination of four-digit number. The total possible outcomes are:

ATM Security Measures

⁵P₄ = 5 * 4 * 3 * 2 = 120 total possible outcome the thief attempt. But, as discussed earlier, the security associated with the ATM does not allow the user to give 120 tries to find out the pin. Maximum of three times, the thief can try the pin number to make the transaction successful. Otherwise, the card will be locked and will only get unlocked on the approval from the client. And if the thief is lucky enough to coincidently match the ATM pin within the three attempts, then he will be able to successfully collect the cash from the ATM.

Many disavantages that are provided by biometric authentication system. The disadvantages of biometric system for authentication for which people find this process of security as a reluctant one are as follows:

1. a)Versatile and Convenient- The security that is promised by the biometric system of authentication are convenient (Hajare et al., 2018). But, the system do not provide security of service. The system can be managed easily and also can be maintained easily. The users or the organizations that uses the system of biometric system for authentication can use the system very easily (Risodkar et al., 2017). The biometric system also helps its user by excluding the headache of remembering the passwords, keeping a badge of data or cards for identification with the authenticate user all the times. The system of using the biometric system is very convenient for all those personnel who are involved for managing the system (Haupt & Mozer, 2015). The biometric system is very versatile, with many available scanners of biometric that are used in different kinds of application. The personnel who are involved in the system do not have to take the headache of changing the password every time a user forgets the password. Burden of changing of old ID cards also can be mitigated by involving the system of biometric (Rahim, 2016). The system is very versatile with different types of checkpoints on security that includes exits and entrance from doorways for making the system more secure.
2. b) Accountability- The biometric system of authentication ensures the identification to be more accurate, and all the risks that are involved in the data breach can also be mitigated by the biometric authentication system (Kim et al., 2015). But, attacker finds many ways to copy the fingerprint, iris, or scan the retina of a human. The access to the system is done not by putting the passwords or by some smart cards. The authentication of biometric is basically done by scanning of iris, fingerprints, or with some different parts of the body that are basically difficult to copy (Meng et al., 2015). To copy the physical part of a body is usually very difficult making the system a highly secured one. All the personnel of a user is basically connected when the logging is done by a biometric system that are usually not prone to security data breach.
3. c) Provides a strong security- The biometric system is not at all secure. The biometric system is a system that is to provide a strong security for the authentication system. But, always data breach occurs with the data involved in biometric authentication. The system is very efficient as less time is consumed by the system to authenticate the original users (Alsaadi, 2015). With the help of biometric, the authentication is that is done is very secured and save a lot of time as well as money for logging purpose. The systems designed for the biometric authentication have very easy design and generally gives exact and accurate result with less effort. Involving a good system provider, installing the process is very useful and can be managed very easily. The biometric does the system of authentication within a few seconds. Along the less amount of time, the accuracy that is provided by the system is very high (Bhagavatula et al., 2015). The biometric works with physiological features that is unique for every person on earth. So, the data of biometric cannot be stolen, changed or cannot be shared in biometric authentication. It makes easy detectable of person using the predefined data that are stored in the system database (Hadid, 2014). By this, this system provides a high secure and stable system for the purpose of authentication. The data stored in the database are difficult to forge and cannot be made duplicate. The biometric system includes liveness detection that generally cannot be made fake.

False positive or false acceptance basically happens when the system of authentication mistakenly identifies one to be someone else (French et al., 2015). This is considered as a error of authentication. When a system of biometric authentication cannot recognize the difference between an authenticated user and an unauthorized user, it is generally known to be a false positive error. False negative or false rejection is an error occurred in biometric system of authentication is basically when a system rejects the authentication of an authorized user (Yuan, Sun & Lv, 2016). The biometric system cannot detect the person is an authenticated one, and simple rejects its access. The data of that person is stored in the database, but still the system is unable to detect it. The system is gives wrong result, which is a negative match with the result. People generally get confused about this authentication process (Karabina, K., & Robinson, 2016). From the organization instances, it can be said that false negative rate is much higher than the false positive rate. Two instances show how the false negative rate is higher than false positive rate.  

An example of false rejection error is that, in 2011 October, the Microsoft Security Essentials made false acceptance error of thinking the Chrome Browser as a Zbot malware and then the company deleted the whole browser (Holz, Buthpitiya & Knaust, 2015). When employees of the company tried to install Google Chrome on their systems, the system would totally delete the application as the company detected it as a false accepted site. Another instance, which shows that false positive case, is that there are high percentages of vulnerabilities that are discovered that are actually false positive.  An emerging technique for securing the software development is done by static code analysis that are analyzed by larger software code.

Disadvantages of Biometric Authentication Systems

There are many ways that can detect the cipher text. Similar to transportation method, other methods that are used to encrypt and decrypt a cipher text are Baconian method, Caesarian shifting method, substitution method, Double transportation method, columnar transposition method, Affine method and many more (Hadid et al., 2015).

The text that is given to decrypt is NTJWKHXK AMK WWUJJYZTX MWKXZKUHE

The methods that are used to decrypt the key is substitution method and Caesar cipher method (Jain, Dedhia & Patil, 2015). The first step is calculated by calculating the numeric value of the text. The step is shown as follows.

Text given	N	T	J	W	K	H	X	K
Numeric value from the alphabets	14	20	10	23	11	8	24	11

Text given	A	M	K
Numeric value from the alphabets	1	13	11
Text given	W	W	U	J	J	Y	Z	T	X
Numeric value from the alphabets	23	23	21	10	10	25	26	20	24

Text given	M	W	K	X	Z	K	U	H	E
Numeric value from the alphabets	13	23	11	24	26	11	21	8	5

In second step, the key is applied to the full text in a continuous way. And then the substitution process is done by subtracting the key value from numeric value (Oktaviana & Siahaan, 2016).

Text given	N	T	J	W	K	H	X	K
Numeric value from the alphabets	14	20	10	23	11	8	24	11
Key given in the question	2	3	4	2	3	4	2	3
Text decoded	12	17	6	21	8	4	22	8

Text given	A	M	K
Numeric value from the alphabets	1	13	11
Key given in the question	4	2	3
Text decoded	23	11	8

Text given	W	W	U	J	J	Y	Z	T	X
Numeric value from the alphabets	23	23	21	10	10	25	26	20	24
Key given in the question	4	2	3	4	2	3	4	2	3
Text decoded	19	21	18	6	8	22	22	18	21

Text given	M	W	K	X	Z	K	U	H	E
Numeric value from the alphabets	13	23	11	24	26	11	21	8	5
Key given in the question	4	2	3	4	2	3	4	2	3
Text decoded	9	21	8	20	24	8	17	6	2

After substitution process, the Caesar cipher shift by 3 shift is done and the numeric value is achieved by subtracting three digits from the  decoded substituted text (Purnama & Rohayani, 2015).

Text given	N	T	J	W	K	H	X	K
Numeric value from the alphabets	14	20	10	23	11	8	24	11
Key given in the question	2	3	4	2	3	4	2	3
Text decoded	12	17	6	21	8	4	22	8
Shift by 3 by Caesar Cipher	3	3	3	3	3	3	3	3
Decoded numeric number	9	14	3	18	5	1	19	5
Result	I	N	C	R	E	A	S	E

Text given	A	M	K
Numeric value from the alphabets	1	13	11
Key given in the question	4	2	3
Text decoded	23	11	8
Shift by 3 by Caesar Cipher	3	3	3
Decoded numeric number	20	8	5
Result	T	H	E

Text given	W	W	U	J	J	Y	Z	T	X
Numeric value from the alphabets	23	23	21	10	10	25	26	20	24
Key given in the question	4	2	3	4	2	3	4	2	3
Text decoded	19	21	18	6	8	22	22	18	21
Shift by 3 by Caesar Cipher	3	3	3	3	3	3	3	3	3
Decoded numeric number	16	18	15	3	5	19	19	15	18
Result	P	R	O	C	E	S	S	O	R

Text given	M	W	K	X	Z	K	U	H	E
Numeric value from the alphabets	13	23	11	24	26	11	21	8	5
Key given in the question	4	2	3	4	2	3	4	2	3
Text decoded	9	21	8	20	24	8	17	6	2
Shift by 3 by Caesar Cipher	3	3	3	3	3	3	3	3	3
Decoded numeric number	6	18	5	17	21	5	14	3	25
Result	F	R	E	Q	U	E	N	C	Y

 
The result is Increase The Processor Frequency

References

Alsaadi, I. M. (2015). Physiological Biometric Authentication Systems, Advantages, Disadvantages And Future Development: A Review. International Journal Of Scientific & Technology Research, 4(8), 285-289.

Beng, T. C., Hijazi, M. H. A., Lim, Y., & Gani, A. (2018). A survey on Proof of Retrievability for cloud data integrity and availability: Cloud storage state-of-the-art, issues, solutions and future trends. Journal of Network and Computer Applications.

Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., & Savvides, M. (2015). Biometric authentication on iphone and android: Usability, perceptions, and influences on adoption. Proc. USEC, 1-2.

Cooper, J. C., & Zywicki, T. J. (2017). A Chip Off the Old Block or a New Direction for Payment Cards Security? The Chip & PIN Debate, Apple Pay, and the Law & Economics of Preventing Payment Card Fraud.

Farooq, M. U., Waseem, M., Khairi, A., & Mazhar, S. (2015). A critical analysis on the security concerns of internet of things (IoT). International Journal of Computer Applications, 111(7).

French, P., Foulkes, P., Harrison, P., Hughes, V., San Segundo, E., & Stevens, L. (2015). The vocal tract as a biometric: output measures, interrelationships, and efficacy. In Proceedings of the 18th International Congress of Phonetic Sciences (ICPhS).

Hadid, A. (2014). Face biometrics under spoofing attacks: Vulnerabilities, countermeasures, open issues, and research directions. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops (pp. 113-118).

Methods of Decrypting Cipher Text

Hadid, A., Evans, N., Marcel, S., & Fierrez, J. (2015). Biometrics systems under spoofing attack: an evaluation methodology and lessons learned. IEEE Signal Processing Magazine, 32(5), 20-30.

Hajare, U., Mahajan, R., Jadhav, S., Pingale, N., & Salunke, S. (2018). Efficient Cash Withdrawal from ATM machine using Mobile Banking.

Haupt, G., & Mozer, T. (2015). Assessing biometric authentication: a holistic approach to accuracy. Biometric Technology Today, 2015(3), 5-8.

Holz, C., Buthpitiya, S., & Knaust, M. (2015, April). Bodyprint: Biometric user identification on mobile devices using the capacitive touchscreen to scan body parts. In Proceedings of the 33rd annual ACM conference on human factors in computing systems (pp. 3011-3014). ACM.

Jain, A., Dedhia, R., & Patil, A. (2015). Enhancing the security of caesar cipher substitution method using a randomized approach for more secure communication. arXiv preprint arXiv:1512.05483.

Karabina, K., & Robinson, A. (2016, August). Revisiting the False Acceptance Rate Attack on Biometric Visual Cryptographic Schemes. In International Conference on Information Theoretic Security (pp. 114-125). Springer, Cham.

Kim, H., Park, J., Lee, J., & Ryou, J. (2015). Biometric authentication technology trends in smart device environment. In Mobile and Wireless Technology 2015 (pp. 199-206). Springer, Berlin, Heidelberg.

Kubbo, M., Jayabalan, M., & Rana, M. E. (2016, September). Privacy and Security Challenges in Cloud Based Electronic Health Record: Towards Access Control Model. In The Third International Conference on Digital Security and Forensics (DigitalSec2016) (p. 113).

Meng, W., Wong, D. S., Furnell, S., & Zhou, J. (2015). Surveying the development of biometric user authentication on mobile phones. IEEE Communications Surveys & Tutorials, 17(3), 1268-1293.

Oktaviana, B., & Siahaan, A. P. U. (2016). Three-Pass Protocol Implementation in Caesar Cipher Classic Cryptography. IOSR Journal of Computer Engineering (IOSR-JCE), 18(4), 26-29.

Purnama, B., & Rohayani, A. H. (2015). A New Modified Caesar Cipher Cryptography Method with LegibleCiphertext From a Message to Be Encrypted. Procedia Computer Science, 59, 195-204.

Rahim, M. R. (2016). Implementation of biometric authentication methods for home based systems (Doctoral dissertation, Cardiff Metropolitan University).

Rao, U. H., & Nayak, U. (2014). Physical Security and Biometrics. In The InfoSec Handbook (pp. 293-306). Apress, Berkeley, CA.

Raspotnig, C., Karpati, P., & Opdahl, A. L. (2017). Addendum to:” Combined Assessment of Software Safety and Security Requirements-An Industrial Evaluation of the CHASSIS Method”.

Risodkar, Y. R., Pawar, A. B., Chavanke, S. N., & Pawar, A. S. (2017). ATM Authentication with Enhance Security Using GSM. Journal of Science and Technology (JST), 2(5), 01-05.

Salnitri, M., Dalpiaz, F., & Giorgini, P. (2017). Designing secure business processes with SecBPMN. Software & Systems Modeling, 16(3), 737-757.

Yuan, C., Sun, X., & Lv, R. (2016). Fingerprint liveness detection based on multi-scale LPQ and PCA. China Communications, 13(7), 60-65.