Importance of CIA Triad for information security

Discuss About The Biometric Authentication Technology Trends.

The confidentiality, integrity, as well as availability is known as CIA triad is basically a design that helps to guide the policies for providing security of information involved in an organization. Examples of Confidentiality, Integrity, and availability according to CIA Triad are explained below.

Confidentiality offers privacy to all the data involved in the network of ATM system. The sensitive information is protected from reaching to unauthorized people ad makes sure that the right person gets the right information at the right time. Confidentiality involves access of data only to an authorized person so that they can view their data (Bhagavatula et al., 2015). The data that are stored are to be made confidential and should be categorized with respect to the amount and damage type if are misused by some other person. Example of confidentiality is to ensure the confidentiality to an account number while carrying transaction by an ATM. The data that are to be kept safe involves the process of data encryption ensuring the confidentiality of the data. The passwords and the user ids that are used in an ATM transaction use a two-factor authentication for ensuring the confidentiality of the data (Ghosh et al., 2017). The confidentiality are also included in biometric verification and the security tokens or soft tokens. Confidentiality with extra measures are to be taken in an ATM transaction because the data in are extremely confidential.

The integrity process involves in maintaining the accuracy, consistency and trustworthiness of the data over its lifetime. While transmission, the data must not be changed or altered and corresponding step are to be taken to ensure the data from being changed or altered by some unauthorized people. The measures that are included in integrity are file permission and the access control of the user (Memon, 2017). There are version controls available to protect the data that are changed in an erroneous way or accidental erasing of data by authenticated users. For verification of data integrity, the data contains checksums and cryptography checksums. There are also redundancies and backup processes for the data available.

 Availability ensures to maintain all the hardware so that the hardware performs well repairing the changes that are needed and maintains the functioning of the system correctly. The availability ensures to keep all the system up to date providing a good communication bandwidth and prevent the bottleneck occurrence. The details of the ATM should be available with the user so that the availability of data is not lost. There should be safeguards for protecting the loss of data or any interruptions in the connection. Backup of data is the most important method to make the data available to the user in any case of accidental loss (Thomas, Vinod & Robinson, 2017). Firewalls or proxy servers are also used as an extra equipment of security against the unreachable and downtime data occurred because of malicious attacks such as network intrusion or denial-of-service attacks that can happen with the data.

Confidentiality, Integrity, and Availability

As per the given case in the question, the thief has already broken five keys of the ATM machine and is left with only other five keys. He had also jammed the card reader system of the ATM machine as a result of which the customer was not able to take out his ATM card after the transaction. The transaction done by the customer was successful, which states that the four digit pin number of the customer was within the five keys that were good. For the thief to discover the pin correctly, there are many possibilities. Combining the five digits on the keypad, the thief can generate many four digit pins. The maximum number of pins that the thief can generate is

5!/ (5-4)! = (5 * 4 * 3 * 2 * 1) /  1 = 120 four digit pins.

But, as per the security of the ATM is concerned, the thief will not get 120 times of try to establish a successful transaction. The maximum number of times the thief will be able to enter the pin is three times. Coincidently, if the correct pin comes within the three times of the entered pin, the thief will be successful in collecting the cash (Alsaadi, 2015). Otherwise, after entering the wrong pin three times, the card will be blocked and the customer will get to know about the unauthorized transaction.

1) Helps to reduce the administrative cost: The modern identification of biometric helps to manage the system that consists of hardware and software with easy installation process and easy manageable process. The installation of biometric process and managing its component does not require training as installation process is very easy and manages the cost of maintaining the systems. Other cost are also saved by using the biometric authentication such as issuance of a new IDcard or replacing the damaged or the old ones (De Luca et al., 2015). There are also biometric identification that helps to generate the cost saving for the IT by elimination of consuming the time and the resource that are draining for resetting the password. The biometric authentication also helps the users by not taking extra headache of remembering their passwords and user ids. Every time the user forgets the password, much time and resource is consumed t recover them.

2) Return on Investments is improved: Biometric authentication also ensures enhanced accuracy, reduces changes of misuse, and improves the accountability of the data that are stored in the database (Barbosa & Silva, 2015). The traditional method of identification system mainly depends on passwords, IDs or PINS (Personal Identification Number) of the data that are stored in the system. But the biometric authentication provides a better secure system of identification.

Using Biometric Authentication for Security

3) Provides Security: The biometric authentication provides accountability, convenience, and the data included in biometric system are difficult to forge. A concrete activity for the audit trail is implemented in a biometric identification to secure the identification. all the transaction in a biometric system are recorded clearly and also reduces the misuse of the system. The biometric authentication also adds convenience because the user do not have to remember or carry their id and passwords and are less prone to data breach (Ciuffo & Weiss, 2017). There is no possibility of remembering the password is sharing the password. The data that are stored in the biometric system are very difficult to forge, that is it cannot be changed or altered by some other unauthenticated users. The biometric authentication provides a liveness detection, by which it can identify the fake data from its original data stored in the system database.

The false positive or the false acceptance rate is a measure where the biometric system of security falsely accepts the unauthenticated data as a authenticated one and allows a secure login (Kim et al., 2015). the rate of false acceptance is generally calculated as a ratio between the number of data that is falsely accepted to the number of data that are totally identified. The rates of false negative are more than the rate of false positive rate. In false negative rate, or the false recognition rate, is basically a measure in which the system of biometric security rejects the data of an authenticated user and rejects the attempt that is done by the authenticated user (Chen, Pande & Mohapatra, 2014). The false negative rate is determined by a ration of the number of data that is falsely recognized with the total number of data that is attempted for identification.

There is Caesar cipher method or Caesar substitution method for encrypting or decrypting a cipher text.

NTJWKHXK AMK WWUJJYZTX MWKXZKUHE

In first step, we have to determine the value of all the text according to the numeric value of the alphabet.

Given Text	N	T	J	W	K	H	X	K
Numeric value	14	20	10	23	11	8	24	11

Given Text	A	M	K
Numeric value	1	13	11

Given Text	W	W	U	J	J	Y	Z	T	X
Numeric value	23	23	21	10	10	25	26	20	24

Given Text	M	W	K	X	Z	K	U	H	E
Numeric value	13	23	11	24	26	11	21	8	5

Given Text	N	T	J	W	K	H	X	K
Numeric value	14	20	10	23	11	8	24	11
Key	2	3	4	2	3	4	2	3
Decoded text	12	17	6	21	8	4	22	8

Given Text	A	M	K
Numeric value	1	13	11
Key	4	2	3
Decoded text	23	11	8

Given Text	W	W	U	J	J	Y	Z	T	X
Numeric value	23	23	21	10	10	25	26	20	24
Key	4	2	3	4	2	3	4	2	3
Decoded text	19	21	18	6	8	22	22	18	21

Given Text	M	W	K	X	Z	K	U	H	E
Numeric value	13	23	11	24	26	11	21	8	5
Key	4	2	3	4	2	3	4	2	3
Decoded text	9	21	8	20	24	8	17	6	2

After all the decoded text are generated, the Caesar cipher algorithm of shifting all the vales by 3 is implemented. And then the decoded text and three is subtracted to get the value of the original text. And finally the code is decrypted.

Given Text	N	T	J	W	K	H	X	K
Numeric value	14	20	10	23	11	8	24	11
Key	2	3	4	2	3	4	2	3
Decoded text	12	17	6	21	8	4	22	8
Shift by 3	3	3	3	3	3	3	3	3
Decoded text	9	14	3	18	5	1	19	5
Final text	I	N	C	R	E	A	S	E

Given Text	A	M	K
Numeric value	1	13	11
Key	4	2	3
Decoded text	23	11	8
Shift by 3	3	3	3
Decoded text	20	8	5
Final text	T	H	E

Given Text	W	W	U	J	J	Y	Z	T	X
Numeric value	23	23	21	10	10	25	26	20	24
Key	4	2	3	4	2	3	4	2	3
Decoded text	19	21	18	6	8	22	22	18	21
Shift by 3	3	3	3	3	3	3	3	3	3
Decoded text	16	18	15	3	5	19	19	15	18
Final text	P	R	O	C	E	S	S	O	R

Given Text	M	W	K	X	Z	K	U	H	E
Numeric value	13	23	11	24	26	11	21	8	5
Key	4	2	3	4	2	3	4	2	3
Decoded text	9	21	8	20	24	8	17	6	2
Shift by 3	3	3	3	3	3	3	3	3	3
Decoded text	6	18	5	17	21	5	14	3	25
Final text	F	R	E	Q	U	E	N	C	Y

So, the text after decrypting is

INCREASE THE PROCESSOR FREQUENCY

References

Alsaadi, I. M. (2015). Physiological Biometric Authentication Systems, Advantages, Disadvantages And Future Development: A Review. International Journal Of Scientific & Technology Research, 4(8), 285-289.

Barbosa, F. G., & Silva, W. L. S. (2015, November). Support vector machines, Mel-Frequency Cepstral Coefficients and the Discrete Cosine Transform applied on voice based biometric authentication. In SAI Intelligent Systems Conference (IntelliSys), 2015 (pp. 1032-1039). IEEE.

Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., & Savvides, M. (2015). Biometric authentication on iphone and android: Usability, perceptions, and influences on adoption. Proc. USEC, 1-2.

Chen, S., Pande, A., & Mohapatra, P. (2014, June). Sensor-assisted facial recognition: an enhanced biometric authentication system for smartphones. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services (pp. 109-122). ACM.

Ciuffo, F., & Weiss, G. M. (2017, October). Smartwatch-based transcription biometrics. In Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), 2017 IEEE 8th Annual (pp. 145-149). IEEE.

De Luca, A., Hang, A., Von Zezschwitz, E., & Hussmann, H. (2015, April). I feel like I’m taking selfies all day!: towards understanding biometric authentication on smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (pp. 1411-1414). ACM.

Ghosh, S., Majumder, A., Goswami, J., Kumar, A., Mohanty, S. P., & Bhattacharyya, B. K. (2017). Swing-Pay: One Card Meets All User Payment and Identity Needs: A Digital Card Module using NFC and Biometric Authentication for Peer-to-Peer Payment. IEEE Consumer Electronics Magazine, 6(1), 82-93.

Kim, H., Park, J., Lee, J., & Ryou, J. (2015). Biometric authentication technology trends in smart device environment. In Mobile and Wireless Technology 2015 (pp. 199-206). Springer, Berlin, Heidelberg.

Memon, N. (2017). How Biometric Authentication Poses New Challenges to Our Security and Privacy [In the Spotlight]. IEEE Signal Processing Magazine, 34(4), 196-194.

Thomas, K. P., Vinod, A. P., & Robinson, N. (2017, March). Online Biometric Authentication Using Subject-Specific Band Power features of EEG. In Proceedings of the 2017 International Conference on Cryptography, Security and Privacy (pp. 136-141). ACM.

In first step, we have to determine the value of all the text according to the numeric value of the alphabet.