Security Issues With Biometric Authentication And Encryption Methods
- December 21, 2023/ Uncategorized
The CIA Triad and Its Importance in Data Security
1.The CIA, also known as Confidentiality, Integrity, and Availability is the guiding policies that are involved in the maintaining the security of data. The policies that are involved in the CIA triad helps to increase the security process of the organization or a system.
Confidentiality:
- Ensure mainly the confidentiality of data that are transmitting from the sender to the receiver (Bhagavatula et al., 2015).
- Confidentiality helps in increasing the security of the data that are involved in the network.
- Example of confidentiality involves the security of data while a ATM transaction is being taken place.
- The data involved in a ATM transaction should be confidential and the user should have all the data available for the transaction to be successful.
- The data that are carried out with the transaction should be present only with the authenticated user, and no unauthorized user can access it.
- The credentials that are to be kept secret and private generally consist of number on the card, the secret pin number, and the CVV number present on the card (Kim et al., 2015).
- The confidentiality of the data is required to keep the bank details of the customer secret.
- Many processes are available that helps to keep the data confidential.
- Data encryption is one of such processes that can implemented to encrypt the data, and other processes includes to keep a backup for the data that are already present in the network.
Integrity:
- Integrity involves to keep data with the same accuracy with which it was built, the consistency should also be maintained (He & Wang, 2015).
- The data should maintain the integrity to maintain the trustworthiness of the data.
- Data integrity means keeping the data same throughout its life, so that the any transformation of data does not take place.
- The data that are transmitted should be same as that is transmitted by the sender and should receive as the original one when it reaches the receiver (Layton, 2016).
- The permission of the file access should be only available with the user and no other will have permission to access the file.
- Example of data integrity is that the data of the ATM involved should remain same and is not changed by any other accidentally or deliberately.
- There are many redundancy algorithms that helps to keep the data integrated.
Availability:
- The availability of data ensures the data availability with the user.
- The data available with the user should be secured be kept private.
- The data availability also involves in keeping all the hardware and software of the system available with user.
- The system available should be always updated and there should be a backup storage for the data in the system (Chen, Pande & Mohapatra, 2014).
- Firewalls are to be connected as proxy server with the available data.
- The availability of data should be available only with the authenticated user and any other intruder should not get the access of data.
- Biometric authentication is a process by which the data availability can be ensured.
2.There is a security in the ATM system that the pin that is to be entered by a user is maximum of three times (Alaskar, Vodanovich & Shen, 2015). A particular user cannot input the secret pin code of the card more than three times deliberately or accidentally. It is not possible to give the pin more than three times. But in the given question, the thief has already broken five keys of the keypad, and he is only left with five more keys to find out the four digit number. So, the maximum possibilities that the thief has is 5!/ (5-4)! = 120 times. But the security process does not allow the thief to do so. The thief only can enter the pin three times, and if the pin coincidently matches the original pin within three trials, he will be successful in doing the transaction. But, after three wrong trials, he will not be able to withdraw any cash from the card and the card will be blocked (De Luca et al., 2015). There are some security measures also for the situation if the card gets blocked. The user has to call the customer care or will have to wait for maximum of I day to make the card working
3.Many reasons are included in the system of biometric due to which people cannot depends on the biometric fully (Ghosh et al., 2017). Along with many advantages that are provided by the system of biometric authentication, there are many disadvantages as well that the system provides. The risks of carrying out the biometric authentication process involves-
1) Providing Security- The first and foremost advantage that the biometric system promises to keep is the security of data (Memon, 2017). But, the biometric system is not capable of doing so. There are, many security breaches that occurs on system that deals with biometric system. The system included with the biometric is to provide a data that is convenient, is to provide data accountability, and demands that the data are very difficult to copy. But, the system does not provide security to all the data that are present in the system. Many data breach case are there that happens because of data leak from biometric system. The system of biometric provides other errors as well. The system of biometric provides errors that have false acceptance and false rejection. These rates denotes the wrong detection that the system does (Layton, 2016). The system cannot detect an authorized person, or can give access even to an unauthorized person as a authorized one. The system cannot match the database with that of the user.
2) The system of biometric says that the scans of fingerprints, iris, or retina cannot be made duplicate (Brakerski & Vaikuntanathan, 2015). Actually the scenario is not so. There can be duplicate fingerprints made by the attackers and even the iris or retina can be forged. These are the difficulties that the user faces while dealing with the biometric system.
3) The passwords or the user IDs that are used by the user in traditional methods are very easy to make and are not at all difficult to change. On the other hand, changing the prints of the biometric is a very hectic process. Even though, the biometric system is very easy to handle, maintaining is very difficult and time taking. If user forgets the password or the ID, it is usually very easy to recover them, but this is not possible for the system involved in biometric authentication (Farooq et al., 2015). The ID, passwords can be changed remotely, but to change the scanning in biometric, there should be all the scanning hardware present as well as the user will have to be physically present while changing the system. The time to scan is usually high when compared to other authentication system.
Drawbacks of Biometric Authentication
4.The biometric system provides false positive, as well false negative rate that are error types provided by the system of biometric used for authentication. False positive error generally occurs if the biometric system allows an unauthorized user to be an authorized one. This happen when the system depicts that data of an authenticated user similar to that of an unauthenticated one and allows the invalid user to access the data (Kubbo, Jayabalan & Rana, 2016). The false positive rate or the false acceptance rate is calculated by the total number of false positive identification divided by the total number of identification done. False negative is an error that are caused by the biometric system when the system cannot identify a valid user and rejects them as being invalid. The system cannot match the database of the system with the data of the authenticated user. The false negative or the false rejection rate is therefore calculated as the total number of false negative identification divided by the total number of identification (Mosenia & Jha, 2017). Example of false negative is that a company named Microsoft Security Essentials rated a false negative error of thinking that the Chrome Browser is a Zbot malware disabling its employees to download and install the chrome in their systems. From this example, it can be cleared that the false negative rate is basically higher than false positive rate.
5.There are many encryption processes that are involved for encryption process. Processes that are similar to that of the transportation process are Baconian algorithm, Caesar cipher algorithm, columnar transportation, Affine process, and many more (Wolfe, Graham & Simon, 2018).
The question given in this is to decrypt the encrypted cipher text to the original text. The algorithms that are used in this process are substitution method and the Caesar cipher method. The following shows the step of converting the encrypted text to decrypted one.
|
Given Text |
N |
T |
J |
W |
K |
H |
X |
K |
|
|
Numeric value |
14 |
20 |
10 |
23 |
11 |
8 |
24 |
11 |
|
|
Key |
2 |
3 |
4 |
2 |
3 |
4 |
2 |
3 |
|
|
Decoded text |
12 |
17 |
6 |
21 |
8 |
4 |
22 |
8 |
|
|
Shift by 3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
|
|
Decoded text |
9 |
14 |
3 |
18 |
5 |
1 |
19 |
5 |
|
|
Final text |
I |
N |
C |
R |
E |
A |
S |
E |
|
Given Text |
A |
M |
K |
||||||
|
Numeric value |
1 |
13 |
11 |
||||||
|
Key |
4 |
2 |
3 |
||||||
|
Decoded text |
23 |
11 |
8 |
||||||
|
Shift by 3 |
3 |
3 |
3 |
||||||
|
Decoded text |
20 |
8 |
5 |
||||||
|
Final text |
T |
H |
E |
|
Given Text |
W |
W |
U |
J |
J |
Y |
Z |
T |
X |
|
Numeric value |
23 |
23 |
21 |
10 |
10 |
25 |
26 |
20 |
24 |
|
Key |
4 |
2 |
3 |
4 |
2 |
3 |
4 |
2 |
3 |
|
Decoded text |
19 |
21 |
18 |
6 |
8 |
22 |
22 |
18 |
21 |
|
Shift by 3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
|
Decoded text |
16 |
18 |
15 |
3 |
5 |
19 |
19 |
15 |
18 |
|
Final text |
P |
R |
O |
C |
E |
S |
S |
O |
R |
|
Given Text |
M |
W |
K |
X |
Z |
K |
U |
H |
E |
|
|
Numeric value |
13 |
23 |
11 |
24 |
26 |
11 |
21 |
8 |
5 |
|
|
Key |
4 |
2 |
3 |
4 |
2 |
3 |
4 |
2 |
3 |
|
|
Decoded text |
9 |
21 |
8 |
20 |
24 |
8 |
17 |
6 |
2 |
|
|
Shift by 3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
3 |
|
|
Decoded text |
6 |
18 |
5 |
17 |
21 |
5 |
14 |
3 |
25 |
|
|
Final text |
F |
R |
E |
Q |
U |
E |
N |
C |
Y |
References
Alaskar, M., Vodanovich, S., & Shen, K. N. (2015, January). Evolvement of Information Security Research on Employees’ Behavior: A Systematic Review and Future Direction. In System Sciences (HICSS), 2015 48th Hawaii International Conference on (pp. 4241-4250). IEEE.
Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S. M., Cranor, L. F., & Savvides, M. (2015). Biometric authentication on iphone and android: Usability, perceptions, and influences on adoption. Proc. USEC, 1-2.
Brakerski, Z., & Vaikuntanathan, V. (2014). Efficient fully homomorphic encryption from (standard) LWE. SIAM Journal on Computing, 43(2), 831-871.
Chen, S., Pande, A., & Mohapatra, P. (2014, June). Sensor-assisted facial recognition: an enhanced biometric authentication system for smartphones. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services (pp. 109-122). ACM.
De Luca, A., Hang, A., Von Zezschwitz, E., & Hussmann, H. (2015, April). I feel like I’m taking selfies all day!: towards understanding biometric authentication on smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (pp. 1411-1414). ACM.
Farooq, M. U., Waseem, M., Khairi, A., & Mazhar, S. (2015). A critical analysis on the security concerns of internet of things (IoT). International Journal of Computer Applications, 111(7).
Ghosh, S., Majumder, A., Goswami, J., Kumar, A., Mohanty, S. P., & Bhattacharyya, B. K. (2017). Swing-Pay: One Card Meets All User Payment and Identity Needs: A Digital Card Module using NFC and Biometric Authentication for Peer-to-Peer Payment. IEEE Consumer Electronics Magazine, 6(1), 82-93.
He, D., & Wang, D. (2015). Robust biometrics-based authentication scheme for multiserver environment. IEEE Systems Journal, 9(3), 816-823.
Kim, H., Park, J., Lee, J., & Ryou, J. (2015). Biometric authentication technology trends in smart device environment. In Mobile and Wireless Technology 2015 (pp. 199-206). Springer, Berlin, Heidelberg.
Kubbo, M., Jayabalan, M., & Rana, M. E. (2016, September). Privacy and Security Challenges in Cloud Based Electronic Health Record: Towards Access Control Model. In The Third International Conference on Digital Security and Forensics (DigitalSec2016) (p. 113).
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. CRC Press.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. CRC Press.
Memon, N. (2017). How Biometric Authentication Poses New Challenges to Our Security and Privacy [In the Spotlight]. IEEE Signal Processing Magazine, 34(4), 196-194.
Mosenia, A., & Jha, N. K. (2017). A comprehensive study of security of internet-of-things. IEEE Transactions on Emerging Topics in Computing, 5(4), 586-602.
Wolfe, C., Graham, S., & Simon, P. (2018). Securing Data in Transit Using Tunable two Channel Communication. In International Conference on Cyber Warfare and Security (pp. 627-XVI). Academic Conferences International Limited
