Add to collection(s) Add to saved
  1. No category
Uploaded by Joshua Tembo

jjjj

advertisement 
o
o
QUESTION 1
a. Consider an automated teller machine (ATM) to which users provide a personal
identification number (PIN) and a card for account access. Give examples of confidentiality,
integrity, and availability requirements associated with the system and, in each case,
indicate the degree of importance of the requirement.
Answer 1:
Confidentiality: To access debit or credit cards one must enter a security password which
is available only to authorized users and aimed at further enhancing the level of security.
While securing the PIN of a respective card it is the responsibility of end user to ensure they
use a strong pin. Banks also need to ensure privacy whenever a communication is
happening in between ATM and bank server to prevent hacking. The entire transaction
needs to be properly secured so to avoid any kind of harm or hackers cracking the card pins
and accessing (Ajaykumar & Kumar, 2013).
Proper encryption of PIN ensures that high level of confidentiality is maintained while lack
of attention towards the same could lead to breach of data or customers information.
Moreover, the policy related to changing PIN after regular intervals will help boost the
customers and keep data and information secure.
Integrity: Use of advanced, efficient technology and proper optimization & Collaboration
of ATMs is necessary to ensure their integrity is maintained and customers information is
secure. Both in case of withdraw and deposit, systems must be updated chronologically with
authentic data and does not affect the customer account in any manner. Withdrawals of
money should reflect as debits on the account, deposit of funds would result in credit of
account.
Moreover, a section or committee should be incorporated to handle queries of customers
which are related with mismatch of account due to use of ATM.
Availability: The frequency of ATM should enhance depending upon the demand of the
customers and further should be frequently updated with cash to provide accurate services.
While ATM which is out of service could lead to customer dissatisfaction, that of ATM
with accuracy in services could attract more and more customers.
Answer 2: It is noticed that an ATM machine contains 0-9 numeric key along with some
special key. According to the given scenario, it is identified that the thief already breaks the
5 numeric keys. Therefore, he has the opportunities of making combination for ATM
password that should be followed within the rest 5 keys. As an ATM pin consists 4 number,
it will allow thief in entering 4 digits where the number will be 0000 at lower level and
9999 at higher level because in integer value, 0 is the lowest and 9 is the highest value.
Therefore, the maximum combination will be the following: 5 P 4 = 5! / (5-4)! =5! /1! = (54321)/1=
b. Repeat question a for a telephone switching system that routes calls through a switching
network based on the telephone number requested by the caller.
c. Consider a desktop publishing system used to produce documents for various
organizations.
i. Give an example of a type of publication for which confidentiality of the stored data is the
most important requirement.
ii. Give an example of a type of publication in which data integrity is the most important
requirement.
iii. Give an example in which system availability is the most important requirement.
d. List and briefly define the fundamental security design principles.
QUESTION 2
a. For each of the following assets, assign a low, moderate, or high impact level for the loss
of confidentiality, availability, and integrity, respectively. Justify your answers.
i. An organization managing public information on its Web server.
ii. A law enforcement organization managing extremely sensitive investigative information.
iii. A financial organization managing routine administrative information (not privacyrelated information).
iv. An information system used for large acquisitions in a contracting organization contains
both sensitive, pre-solicitation phase contract information and routine administrative
information. Assess the impact for the two data sets separately and the information system
as a whole.
v. A power plant contains a SCADA (supervisory control and data acquisition) system
controlling the distribution of electric power for a large military installation. The SCADA
system contains both real-time sensor data and routine administrative information. Assess
the impact for the two data sets separately and the information system as a whole.
b. Develop an attack tree for gaining access to the contents of a physical safe.
v. Aristotle
vi. tv9stove
vii. 12345678
viii. dribgib
b. The inclusion of the salt in the UNIX password scheme increases the difficulty of
guessing by a factor of 4096. But the salt is stored in plaintext in the same entry as the
corresponding ciphertext password. Therefore, those two characters are known to the
attacker and need not be guessed. Why is it asserted that the salt increases security?
c. Assuming you have successfully answered the preceding problem and understand the
significance of the salt, here is another question. Wouldn’t it be possible to thwart
completely all password crackers by dramatically increasing the salt size to, say, 24 or 48
bits?
d. For the biometric authentication protocols, note the biometric capture device is
authenticated in the case of a static biometric but not authenticated for a dynamic
biometric. Explain why authentication is useful in the case of a stable biometric, but
not needed in the case of a dynamic biometric.
Related documents
Try to use the ATM during daylight hours.
Try to use the ATM during daylight hours.
www.tutor-homework.com
www.tutor-homework.com
8/8/2009 Discussion Advantages are that you can get money from
8/8/2009 Discussion Advantages are that you can get money from
Phase Diagram Worksheet 2
Phase Diagram Worksheet 2
key
key
Safe and
Safe and
Download
advertisement