Question

In: Computer Science

1) Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN)....

1) Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN). Discuss what confidentiality, integrity, availability, authenticity, and non-repudiation refer to in this type of service.
2) Discuss how design principles of abstraction, modularity, and layering help with security.

Solutions

Expert Solution

Hi, Lets dive into the answer,

PART 1

Confidentiality

when we hear about confidentiality the first thing that comes into our mind is protecting information from disclosing it to unauthorized parties. In the modern world, information is one of the most valuable thing such as personal information, credit card details, bank statements, government documents, etc. Everyone needs to make their sensitive information secret, protecting such type of information is a part of information security. thus for an ATM things need to be in confidential are

i) the security pin and the bank details are most sensitive data it must be encrypted with some secured algorithm while communicating with bank

ii) the transmission channel must be secured so that no one attacks/accessing the data(man in the middle attack).

iii) personal details like bank statements must be very much secured so that authorized person can only view such data, for example, some ATMs implements 2 step verification for accessing the user profiles.

Integrity

Integrity refers to protecting the data being modified by any of the unauthorized parties. The data is valuable only if it is correct. In ATM the integrity involves in maintaining the consistency, accuracy, and trustworthiness of the data. the data or information must be secured so that it must not be changed while communicating. It must implement the access controls and permissions so that no unauthorized persons alter the data. data integrity codes must be sent with sensitive data to ensure that the code that is sent is received by the receiver. error codes can be been used to verify the integrity of the data

Availability

Availability ensures that authorized individuals are able to access the information when they needed. Information is said to be valuable only if the right people are accessing it. the factors that affect the availability may be some time some attacks that deny a server on servicing a request(Denial of service attack). Become unavailable may because of some attacks or natural causes. Back up is a key to limit the damage caused by any natural causes that malfunction the hard drives etc. updating and maintaining the latest O.S and performing hardware repairs immediately when needed will set the environment free of conflicts.

ensuring the best bandwidth for communication and preventing the occurrence of conflicts/bottlenecks are very important. failovers, redundancy, and even high-availability clusters can generate serious problems when hardware issues do occur.

This is a triangle showing the relationship between availability, integrity, and confidentiality.

Authenticity

Authenticity in network security is the assurance of a message, transaction, or any other exchange of information is from the source it claims to be from. It involves the proof of identity. The authenticity is verified through authentication. the proof might be anything that verifies the user, it may be a password/PIN number or anything like key card, etc. A modern biometric system can also be used for authentication. Ensuring the best authenticity and authentication system is one of the important requirement for any ATMs because all other traits are attached with authentication. if authentication fails to authenticate then there is no meaning of security,integrity or confidentiality.

Non-repudiation

It refers to a method of guaranteeing message transmission/ transaction between the user and systems(here, banking server) via encryption and/or digital signature. By using a hash, proof of authentic identifying and data origination will be obtained.

Non-repudiation requires the creation of artifacts and it may be used for disputing the claims of entities or organizations that deny being the originator of communication or action. These artifacts consist of:
i) An identity
ii) The authentication of that identity
iii) proof connecting the identified party to a particular communication action or transaction.

Digital signatures (combined with other measures) can set-up non-repudiation when it comes to online transactions. if it is crucial to ensure that a party to a contract or a communication can't deny the authenticity of the signature on a document or sending the communication. In this context, non-repudiation refers to the ability to ensure that a party to a contract or communication must accept the authenticity of their signature on a document or the sending of a message.

PART 2

Abstraction

main goal of Abstraction is to handle complexity by hiding unnecessary details from the user. That enables the user to implement more complex logic on top of the provided abstraction without understanding or even thinking about all the hidden complexity. likewise a user doesn't need to bother on how a data is encrypted and how digital signature is implemented on the data while using an atm.thus he/she is only needed to use the functions provided no need to know how the function is working, it is completed hidden to them.

Modularity

Modularity is a measure of the structure of networks. It was designed to measure the strength of division of a network into modules (also called groups, clusters or communities). Networks with high modularity have very dense connections between the nodes within modules. Modularity is introduced to enhance communication in a faster and efficient way. However, it has been shown that modularity suffers a resolution limit and, therefore, it is unable to detect small communities.

Layering

when 2 remote systems communicate, the subtasks like routing, transmission, packeting, routing, digitization are required. layering is referred to as splitting this kind of tasks to different distinct logical layers or functions. the layering is very much analogous to divide and conquer strategy, where a large problem is split into smaller sub-problems, so to solve them easily.

Please feel free to ask any doubts (if any) regarding the answer.


Related Solutions

A bank operates an automated teller machine (ATM) in which users provide a personal identification number...
A bank operates an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and indicate the degree of importance of each requirement. Short Essay Question
Consider requirements and technology for an analysis of an Automated Teller Machine (ATM) design. Type an...
Consider requirements and technology for an analysis of an Automated Teller Machine (ATM) design. Type an outline out for an ATM system design using the below HCI criteria. Use eye-tracker data to further analyze the product Consider accessibility (universal usability) issues such as lighting, physical placement of ATM, etc. Consider user profile issues, e.g. is this the first time a user is using an ATM? Requirement to perform beta and/or market tests? Are there other stress factors such as a...
using Permutations (nPr) solve: 1. The city plans to upgrade its Personal Identification Number (PIN) for...
using Permutations (nPr) solve: 1. The city plans to upgrade its Personal Identification Number (PIN) for each of its employees. The PIN will consist of 7 characters defined, in three independent categories, as follows: • The first two characters are uppercase letters, no letter to be repeated. • The next three characters are digits, no digit to be repeated. • the last two characters are letters (uppercase or lowercase), but no letter is to be repeated. For example, aA is...
When you use an automated teller machine (ATM) with your bank card, you need to use...
When you use an automated teller machine (ATM) with your bank card, you need to use a personal identification number (PIN) to access your account. If a user fails more than three times when entering the PIN, the machine will block the card. Assume that the user's PIN is "1234" and write a program in python that asks the user for the PIN no more than three times, and does the following: 1. If the user enters the right number,...
IN PYTHON When you use an automated teller machine (ATM) with your bank card, you need...
IN PYTHON When you use an automated teller machine (ATM) with your bank card, you need to use a personal identification number (PIN) to access your account. If a user fails more than three times when entering the PIN, the machine will block the card. Assume that the user’s PIN is “1234” and write a program that asks the user for the PIN no more than three times, and does the following: •If the user enters the right number, print...
Consider an automatic bank machine, known as Automatic Teller Machine (ATM), and a customer who wishes...
Consider an automatic bank machine, known as Automatic Teller Machine (ATM), and a customer who wishes to withdraw some cash from his or her banking account. Draw a UML system sequence diagram to represent this use case.
CASE Study: A Report on Global ATM Frauds The Automatic Teller Machine (ATM) was first commercially...
CASE Study: A Report on Global ATM Frauds The Automatic Teller Machine (ATM) was first commercially introduced in the 1960s. By 2005, there were over 1.5 million ATMs installed worldwide. The introduction of the ATM proved to be an important technological development that enabled financial institutions to provide services to their customers in a 24X7 environment. The ATM has enhanced the convenience of customers by enabling them to access their cash wherever required from the nearest ATM. However, as the...
1. This programming assignment will involve the idea of modern-day banking using an automated teller machine...
1. This programming assignment will involve the idea of modern-day banking using an automated teller machine (ATM). The server-side software maintains a bank account and a user accesses the account via client software. For this program, you can assume that a single account will be accessed by a single user. This avoids synchronization problems with multiple users. There must be two sides to this program: a server and a client. The server maintains the balance and does all updates (withdrawals...
You will write a program using Python that simulates an Automatic Teller Machine (ATM). For this...
You will write a program using Python that simulates an Automatic Teller Machine (ATM). For this program, your code can have user defined functions (but not required), the program must not call on any external functions or modules to handle any of the input, computational, and output requirements. Requirements: There is a customer with the following credential and can only access the system if the Access Code is correct: • Name: Peter Parker, Access Code: 2222 • When the program...
Enter your PIN: The technology company DataGenetics suggests that 17.8 % of all four-digit personal identification...
Enter your PIN: The technology company DataGenetics suggests that 17.8 % of all four-digit personal identification numbers, or PIN codes, have a repeating digits format such as 2525. Assuming this to be true, if the PIN codes of nine people are selected at random, what is the probability that at least one of them will have repeating digits? Round your answer to four decimal places. The probability that at least one of the codes will have repeating digits is
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT