Assignment # 01

Introduction to Information Security

Submitted By:
Name: Faheem Qayyum
Reg #: UW-20-CS-BS-106
Semester : 6th
Section: B

Submitted To:
Mrs. Rubab Hafeez
Department of Computer Science
Q1: How many keys are required for two people to communicate via a
symmetric cipher?
Ans: That depends on whether you use a symmetric or asymmetric algorithm. If you use a
symmetric key, it means both people have the same key which has been pre-shared via some
secure means. In that case, only one key is required, both parties in the communication use
the same key to encrypt and decrypt all messages. If you use an asymmetric key algorithm, it
takes at least 4 keys total when sending a message each user will encrypt their message with
the public key of the. Each recipient must then use their private key to decrypt the messages
they receive.

Q2: What is a digital signature?

Ans: A digital signature for an electronic message is created by using a form of
cryptography and is equivalent to a personal signature on a written document. The digital
signature on a message provides a unique electronic binding of the identity of the signer to
the origin of the message.

Q3: A block of plain text is named as Z, draw a symmetric encryption

model with equations.
Ans:
Q4: Imagine you are working in a company, consider developing an
automated teller machine (ATM)to which users provide a personal
identification number (PIN) and a card for account access. In terms of sec
SDLC what are the phases required for development and also give
examples of confidentiality, integrity, and availability requirements
associated with the system and, in each case, indicate the degree of
importance of the requirement.
Ans: In terms of the Secure Software Development Life Cycle the following phases are
typically required for developing an automated teller machine (ATM) system:
1: Planning Phase:
1. Define project scope and objectives.
2. Identify potential risks and security requirements.
3. Develop a project plan.
4. Requirements Gathering Phase:
5. Gather and analyze user requirements.
6. Define functional and security requirements.
7. Identify data types, storage, and access requirements.
2: Design Phase:
1. Create a detailed design of the system architecture.
2. Define the security controls and mechanisms.
3. Develop a security plan and testing strategy.
4. Implementation Phase:
5. Develop and test the system components.
6. Perform code reviews and testing.
7. Implement security controls and mechanisms.
3: Testing Phase:
1. Perform security testing, including penetration testing and vulnerability scanning.
2. Validate that the system meets the functional and security requirements.
3. Identify and resolve any issues or vulnerabilities.
4: Deployment Phase:
1. Deploy the system to the production environment.
2. Conduct user training and awareness.
3. Monitor the system for security incidents and performance issues.
In terms of confidentiality, integrity, and availability requirements associated with an ATM
system, here are some examples and their degree of importance:
Confidentiality:
To access debit or credit cards one must enter a security password which is available only to
authorized users and aimed at further enhancing the level of security. While securing the PIN
of a respective card it is the responsibility of end user to ensure they use a strong pin. Banks
also need to ensure privacy whenever a communication is happening in between ATM and
bank server to prevent hacking. The entire transaction needs to be properly secured so to
avoid any kind of harm or hackers cracking the card pins and accessing. Proper encryption of
PIN ensures that high level of confidentiality is maintained while lack of attention towards
the same could lead to breach of data or customers information. Moreover, the policy related
to changing PIN after regular intervals will help boost the customers and keep data and
information secure.
Integrity:
Use of advanced, efficient technology and proper optimization & Collaboration of ATMs is
necessary to ensure their integrity is maintained and customers information is secure. Both in
case of withdraw and deposit, systems must be updated chronologically with authentic data
and does not affect the customer account in any manner. Withdrawals of money should
reflect as debits on the account, deposit of funds would result in credit of account. Moreover,
a section or committee should be incorporated to handle queries of customers which are
related with mismatch of account due to use of ATM.
Availability:
The frequency of ATM should enhance depending upon the demand of the customers and
further should be frequently updated with cash to provide accurate services. While ATM
which is out of service could lead to customer dissatisfaction, that of ATM with accuracy in
services could attract more and more customers.