Biometric Technologies Used for Workstation Authentication in Small Enterprises - Essay Example

Question a: biometric technologies tat can be used for workstation authentication in small and medium sized enterprises In the current computing and technology savvy society, the question of security is of vital concern. In small and medium sized enterprises, there are various departments that require optimum security in terms of access and thus require that those who gain access to the equipment especially IT related pass adequate authentication procedures. Biometrics involves recognition of human beings based upon some traits such as in their physique or behaviors. It is a method that can effectively be used for managing ad controlling access through identity. There are various forms of this procedure that can be used. Fingerprints and fingerprint scanners: fingerprint scanners are at least familiar with people. There are various types of fingerprint scanners which serve to secure buildings, computer systems, and data and are also used to log in and out of work. The scanners are connected to a computer through a USB port and allow for easy, quick and accurate transmission of information to the computer. Fingerprints are the ridges and the furrows’ patterns which are evident on a fingertip’s service. The formation of this pattern happens in a fetus. All people including identical twins have differing fingerprints. Likewise, different fingers have different fingerprint patterns. Being the most understood amongst the biometrics, it has been widely used for personal identification for a very long time now and its authenticity has also been well established (Jain et al. 1997). Biometric systems which use fingerprints are incorporated into various applications using solid state sensors which are now being vastly developed. Due to this affordability, there are expectations that fingerprints will be the leading biometrics applications as they can easily allow for identification on a large scale (Jain et al. 1997). However, some people have been against this technology due to its infamous affiliation to the police and criminal investigations. This has made people detest their usage in formal and civilian situations. Due to their requirements of a huge amount of computing resources, small scale use may be deemed unreasonable due to various factors such as age, environment and work (Jain et al. 1997). Facial recognition: this is another biometric technology that has been used in various security demanding situations. In the application of this method, a camera is first used to capture an image of as person. This image is fed to a computer which has special software that is used to analyze some nodal points in the face (Hong and Jain, 1998). These are points that indicate specific distances between various parts of the face like nose to mouth, eye to nose and so on. The created dimensions are then used to come up with a template of the person’s face that is then compared to various other templates of wanted individuals for security concerns (Chellappa, et al.1995). Facial recognition ranges from static shots, controlled movements and dynamic identification against diverse backgrounds. This is an acceptable method with many people due to its non intrusive nature. Various approaches that are applied in this method depend on the shapes and locations of various attributes, their relations and decompositions to various canonical faces. There are however differing restrictions on how the images are by the systems, a factor which has made the task quite a hard one (Chellappa, et al.1995). Question b: tangible and intangible methods used to support customer trust in a website Trust is an essential and very pertinent requirement in E-commerce. It is the responsibility of the website designer to put it in such a way that the trust of the customer will be won. Trust is however quite difficult to measure. On looking at the website in question, www.nationwide.co.uk, there are various ways in which trust has been described, some of which can be termed as tangible and some intangible (Schoder and Yin, 2000). The trust of a customer can be influenced by his positive experience with the site. This experience is gained through ease of use to the site which makes one view the company with more trust and favor looking at the given web page, the site welcomes a person with the option of having an option that saves money to the customer. This case can be viewed as a tangible method considering the direct view of the offer. The other tangible methods that have been applied include the offers on loans, mortgages and other offers which have been displayed on the site in such a simple manner that the person navigating through the site can easily see and click to get more details. This is an enhancement of ease of the website that makes the customer to feel in control (Ajzen, 1991). There is also some intangible methods which are evident on the site that can be used to enhance customer’s experience. It has been previously observed that customers enjoy websites which they feel free to navigate through. They perceive these websites as usable to also as useful. A site which provides additional information about the particular company and also sites that tend to give challenges to the users as they navigate through tend to be enjoyable to the customers. Such a website provides positive experiences to the customers to such an extent that the trust of the customer is won; the website under investigation has been seen to provide additional information such as mortgages, rates of loans, modes of savings and possible difficulties that may arise in the savings. These are factors which tend to motivate the customer and hence win their trust (Friedman and Howe, 2000). They are intangible methods of winning the trust of the customer (Koufaris, 2002). The site has allowed the customer to have direct control of whatever aspect of their account that they require by having links to them. Such are like the links to the savings, investments, and loans and so on. On accessing the site, a user controls his actions by directly accessing whichever part of his account that he requires on logon. This intangible method makes the customer happy and gives him power over the website. The graphical presentation of the site also makes it enjoyable to the customer and thus makes the customer to perceive its usefulness and ease and thus win their trust (Moon and Kim, 2001). Question c: the role of RSA cryptography in the context of SSL/TLS client server protocol SSL/TSL stands for “Secure Sockets Layer (SSL) and Transport Layer Security (TLS)”. This is a set of protocols that is used to provide a secure mode or channel of communication between two nodes in a network. In this case neither of the involved communicating parties has full end to end control of the network and thus it is possible for a third party to intercept the communication lines like in the internet usage. When transmitting data through secure connections, it is important that this data passes the integrity test by ensuring that the delivered data is free from modification and access to third parties. This is made possible through encryption which can either be symmetric or asymmetric. Asymmetric or public key encryption ensures that communication is encrypted between two parties without the parties necessarily negotiating on the public key. RSA is amongst the best known modes where different keys are used to encrypt and decrypt the messages. RSA’s are composed of private and public keys. The public key is free to all parties who are interested whilst the private key is kept securely/privately. The private key can sign or encrypt messages; signed messages are accessible via the public key though encrypted messages are only accessible through the private key. The RSA algorithm has its strength based on two prime numbers which are very long to an extent that it is quite hard to factorize them. The strength of the RSA is directly proportional to the length of the prime factors. This length however affects the speed of processing making the systems a bit slower. Considering the case of Eve intercepting the message being transmitted, the likelihood of her getting the coded message will depend on the size of the prime factors which determines the strength of the cipher. If the algorithm will have used long prime numbers, then it will be less likely for her to decode the message considering that she does not have access to the public key which is shared by the two communicating nodes (RSA Security, 2003). Question d: differences between mono alphabetic substitution ciphers and poly alphabetic substitution ciphers. In mono-alphabetic substitution cipher, the same substitution is used in the whole message. This method is a bit straight forward considering that there are no additional changes despite the length of the message. In this mode of substitution, if a certain letter, say A is replaced by B, the whole message follows this procedure. Another example is where alphabets are shifted by a certain digit to either the left or right (Caesar cipher) (Luciano and Gordon, 1987). A simple method is described below. “Urgent. We require medical evacuation assistance from the combat area”. When the letters are shifted by one digit to the right, the cipher text becomes. “Vshfmu. Xf sfrvjsf nfejdbm fwbdvujpm bttjtbmdf gspn uif dpncbu bsfb” This method can easily be decoded by following the chains or even through guesswork. In poly-alphabetic ciphers, the substitution is changeable in the course of the message. In this case the mode that is applied at the beginning of a message can be change to a different mode at some later parts in the message. Picking the letter case, if B substitutes A in the beginning of the message, the rules or the algorithms can be later changed and has A being substituted by C. there are various modes of this algorithms such as the vegenere cipher, beaufort, auto key and running key ciphers. An example of vegenere cipher is indicated below. In the chart, all the alphabets have been written in the chart with letters shifting to the left (Schneier, 1995). In order to encrypt a message, a keyword is chosen and then the letters of the message compared against the chart such that the intersecting word is chosen (Reinke, 1992). For the previous message that was mono alphabetically encrypted, the corresponding poly alphabetic encryption is as shown below. “Urgent. We require medical evacuation assistance from the combat area” Keywor dk eyword keyword keywordkey wordkeywor dkey wor dkeywo rdke The letters are then compared and their points of intersection taken. In this case we get: Eveaak zo ……………………………………………………………………………… From the above example, the message gets unintelligible though there is no form of substitution that can be easily guessed (Schneier, 1995). References Ajzen, I. (1991), "The Theory of Planned Behavior," Organizational Behavior and Human Decision Processes, Volume 50: 179-211. Chellappa, R, et al. (1995), “Human and machine recognition of faces: A survey”. Proceedings IEEE, 83 (5): 705-740. Friedman, B. and Howe, D. (2000) "Trust Online," Communications of the ACM, Volume 43(12): 34-40. Hong, L. and Jain, K. (1998) "Integrating faces and fingerprints for personal identification," IEEE Trans. Pattern Analysis Machine Intel, Vol. 20: 1295-1307. Jain, A. et al. (1997), “An identity authentication system using fingerprints”. Proceedings IEEE, 85(9): 1365-1388. Koufaris, M. (2002), "Applying the Technology Acceptance Model and Flow Theory to Online Consumer Behavior," Information Systems Research, Volume forthcoming. Luciano, D. and Gordon P. (1987). "Cryptology: From Caesar Ciphers to Public-Key Cryptosystems". The College Mathematics Journal 18 (1): 3. Moon, J. and Kim, Y. (2001), "Extedning the TAM for a World-Wide-Web Context," Information & Management, Volume 38: 217-230. Reinke, C. (1992) "Classical Cryptography". The Classical Journal 58 (3): 114. RSA Security (2003) Rsa cryptography standard. Retrieved 09/03/2011 from http://www.rsasecurity.com/rsalabs/pkcs, 2003. Schneier, B. (1995) Applied Cryptography. Wiley & Sons, second edition. Schoder, D. and Yin, P. (2000) "Building Firm Trust Online," Communications of the ACM, Volume 43 (12): 73-79. Read More