Simab Chuhan

Course Work

ID-42903

Explore the fundamentals of security systems concepts, practices and theories in networks and information security. Develop research skills in cryptographic mechanism and biometric access control techniques. Identify and critically evaluate a security system, assess security risks and mitigate risks.

BY Simab Chuhan Student Number: 42903 A Course work submitted in partial fulfillment of the requirements for the degree of MSc Security Technology Course Module: Security System British Institute of Technology & E-commerce 2011 Supervisor: Dr Hasan Al-Saedy

I am submitting Communication security course work as part of my MSc security technology module requirement; I declare that all I submitted my own work and I did use the references for avoiding any cited words to avoid plagiarism.

Signature (handwritten candidate number):____________________________

Date:

British Institute of Technology & E-commerce

Page 1

Simab Chuhan

Course Work

ID-42903

Table of Content
1. Objective.3 2. Introduction...4 3. Fundamental of Security System.5 4. Physical Security...5 5. Risk Management..6 6. Access Control.......7 7. Cryptography.7 8. Business Continuity Planning.8 9. Biometric key Features..9 10. Finger Print.9 11. Face Recognitions.10 12. Retina Scan11 13. DNA11 14. Critical Evaluation12 15. Conclusion.13 16. Bibliography..14

British Institute of Technology & E-commerce

Page 2

Simab Chuhan

Course Work

ID-42903

Objectives: In the field of security technology one most common feature we hear and see everywhere is about biometric security feature, everywhere in government or any other organization it been common now to adopt biometric facilities for their internal and external security. I work on this subject as best of my knowledge and I found it is very vast module in field of security which required time and more research and updates. I did discuss in my research about the basic to advance concepts of biometric features and their implementation in current life. Beside I did also discuss about some cipher system which help to provide security features in biometric data. Security has always been big issue for scientist in any organization because every day they have facing new challenges. The good model of security is provide user to accept the challenges their models are open source but its difficult to crack its take more work more power full tools which takes ages to crack current security but still we can secure our network 99.99% where still 0.1 chance to break. At last I would like to appreciate my advisor Dr Hassan Al-saedy who helps me a lot to work in this research.

British Institute of Technology & E-commerce

Page 3

Simab Chuhan

Course Work

ID-42903

Introduction: Majority of peoples still dont know about what biometric are why its been use for, what the purpose of giving biometric features to government this is the long debate many people still not accepting this just because of their privacy. We will discuss here about what biometrics are how its comes from. The word bio is Greek word which means life and word metrics mean to measure anything. It was been used since last decades because of their significant values in advance computing. The idea of biometric has been used in thousands of years ago its not new. For example human behaviors, one man can recognize other by their face characteristics some time by voice we can recognize them this is just simple example of recognized. in the history of Egypt people are been identified a trusted traders via their physical description their reputation in market was well known, as same as brand conscious those who can use one company products wont go for same product from other organization because their trust relation with the company. Biometric features grown in 20th centuries where business was grown all over the world and computer industries was also going up on their high. In 1858 first hand images has been identified for recording purpose. After few years in 1896 Henry develop a classification for recording fingerprint and been used in US for their prisoners. During 1936 scientist introduce the concept of iris pattern recording for identification the risk is high taking this feature we will discuss further in on iris later. Analyzing the speech recognize first introduce in 1960's. In 1974 hand geometer was available widely for commercial purpose. Furthermore its goes to different types of biometric features, one of advance feature of biometric is DNA. Its unique for identification in every human kind.

British Institute of Technology & E-commerce

Page 4

Simab Chuhan

Course Work

ID-42903

Fundamental of Security System: A fundamental of security science covers many various components in security field. Some of security components such as physical security , Security Risk Management, Access control, Cryptography and security design, Business continuity planning BCP, Network Security, Computer Architecture and application and software system everything is a part of security fundamental in theories and in practice. Physical Security: Organizations are always keen to look for their physical security of assets or even its intellectual property. They always look for guard to those assets some of them look for physical security like guards and CCTV camera controlling etc. but in form of physical security is much more. Like environmental security, threats and vulnerabilities can come from internal or external both required intrusion detection to mitigate the risk. Physical security considers procedures and security methods, fire safety process, controlling atmosphere of the infrastructure. For Key locking and unlocking key distributions structure, securing wall, doors windows, fire exit. Everything which is related to the environment required physical security such as portable device, data copying, keeping eye on entrance and exit etc. below fig shows some basic idea about physical security.

Fig 1[1]

British Institute of Technology & E-commerce

Page 5

Simab Chuhan

Course Work

ID-42903

Risk Management: Risk can be defined as threats calculation which might expected, all types of potential threat to be consider as a risk it could be positive and negative threats. A Risk management works in central part of any organization which can calculate and address the negative impact of an organization. There goals are to focus and identify the risk and treat well if anything harm. They sustain all negative activities and put limitation within an organization. It will take all responsibility all over the organization their including their recruitment process, structure and privacy. Its supports all performance and provide the accountability and efficiency in every level. Risk can be determined as external and internal. It can be rise from internal source or from external source some of these areas can be shown in fig below:

British Institute of Technology & E-commerce

Page 6

Simab Chuhan

Course Work

ID-42903

Fig 2[2] Airmic IRM 2002

Access Control: Every business weather its small or large, big or medium everyone want protect their assets. We still use locks and key to enter into building or houses when we lost our key we are facing expensive replacement such as changing whole lock or ordering new key in loss of accessing we required more effort more time and loss of money. In the same terms accessing the resources of an organization required authentication and authorized users to access those facilities. We are facing challenges in access control system, many researchers are always keen to look for authorized access to check their security, organization also support social engineers who always try to get access for achieving organization goals. some principles are very important role in access control like identification and authentication , what kind of host user is this , does he has right of administrator , can he access on secret files. There is hierarchy set in privacy for top management to local host. Privacy and writes
British Institute of Technology & E-commerce Page 7

Simab Chuhan

Course Work

ID-42903

has been set by network administrators who can control the flow communication channel within organization. Their main three terms for access control where we can get access, one is administrative power, physical access to the object and third one is technical way of access to the object. Some accesses are active which we can find through the session but some of passive attacks were hard to justify. some threats has been consider for access control such as DDOS attack, buffer overflows, Trojans, backdoor trap , brute force attack and social engineering etc. Cryptography: Cryptography is the science in information security technology. The crypto comes from Greek which mean hidden. Cryptography includes methods and techniques to conceal the message in hidden format. Cryptography consists of four objects, confidentiality, integrity, non-repudiation and authentications. Each object has its own classification. 1. Confidentiality: is about the information which must be secure from other even they have but they wont be able to understand the information. a information which is secure from others. 2. Integrity: The information cannot be change or altered between sender and receivers. it is make trust relation between sender and receiver. 3. Non-Repudiation: no one can deny what they said it is a repudiation of message that if sender sends any message to receiver, after that sender cannot be able to deny that he did send the message that is call non repudiation. 4. Authentication: sender and receiver both are confirmed about the identity of source and destination. Business Continuity Planning: Every business required planning to continue their business, which involve all aspects of critical values, and consider all expecting threats. This process is an organization known as business impact analysis. critical function involve in many functions like staff, sales department, distribution department, manufacturer department and IT department etc all these function impact on business continuity. There is many other natural things which can cause business failure such as flooding, fire, Electronic failures etc. any hazard can effect business running process. Business required maintenance, maintenance is not only the objects its also staff and their training, security and application required updates. Every threat and any up and down in business
British Institute of Technology & E-commerce Page 8

Simab Chuhan

Course Work

ID-42903

required analysis and testing, it will help to reduce the risk and provide the acceptance of analyzing reports. Somewhere in an organization required implementation in current process. This cycle is keep running with the help of every function. Below is the simple fig of Business continuity planning model:

Fig3 [3]

Biometric key Features: In form of biometric science there is many keys features for taking unique identification such as finger print, palm geometer, face recognition, iris scan or retina scan, hand geometry, signatures and DNA. In below we will discuss further about some features. Finger Print: A fingerprint is way which provides means of infallible identification for any person. Everyone has their unique biometric identification, this method has been perfectly used for establishing the identification for criminals who has been previously arrested and has been taken their fingerprints. As in computer comparison there are no two people has single finger print found same match in billions of human. In 1986 , Marcello
British Institute of Technology & E-commerce Page 9

Simab Chuhan

Course Work

ID-42903

Malpighi discuss about finger prints which consist of spirals, ridges and loops but he did not mention anything that we could use this as a application tool for identification, but later in 1958 sir William Herschel, who was in India record his finger print and found that this were the unique for every individuals and its also remain permanent as well except in any injuries such as scars or diseases like leprosy etc. disadvantage of finger print is that finger prints can be altered and get the finger prints mark in latent pattern instead of normal finger print DNA finger print is feasible because of it cannot be changed therefore it is very identical. some of practice has been done to crack finger print such as mouth warm air, or warm water in white plastic bag it work because previous finger print marked on the scanner just need some warm air or plastic of water which automatic copying the finger print from the scanner and help to crack the identification therefore it can be broken. DNA finger print is a best replacement. Following are some key figures of finger printing:

Fig 4 [4] Edublogs may 2011 Face Recognitions: Face Recognition its a way which take all characteristics of the face, eyes, nose, lips, ears, forehead, hairs, cheek. Each and every characteristic define in detail matrix of length and size and differentiate the values and record it in digital format which gives the value of binary format and help to detect in matching. The strength of face recognition has ability to leverage existing tools and image processing such as ImageMagik application software. Beside it has also ability to operate without any physical contact with the user and can gain the static images. Some weakness in this method is acquisition environment which can effect on its matching accuracy like static picture not taken proper or dim, or lights and atmosphere effect the picture therefore its been difficult to match pictures. Pictures should be taken in white or grey background its help to detect
British Institute of Technology & E-commerce Page 10

Simab Chuhan

Course Work

ID-42903

the match. Some time physical characteristic has been change which could also cause the matching accuracy. Some of privacy issues also have been raise because of enrollment and identification in private organizations. One of its open source application ImageMagik widely used, their operations allow user to display image in every sectors, converting in different formats and to edit in the images.

Fig 5[5] C005/3230 JAMES KING-HOLMES

These are the all value which taken in facial image processing every single characteristic of face , their size, length, width , distance between one characteristic to other, calcite the depth etc. all values can be record in three dimensions where you can calculate the exact values of each characteristics and help to detect accurate matching images.

Retina Scan:

Retina is a tiny tissue in human which composed of neural cells which is central in the eyes. it is very complex structure which is lines of blood every person's retina is very unique. Even in twins it is hard to detect same match. Retina scan is very high level biometric key feature which authenticate and indentifies the person, NASA and CIA used to take this before but now its common in public sector as well. Its also help in medical field for scanning the eyes because some disease will change the condition of eyes and its blood vessels colors. There are some advantages of retina scan such as their low accuracy in false positive feedback, beside its 0% false negative values. Its not possible that two person has same retinal pattern because of their high reliability. Fast processing in matching, providing the accurate result in less time. Some disadvantages are accuracy of measurement can affect the eyes, people are not accepting this process because of eyes are very high risk tissues in human body therefore its

British Institute of Technology & E-commerce

Page 11

Simab Chuhan

Course Work

ID-42903

not friendly and person has to close to the scanner for proving their retina values. cost was too high for scanning.

DNA:

DNA is a molecule which contains the information of cells. Anything in the cells attached with DNA Code. our DNA provide the information about the cells which cells need to be grown or die, for example our cells give the information about which cells need to be grown for hair color etc. our DNA result resemble to our parent although we are never same like them. Four types of DNA, A,G C and T. these are complete body plan code written in this form. DNA chains are connected via chemical bonds. DNA contained every part of body even in our spit, currently in news that Israel Scientist has been found the DNA Values of spit. some key features are like their Grooves, base pairing, Sense, DNA super coil and their alternate DNA structures and G quadruple are most familiar in current research.

Fig 6[6]

Critical Evaluation: Beside Department of defense DOD standard set the standard of computer security in computing technology. There are four main key figures which is mandatory for critical evaluation in computer security, policy, accountability, assurance and documentation. Policy defines in some mandatory field like who has access to the system, which has the permission to authorize the users for accessing confidential information. How secure physical environment. Creating the access control list ACL which allows hierarchy of user to access in limited object in to the system.
British Institute of Technology & E-commerce Page 12

Simab Chuhan

Course Work

ID-42903

To Accountability for every individual for justify their limits and enforce the organization policy, Such as identification, authentication and auditing. Identify only those who are in the organization. Authentication verifying those who has right to access the information they have to go through the authorization process. Beside its also created the logs of users activity with the help of organizational policy. Auditing which is very high level of accessing to the data only authorizes and authenticated person has to allow auditing the information. Because to Assurance of the physical and software application which is reliable in current model. For example computer hardware such as fire walls, processing power must be upgraded. Applications such as antivirus and firewalls configuring properly, it would help to prevent the attack and low the risk. As surety for continuous processing in future that this system will work some more time unless new threats may come. Documentation final part for critical evaluation of computer security whatever comes as a attack or threats must be record in log for security analyzing. so we can prepare for security threats. Every ligitment session must be recorded if system behaves something incorrect it will divert our attention to the security. We can also get help a security structure of an organization via the documentation which has been previously recorded. Question occurs how to mitigate the risk there are many ways to prevent risk assessment. We already discussed some. To mitigate the risk we have to install antivirus and firewalls, some firewalls are application firewalls and some of them are physical firewall both work the same just physical firewall has more characteristics. Firewall help to block each and every port in network and only those will remain open which is useful. Antiviruses also help to reduce the risk and actively seeking the process of computer.

Conclusion: Biometric provides the security which is the need of the time. It is reliable verification. By the variety of different biometrics we are living in the secure password-less environment. One more thing I have concluded in this is that the building biometric is so expensive and complex. When you are implementing a large scale biometric it needs full attention or you must be careful, because of
British Institute of Technology & E-commerce Page 13

Simab Chuhan

Course Work

ID-42903

the security issues. Increase in complexity is based on several things which are listed below: Protection Restriction in some application to use biometric Data integrity issues Biometric cannot work stand alone Not use biometric when unnecessary. Transparency issues Biometric must be unique system for individual but in group it provides different services and must work 24hr when it needed. Pure balance between security and privacy must be kept in mind before doing installation or operation.

Bibliography 1. Fig 1 taken from http://www.fireking.com/pyramid_physical/5.html 2. Fig 2 taken from a risk management standard, Published

by AIRMIC, ALARM, IRM: 2002. 3. Fig 3 taken from http://en.wikipedia.org/wiki/File:BCPLifecycle.gif 4. Fig 4 taken from lscchelsea.edublogs.org/
British Institute of Technology & E-commerce Page 14

Simab Chuhan

Course Work

ID-42903

5. Fig 5 taken from Biometric facial map C005/3230 JAMES KING-

HOLMES/Science Photo Library 6. Fig 6 taken from http://en.wikipedia.org/wiki/File:DNA_chemical_structure.svg

British Institute of Technology & E-commerce

Page 15