This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Task A: The Metropolitan Police Service in UK is one of the largest organisations in which more than 45,000 employees work. These employees are fitted in different job roles. Different employees have different jobs to perform and for this they should have access to different databases and internal systems within the crime reporting system.[breo: sdc learning materials cis008-6]
Access to highly sensitive and vital information can't be given to all the staff working with the MPS, as security is the major concern. And also the workforce keeps changing as new staff gets recruited. Some employees may change posts within the system or some may leave. Hence, the access given to the personnel will be constantly changing and keeping track of all this becomes a major issue to the administration. [breo: sdc learning materials cis008-6]
A better technology which can create a single unique, effectively managed, identity for each individual by synchronising the users' identities for the disparate systems was needed. Siemens leading LDAP/X.500 Directory server DirX served this purpose. Using DirX, MPS was able to synchronise the data in different databases. Once a single identity has been established, the DirX solution allows administrators to create a globally unique electronic identity for joiners, remove permissions for leavers and make changes to access levels when staff either move posts within the MPS or take on additional responsibilities. They can manage account provisioning and de-provisioning centrally and easily, whilst knowing that updates will be automatically and immediately reflected throughout all the different target systems. [breo: sdc learning materials cis008-6]
Another solution in computer systems security- an approach to restrict system access to authorized users is called Role-Based Access Control (RBAC). In the RBAC framework, users are granted membership into roles based on their responsibilities in the organization. The operations that a user is permitted to perform are based on the user's job role. Role associations can be established when new operations are instituted, and old operations can be deleted as organizational functions change .This simplifies the administration and management of privileges; roles can be updated without updating the privileges for every user on an individual basis.
In RBAC administrators are provided with the capability to regulate who can perform what actions, when, from where, in what order, and in some cases under what relational circumstances: only those operations that need to be performed by members of a role are granted to the role. In an organization, roles are created for various job functions. The permissions to execute these functions are assigned to specific roles. Members of the MPS are assigned specific roles, and through those role assignments acquire the privileges to perform meticulous system operations. [David F. Feraiolo and D. Richard Kun, "Role-Based Access Controls," NSA National Computer Security Conference, Baltimore, Maryland, October 13-16, 1992.]
The biometric technology plays a vital role in the authentication of an individual. The biometrics, exploit'sthe human behavioral and physical traits to identify a person. The physiological characteristics are DNA, finger-vein, hand geometry, palm-vein, fingerprint, face, and iris recognition. Behavioral are associated to the behavior of an individual like voice, signature, study of keystroke, voice etc. Various devices are used in biometrics like digital cameras for face recognition, ear recognition etc or a telephone for voice recognition etc.
A biological system functions in verification / identification mode. In verification mode the system validates a person identity by comparing the captured biometric data with the biometric template stored in the database and is mainly used for positive recognition. In the identification mode the system fetches the biological information of an individual and searches the biological template of all users in the database till a match is not found.
Types of biometrics which may be implemented in MPS in order to increase the level of security are retina scan and finger verification.
- Fingerprint technology in MPS
This technique involves scanning of retina and iris in eye of the police office of the MPS. Retina scan technology maps the capillary pattern of the retina. A retina scan measures patterns at over 400 points. It analyses the iris of the eye. This is a highly mature technology with a proven track record in a number of application areas such as highly secured organization (MPS).
Retina scanning captures unique pattern of blood vessels. The police officer must focus on a point and when it is in that position the system uses a beam of light to capture the unique retina characteristics. The entire process of verification and validation involves 4 steps which are capturing of the template, extraction of the template, comparing the extracted pattern with the already saved pattern in the database, and permitting only the authorized police officials.
The unique pattern and characteristics in the human iris remain unchanged throughout one's lifetime and no two persons in the world can have the same iris pattern. Hence it is extremely secure and accurate and used more frequently in controlled environment. However, it is expensive, secure, and more reliable. It requires perfect alignment and usually the user must look in to the device with proper concentration. It is used in airports for travelers. Retina scan is used in military and government organization. Organizations use retina scans primarily for authentication in high-end security applications to control access.[BIOMETRICS : A FURTHER ECHELON OF SECURITY Siddesh Angle, Rima Bagtani, Hemali Chheda]
Finger print technology is a very popular biometric technique. The police officer presses his finger softly against an optical or a silicon reader surface typically the size of it will be about 2 inch square size. This reader is connected to a system and takes the data from the scan and sends it to the database for verification. Then a comparison is made with the data available in the database. The police officer is necessary to leave his finger on the reader surface for less than 4 seconds for the period of which the identification, verification and granting permissions for only authorized police officer.
To prevent intruders from being accessed into the system, many techniques have been developed which even measures blood flow, or check for correctly arrayed ridges at the edges of the fingers. Fingerprint sensor is of low cost, acceptable false rate, more reliable, and can be used with ease.
Nowadays finger print is digitalized so that it can't be forged.[BIOMETRICS : A FURTHER ECHELON OF SECURITY Siddesh Angle, Rima Bagtani, Hemali Chheda]
Task C) Biological Identity:
Blood group, finger prints of both hands, blood vessels patterns of the eye, DNA samples etc., are the basic representations of a person's biological identities. Biological Identities play a major role in MPS or any other organization, where security is vital. Though expensive, these identities cannot be hacked or copied like digital Identities. [network security: Biometric Identification by Simo Huopio Department of Computer Science Helsinki University of Technology]
For organizations, basic authentication procedures are digital identities. Digital identities are represented by using applications like usernames or date of birth, smart cards etc., and digital identity has a big usage in metropolitan police services. They save this data in their computers and use it by logging them or mailing them from one place to another etc., the other important aspect of this identity is digital representation which is made up by digital subject. Every digital subject has many identity attributes, it can be living(Human) or non living(objects) the main aspects with which digital identity deals with are identity through relationship, authentication, identifiers, handling system policies and aspects etc.
Biological identities are more secured when compared to digital identities as they are genetically made Digital identity works faster the biological identity as digital identity utilizes technology Digital identity is not as reliable as biological one Biological identities have better accuracy than digital multiple identities.
A police officer when not in crime unit need not have access to highly sensitive information. A digital identity like a swipe card will serve the purpose. But when he is in the crime department, he will be having access to internal systems in the crime unit, where very confidential data is stored. His identity should be much secured as it may cause serious damage (sometimes to the country) if hacked. Hence, biological identities, which are much secure when compared to digital identities, must be used. Biological identities need not be used for normal police duties, as they are very expensive.
Task d)The Public Key Infrastructure (PKI) is a combination of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
In cryptography, a PKI is an arrangement that binds public keyswith respective user identities by means of a certificate authority (CA).For each CA the user identity is unique. The level of assurance depends on the registration and issuance process which may be carried out by software at a CA. The binding which assures the PKI role is called the "Registration Authority "(RA). For each user, the user identity, the public key, their binding, validity conditions and other attributes are made cannot be forged in public key certificates issued by the CA.[ Public Key Infrastructure Overview by JoelWeise]
PKI Functions: This section discusses the following basic processes which are common to all PKIs:
Public key cryptography - Includes the generation, distribution, administration, and control of cryptographic keys.
Certificate issuance - Binds a public-key to an individual, organization, or other entity, or to some other data-for example, an email or purchase order.
Certificate validation - Verifies that a trust relationship or binding exists and that a certificate is still valid for specific operations.
Certificate revocation - Cancels a previously issued certificate and either publishes the cancellation to a Certificate Revocation List or enables an Online Certificate Status Protocol process. [ PKI digital certificate lifecycle demo by Safelayer]
RSA is a public key cryptographic algorithm that is based on the hard mathematical problem of factoring composite numbers. RSA enabled PKI application provides a btter security and authentication.
Authentication,confidentiality,Data integrity andNon repudiation are the attributes of a trusted transaction between a client and server. PKI (public key infrastructure) is a asymmetricencryptionwhich uses public key cryptography. This makes it a system which is reliable and safe. Sending a message through this system is safe, as the only way to decrypt the information is through the private key of the receiver. The police department can trust these methods because it is impossible and would take several hundred years for anunauthorized personto decrypt the information.
A CA's (Certificate Authority) are primarily used to publish the key bound to a given user. These may also be called Trusted Third Party(TTP). CA gives the digital certificates and identification of the owner. While the private key is notpublicized and kept to himself by the receiver, It contains the public key's which are owned by the person or server. Now, it identifies theauthorization of a person so that the depending parties and user's trust could be maintained on the part of CA's certificates. CA ensures that a said person isgenuine byverifyinghis signature. Then this person can verify the shared keys which are in turn used to decrypt the message. The Certificate Authorities are so important that it is oftenconsideredas asynonymfor PKI.[cryptography and network security by William stallings]
Authentication,confidentiality,Data integrity andNon repudiation are the attributes of a trusted transaction between a client and server. PKI (public key infrastructure) is a asymmetricencryptionwhich uses public key cryptography. This make it a system which is reliable and safe. Sending a message through this system is safe, as the only way to decrypt the information is through the private key of the receiver. The police department can trust these methods because it is impossible and would take several hundred years for anunauthorized personto decrypt the information.
A CA's (Certificate Authority) are primarily used to publish the key bound to a given user. These may also be called Trusted Third Party(TTP). CA gives the digital certificates and identification of the owner.While the private key is notpublicized and kept to himself by the receiver,It contains the public key's which are owned by the person or server. Now, it identifies theauthorization of a person so that the depending parties and user's trust could be maintained on the part of CA's certificates. CA ensures that a said person isgenuine byverifyinghis signature. Then this person can verify the shared keys which are in turn used to decrypt the message.The Certificate Authorities are so important that it is oftenconsideredas asynonymfor PKI.
- breo: sdc learning materials cis008-6
- David F. Feraiolo and D. Richard Kun, "Role-Based Access Controls," NSA National Computer Security Conference, Baltimore, Maryland, October 13-16, 1992.
- BIOMETRICS : A FURTHER ECHELON OF SECURITY Siddesh Angle, Rima Bagtani, Hemali Chheda
- network security: Biometric Identification by Simo Huopio Department of Computer Science Helsinki University of Technology
- Public Key Infrastructure Overview by JoelWeise
- PKI digital certificate lifecycle demo by Safelayer
- cryptography and network security by William stallings