SECURE DATA COMMUNICATION
MPS staff frequently have multiple identities associated with their different job roles. Why is a dedicated "solution" needed?
Ans):- In this case we have to need multiple identities for different job roles. In above case study there are all to gather more than 50,000 employees are there, here we have to provide the individual identities.
These identities which need to store the all data base with complete security. In this data base it should save the all employees information to log in. The main advantage is to save the time, easy to access, to give the privacy, with out any risk, trust, identification and authority.
If we provide all employees to a particular authentication to access their log in then it is easy to log in and by using their email service. If we did not provides the security and authentication means then it is easy to access their own information. In above scenario according to the manager we are using the data base storage for Siemens leading LDAP/X.500 for the staff information and the server is Dir X. Authentication is required because of where it provides the service that where the user knows a secret that he can only authenticate his or her own identity, where no other person can access his identity. If we consider an Automatic Teller Machine (ATM) which contains with the card and password as well as signature on the card. Where if any other person want to use that card means he can not open that card because of the password should contains PIN, it is with typically four digits if the pin is correct then it will open else it can not open.
If we provide the employee log in with electronic identities for the 45,000 members then labour force will be cheap. The main benefit is that then we can easy to control with the perfect authentication and trust. With out identity we can not control the all staff.
Ans:- If we consider in Metropolitan Police Service or any other system every where is one of the most dangerous security threat is the in which somebody claims to be somebody else. Here we have to provide the security for the identification and authentication. Authentication is the service which will verify the user's identity and Identification is the service which assigned to specific person. Biometric is useful, the reason behind this is it allows better security, and it has always good impact on human life as it requires higher level of information related to society and it's really difficult to hack such a secure system.
Biometrics is the science of identifying or verifying the identity of a person based on the physiological or behavioural characteristics, it is with the Uniqueness, permanence, flexible and no other form of identification should be necessary. Those are
Physiological characteristics: are which will identify with human organs which includes fingerprints, retinal pattern, iris and facial appearance.
Behavioural characteristics: are with the persons things in a single way like signatures, voiceprints and gait, these are naturally dependent on physical characteristics as well.
These Biometric Technologies are unconditionally secure, computationally secure, good choice of keys and it contains the Secure Data Base. The purpose of the techniques will gives the close to user friendliness, User security, it is easy to use in applications, Compatible, Resistance to deceit, and the main important is Reliable and easy to maintainability.
Some Biometric Techniques are: Fingerprints, Palm print, Hand and finger geometry, Hand veins, Retinal scan, Iris, Infrared thermo gram, DNA, Ear, Face, Gait, Speech and Signature.
1) Fingerprint Verification:
This verification comes under the Physiological characteristics. Fingerprint is Ridges and Valleys, in this verification it detects firstly Ridge endings and Ridge bifurcations. This technique is oldest biometric in use because this it has been using from the 19th century. This technique is highly scalable and it is rich in information. It lends itself to automation. Fingerprints are unchanged with body grows. The classification is based on the arch, loop and whorl. These systems available for recognizing these characteristics are complex.
This Fingerprint is only with the very high maturity compare with the other techniques. The scalability is high and the sensor cost is nearly <$100 which is affordable. This Sensor type is obtrusive which can not be mistakable and this sensor size is small and this Template size is <200bytes. 
Fingerprint system is one of the most used systems in every law. It includes identity of every single person because if this system will take place in every field, every department, it will have excellent impact on life.
Fingerprint verification is Effectiveness, If we consider as Operational view this is linked with illegal or unlawful factors (e.g. medical), this department will not accept it or it's not appropriate because if we want to stay away from crime than fingerprints should be stored in a card instead of large central data base.
Fingerprints are reliable to use instead of signature, PINs as fingerprints cannot be stolen, and this method is preferred by most of the people as it's safe.
There are lots of fraud cases which are totally based on hacking password, PINs but fingerprints are always been reliable and never created problem as it can be verified easily.
In Technical view Fingerprints are always considered extremely accurate in industrial aspects. Some finger identification systems focus only on the location and on small areas.
This is particularly the best way to investigate crime or misdeeds. It appears to be strong way to verify crime at different levels, that fingerprints is most appropriate method of finding or searching crime or its useful to reduce sins, as it provides social welfare security by using cards such as ID's driving licences, passports etc.
It helps in various fields to reduce offence. 
Fingerprints are the oldest and best known biometric identifier. It is always been demanding and used by law enforcement agencies.
There are basically two main challenges to be addressed which are as follow; an estimated 5% of people are not able to register and lacks of interoperability/Few are still uneducated.
This technology is mostly used in welfare societies, banking, law and other sectors. The motive of this system is an inspection or examination of all mankind who are in opposition to state law. Fingerprints are basically used for identification, and after that it can be matched with past records. It is using in Information security, Police Department, Immigration and Naturalization services.
Nationwide this network of making records by taking fingerprints is powerful and this allows mankind to reduce crime as well. This kind of network is developed to improve the level of security.
3. Iris recognition:
Technology is in fact mature enough to be used commercially in high
Security applications in both detection and authentication means with remarkable results. It actually provides facility to sign up everyone anywhere. In the beginning iris of the eye was used as a kind of optical fingerprint for special identification, their purpose was to have clinical results that everyone is matchless and it remains unaffected in clinical photographs. It's mathematically proven that fingerprints are suitable in all fields as efficient algorithms are developed to extract a detailed iris description.
The Effectiveness of the Iris recognition systems have public acceptability problems in many application areas. Here is an example of INFOSEC project Health sign (1994) users in UK, Greece, Italy. It describes choices for electronic signature interfaces to Hospital Information System. The outcome of this survey was in UK retinal scanner and it was the slightest encouraging where in Italy it was totally unacceptable.
In Technical view the retinal blood vessels highly considered an individual so accuracy is one of the advantages of this method of recognition. Duplicate fake eyes are of no use since they don't respond to light.
However medical research has shown that retinal patterns are not as stable as it was thought/they have crucial variations. 
This technique is to correct the facilities and department of Motor vehicle.
It believed to most accurate in application. It does not need much operator training. It accepts public acceptance no criminal association. The main advantage of this Iris analysis is very high scalability and the high maturity. The sensor size is medium and sensor type is obtrusive and Template size is 256 bytes. But the drawback is the its very expensive, because the sensor cost is nearly <$3000.
The drawbacks for this technique is the here no database of iris scans. It is maximum useful for the verification than identification. The sensor cost very much expensive so it is not easy to afford. This performance impaired with tinted glasses. We can only read on line.
c) Distinguish between a biological identity and multiple digital identities. Illustrate your answer with specific reference to: a member of the Police Computer Crime Unit who, when not engaged in such work, engages in normal police duties.
Biological Identity it is an identity which will examine each method separately. And it is characteristics of a person. Where in this identity with Fingerprint verification, Iris Analysis, Facial Analysis, Speech, Hand written, Key stroke, DNA pattern, Ear recognition and etc. in this case we have to be there in the case of identity, if we consider voice recognition we have to speak instead of identity where it will be consumes the voice of a person and it detect the verification for authentication.
So these techniques were used to recognize the person identity, each techniques provide the different types of performance. But in Biological identities where there is no need of person, its like he has to use the cards, user name and passwords, only signature, proof of any identity which is showed to the evidence. But in this case here no need of person. In both cases the differences is the in Biological Identity person should be there for the identity and in Multiple digital identities no need of person for identification.
In this case, if a person who is working in Computer crime unit whose responsibilities are the who is specially committed to over the Internet. Who will restricts the Computer Crime that will with issues has become highly talented profile particularly Hacking-which in the sense stealing the passwords, information, destroying the operating systems, spreading the viruses, copyright infringement, pornography and child grooming, etc. This is basic on the Spam, Fraud, Drug trafficking, Cyber terrorism and Obscene. Now a day everyone was suffering from the cyber crime because of hacking, but this Cyber Crime Unit who will protect from the hackers. In this case he can logged in from any where like with the user name and passwords, here he can do his job from any where with showing his identity like his ID card and proof of identity.
d) Secure messaging within the Metropolitan Police Service is critical. As an exemplar, client-server messaging involves the secure transmission of encrypted information between sender and receiver. Critically review the use of PKI (Public Key Infrastructures) in this context. Is PKI unbreakable if properly installed and operated? Should the Police "trust" cryptographic techniques (such as RSA) that are used as an integral part of PKI?
PKI provides the security services are the services with in a computer system which give security or gives the protection to its resources or PKI is a system of digital certificates, certificate authorise, authorities for registration, management service certificate which verifies the authority and identity of each party involved in any transaction through the internet. So in secure message service in Metropolitan Police Service we need the transmission of encrypted information between sender and receiver will be secure, here also PKI provides the transaction operation with the verification with secure and also on confirms the base of request of message.
In MPS sending the messaging is difficult to provide the complete security to the client server transmission. Here, PKI provides the complete security which contains with the identification and authentication, access control, data integrity, confidentiality and non repudiation. To implement security only we are using the security mechanisms with some technical implements and some techniques. The mechanism will operate by itself or it connects with others to give a service.
So finally this PKI is Unbreakable, In this scenario if we will properly installed and operate this PKI then it is unbreakable, because also a key length of 56 bits s generally seems that is sufficiently with the super secure for most applications except when very large amounts of money or critically secure data are involved. The recent challenges are from the DES put up by RSA data security about nearly 90,000 workstations co-operated and also needed more than a month to find the 56 bit key. So, it is unbreakable for many years ago.
Here data has been encrypted with the public key of the receipts can only be decrypted using the recipients private key. In case, if any one can make their own public key to openly known, then all are easy to send that persons own data, it means every one can easily access his personal data. In PKI every message should contains the message context information, this information can be decrypted from the manager when that message is put on a que by an application then only authorized users can only change that users ID. While receiving the senders information, receiver should have the senders name and ID which provided by the sender.
Yes MPS can trust the cryptographic techniques like RSA and also this technique is in the part of PKI. There are distinct classes of encryption algorithm are in use, they are like Symmetric Encryption Algorithm and Asymmetric Encryption Algorithm. Here the difference is that how the key factors are using in these techniques with encryption methods. RSA was in Asymmetric Encryption Algorithm commonly called Public Key Cryptosystems (PKCS) are based on mathematical algorithm. The basic idea is to find mathematical problem is very hard to solve. Rivest, Shamir and Adleman who formed RSA data security algorithm. But in this case MPS there are number of staff required to security and also with complete authentication. Here the point is every one can access their own login ID with the security and authentication.
- N. K. Ratha, A. W. Senior, and R. M. Bolle, BAutomated biometrics,[ in Proc. Int. Conf. Advances Pattern Recognition, Rio de Janeiro, Brazil, 2001, pp. 445-474.
- Adlrer, F.H. "Physiology of the Eye: Clinical Application, 4th ed., London: The C.V. Msoby Company.