Fundamental of Cyber Security II By Mal Anas Aliyu Usman

12/28/2021
Fundamentals of Cyber
Security II
CBS2203
 2
Information Assurance Fundamentals

 Authentication
 Authorization
 Non-repudiation
 CIA Triads

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 3
AUTHENTICATION

 Authentication is define as a “Security measure designed to establish the

validity of a transmission, message, or originator, or a means of verifying
an individual’s authorization to receive specific categories of information.”
 It is the key to verifying the source of a message or that an individual is
whom he or she claims

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 4
FACTORS OF AUTHENTICATION

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 5
AUTHENTICATION TYPES

 Multifactor Authentication:
Usage of more than one factor to authenticate a message or a person
Example: Fingerprint Scan and a Personal Identification Number (PIN)
 Two instances of the same factor are not multifactor
Example: Password combined with a user’s Mother’s maiden name

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 6
Contd….

 Authentication also applies to validating the source of a message such as

Network packet or Email
 Message authentication systems cannot rely on the same factors that apply to
human authentication
 Message authentication systems often rely on cryptographic signatures, which
consist of a digest or hash of the message generated with a secret key

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 7
GSM Authentication

 Verifies the identity and validity of the SIM card to the network and ensures that
the subscriber has the authorised access to the network
 It is a process of exchanging information between communication device and a
mobile network which allows the carrier or network operator to confirm the true
identity of the user(or device)
 This validation of the authenticity of the user or device allows a service provider
to deny service to the user that cannot be identified

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 8
Terms used in Authentication
Ki:
 It is the individual subscriber authentication key
 Stored only on the SIM card and authentication centre
RAND
 Is the random 128 bits number
 Generated by the Authentication Centre when the network request to authenticate the subscriber
 Used to generate the SRES and Ciphering key (Kc)
SRES
 It is called the Signed Response
 32 bits Crypto variable used in the authentication process
Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021
 9
Terms used in Authentication

Kc
 It is a 64 bit ciphering key used for encryption and decryption
A3 Algorithm
 Is an algorithm that resides in Subscriber Identity Module (SIM) and AuC
 When RAND and Ki is fed as an input, it generates SRES in the AuC
A8 Algorithm
 Resides in IMSI, SIM, and AuC
 When RAND and Ki is fed as an input, it generates the Ciphering Key(Kc)
Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021
 10
Authentication Process

 GSM authentication process starts with the transmission of a random number (RAND) from the
base station
 This RAND is used along with other information including the Ki to calculate the signed
Response(SRES)
 The Ki is stored in both mobile telephone and GSM system and it is not transmitted over the
radio link
 When GSM systems perform the authentication process, it compares the SRES return by mobile
telephone
 If both SRES match the GSM system then allow call processing to continue

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 11

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 12
AUTHORIZATION

 Authorization focuses on determining what a user has permission to do

 It defines as “Access privileges granted to a user, program, or process”
 Decide what privileges they have
Example: An online banking application will authenticate a user based on
his or her credentials, but it must then determine the accounts to which that user
has access
 The system determines what actions the user can take regarding those accounts,
such as viewing balances and making transfers

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 13
NON-REPUDIATION

 “Assurance thet the sender of data is provided with proof of delivery and the recipient
is provided with proof of the sender’s identity, so neither can later deny having
processed the data.”

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 14
CIA TRIAD

 Confidentiality

 Integrity

 Availability

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 15
CIA TRIAD

 Confidentiality, Integrity and Availability, also known as the CIA triad

 Is a model designed to guide policies for information security within an
organization.
 Model also sometimes referred to as the AIC triad (Availability,
Integrity and Confidentiality) to avoid confusion with the Central Intelligence
Agency.
 The elements of the triad are considered the three most crucial components of
security

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 16
Confidentiality(equivalent to privacy)

 Familiar to most people, even those not in the security industry

 Confidentiality is define as “assurance that information is not disclosed to unauthorized individuals,
processes, or devices.”
 Set of rules that limits access to information
 Assuring that unauthorized parties do not have access to a piece of information is a complex task
 Easy to understand when broken down into three(3):
1. Information must have protections capable of preventing some users from accessing it
2. Limitations must be in place to restrict access to the information to only those who have the
authorization to view it
3. An authentication system must be in place to verify the identity of those with access to the data
Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021
 17
Integrity

 Integrity is the assurance that the information is trustworthy and accurate

 It involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life
cycle
 Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered
by unauthorized people (for example, in a breach of confidentiality)
 These measures include file permissions and user access controls
 Some data might include checksums, even cryptographic checksums, for verification of integrity
 Backups or redundancies must be available to restore the affected data to its correct state
 As a result of non-human-caused events such as an electromagnetic pulse (EMP) or server crash

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 18
Availability

 Availability is a guarantee of reliable access to the information by authorized people

 Availability is best ensured by rigorously maintaining all hardware
 Performing hardware repairs immediately when needed and maintaining a correctly functioning
operating system environment that is free of software conflicts
 It’s also important to keep current with all necessary system upgrades
 Providing adequate communication bandwidth and preventing the occurrence of bottlenecks are
equally important

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 19
Contd….

 To prevent data loss from such occurrences, a backup copy may be stored in a

geographically-isolated location, perhaps even in a fireproof, waterproof safe
 Extra security equipment or software such as firewalls and proxy servers can guard
against downtime and unreachable data due to malicious actions such as Denial-of-
Service (DoS) attacks and network intrusions.

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021

 20

Thank you!

Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021