Professional Documents
Culture Documents
Fundamentals of Cyber Security II Lecture 1
Fundamentals of Cyber Security II Lecture 1
12/28/2021
Fundamentals of Cyber
Security II
CBS2203
2
Information Assurance Fundamentals
Authentication
Authorization
Non-repudiation
CIA Triads
Multifactor Authentication:
Usage of more than one factor to authenticate a message or a person
Example: Fingerprint Scan and a Personal Identification Number (PIN)
Two instances of the same factor are not multifactor
Example: Password combined with a user’s Mother’s maiden name
Verifies the identity and validity of the SIM card to the network and ensures that
the subscriber has the authorised access to the network
It is a process of exchanging information between communication device and a
mobile network which allows the carrier or network operator to confirm the true
identity of the user(or device)
This validation of the authenticity of the user or device allows a service provider
to deny service to the user that cannot be identified
Kc
It is a 64 bit ciphering key used for encryption and decryption
A3 Algorithm
Is an algorithm that resides in Subscriber Identity Module (SIM) and AuC
When RAND and Ki is fed as an input, it generates SRES in the AuC
A8 Algorithm
Resides in IMSI, SIM, and AuC
When RAND and Ki is fed as an input, it generates the Ciphering Key(Kc)
Fundamental of Cyber Security II By Mal Anas Aliyu Usman 12/28/2021
10
Authentication Process
GSM authentication process starts with the transmission of a random number (RAND) from the
base station
This RAND is used along with other information including the Ki to calculate the signed
Response(SRES)
The Ki is stored in both mobile telephone and GSM system and it is not transmitted over the
radio link
When GSM systems perform the authentication process, it compares the SRES return by mobile
telephone
If both SRES match the GSM system then allow call processing to continue
“Assurance thet the sender of data is provided with proof of delivery and the recipient
is provided with proof of the sender’s identity, so neither can later deny having
processed the data.”
Confidentiality
Integrity
Availability
Thank you!