5G Security Training

Tonex 5G Security Training is an essential element in the development of security policies and technologies to protect 5G wireless networks from hacking, cyberattacks and financial fraud.

Key objectives & gained skill: The goal of this hands-on practical course is to give the participant a strong and intuitive understanding of what security in the wireless systems is and how the security functions are implemented in the 5G, 5G NR, 5GC, Service Based Architecture (SBA), HTTP2/JSON and REST API, and optional non 3GPP radio including Open RAN (O-RAN), mmWave radio and core network. The course focuses both on the air interface and the core network security principles, vulnerabilities, attack vectors and mitigation.

5G security professionals are not bashful explaining how the risk of more sophisticated botnets, privacy violations and faster data extraction can escalate with 5G technology.

With 5G’s high speeds and low latency, almost all businesses and industries are now in the position to digitize applications and services they couldn’t dream of not long ago. But when it comes to 5G security, experts believe 5G users need to think about this technology in terms of balance.

Attention to 5G security is crucial for all agencies and organizations because 5G’s greater attack surface due to billions of more IoT connected devices make for larger and more serious attacks possible.

Additionally, analysts confirm that many IoT devices are being manufactured with minimal or non-existent 5G security measures. What this means is that cybercriminals could intercept and change sensitive communication over 5G. Unsecured IoT devices could also easily allow for man-in-the-middle attacks.

The IoT situation is considered a big deal by 5G security experts. Many feel there needs to be a new regulatory body to oversee IoT devices – something akin to how the FCC grades radio systems.

However, it may come down to incentives like market monopoly or logistics support for complying brands to effectively regulate the IoT market. This especially holds true for low-end IoT brands, which just may not be able to afford the added cost of production when it comes to these changes.

While there are 5G security concerns, 5G technology also comes with many security features designed into the 5G architecture.

Advancement of 5G technology and use of new architectures and features such as network slicing, virtualization and cloud introduce new threats that require new types of controls to be implemented.

Network slicing allows the operator to customize the behavior of the network, adapting (slicing) the network to service specific use cases using the same hardware.

The security model for each slice is adapted to the use case. Different levels of isolation can be envisaged spanning from a single node of the core network to fully dedicated radio access.  Each isolation type is then integrated at design phase.

5G Security Training Course by Tonex

The upside of 5G technology has been pretty well disseminated: speedier transmissions, low latency and providing massive connectivity. But do we really understand the consequences, as in security risks?

Each generation of communications networks have had their share of security issues. But this matter merits top shelf attention given that 5G will handle highly sensitive applications such as life or death remote surgery.

There’s also concern that 5G security may turn into an all-out geopolitical issue: Do countries place themselves at risk by relying on 5G equipment built in nations with potentially adversarial governments?

On top of that, independent researchers recently identified potential issues with 5G’s authentication protocols. Researchers at Purdue University discovered 11 serious vulnerabilities in the 5G architecture including stingrays, also called “IMSI catchers” after the international mobile subscriber identity number attached to every cellphone.

For some time, security personnel have been saying that companies should build products that require users to change passwords before using them. A related issue: IoT devices aren’t always easy to update when a security flaw is identified in their software. This is not good news given that 5G technology relies on more software compared to older networks.

As a result, the networks could be easier for hackers to manipulate by exploiting vulnerabilities in poorly written software. In fact, the European Commission, the EU’s executive arm, warned of this in a report published in October.

Many believe the fix is for manufacturers to make updates available for years to come so products don’t need to be replaced when a flaw is found.

Course Description

Tonex 5G Security Training is an essential element in the development of security policies and technologies to protect 5G wireless networks from hacking, cyberattacks and financial fraud.

Key objectives & gained skill: The goal of this hands-on practical course is to give the participant a strong and intuitive understanding of what security in the wireless systems is and how the security functions are implemented in the 5G, 5G NR, 5GC, Service Based Architecture (SBA), HTTP2/JSON and REST API, and optional non 3GPP radio including 802.11ax, mmWave/802.11ay radio and core network. The course focuses both on the air interface and the core network security principles, vulnerabilities, attack vectors and mitigation.

The upside of 5G technology has been pretty well disseminated: speedier transmissions, low latency and providing massive connectivity. But do we really understand the consequences, as in security risks?

Each generation of communications networks have had their share of security issues. But this matter merits top shelf attention given that 5G will handle highly sensitive applications such as life or death remote surgery.

There’s also concern that 5G security may turn into an all-out geopolitical issue: Do countries place themselves at risk by relying on 5G equipment built in nations with potentially adversarial governments?

On top of that, independent researchers recently identified potential issues with 5G’s authentication protocols. Researchers at Purdue University discovered 11 serious vulnerabilities in the 5G architecture including stingrays, also called “IMSI catchers” after the international mobile subscriber identity number attached to every cellphone.

For some time, security personnel have been saying that companies should build products that require users to change passwords before using them. A related issue: IoT devices aren’t always easy to update when a security flaw is identified in their software. This is not good news given that 5G technology relies on more software compared to older networks.

As a result, the networks could be easier for hackers to manipulate by exploiting vulnerabilities in poorly written software. In fact, the European Commission, the EU’s executive arm, warned of this in a report published in October.

Many believe the fix is for manufacturers to make updates available for years to come so products don’t need to be replaced when a flaw is found.

5G Security Training Course Modules and Workshops

Module 1: Introduction to 5G Networks and Systems 

• Overview of 5G Technology
• 5G Services
• Mission-critical services
• Massive Internet of Things
• Broadcasting, Mobile and Fixed 5G Service
• 5G Access Techniques
• Channels and Carriers
• 5G New Radio (NR)
• Licensed/shared/unlicensed
• Above 24 GHz (mmWave)
• 1 GHz to 6 GHz
• Below 1 GHz
• 5G NR FDD/TDD CA
• 5G NR Sub-6 GHz Standalone (NSA)
• 5G NR Sub-6 GHz Non-Standalone (SA)
• Massive MIMO
• Scalable OFDM-based 5G NR air interface

Module 2: 5G Network and System Architecture

• 5G Architectural Components
• Architectures Defined by Function
• 5G System Functions
• Virtualization Function in 5G
• Principles of 5G New Radio (5G NR)
• Principles of O-RAN (Open RAN)
• Platforms for Terminal (Chips, OS, MMI, etc.)
• Transmission (coding, modulations, etc.)
• Service-Based Architecture (SBA)
• Network interfaces and services
• Network Exposure Function
• Protocols
• Control and User Plane separation Modularization
• Virtualization
• Service-based Architecture (SBA)
• Network Slicing
• NFV and SDN
• Multi-Access Edge Computing (MEC)
• Network Slicing
• Benefits of network slicing
• Network Slice Selection Function
• Interworking with 4G EPC
• 5G Protocol Stack (OSI-based)
• Quick Compare: Verizon, AT&T, T-Mobile, Sprint, others
• Virtualizing the 5G Network Core
• Mobile Edge Computing (MEC)
• Design considerations
• Capabilities and limitations
• Product development process
• Autonomous 5G Control
• Network Management
• Network Operations Center (NOC)

Module 3: 5G Identifiers

• 5G communications systems architecture
• Security Issues and Challenges in 5G Communications Systems
• Mobile Malware Attacks Targeting UE
• Self-Organizing Network (SON)
• Subscription Concealed Identifier (SUCI)
• Subscription Permanent Identifier (SUPI)
• Subscription Identification Security
• Permanent Equipment Identifier
• Subscription Identifier De-concealing Function
• 5G Globally Unique Temporary Identifier

Module 4: Intro to 5G Security  

• 5G Wireless Ethical Hacking, Penetration Testing, and Defenses
• Direct and D2D Communication Security
• IoT Security
• Cloud Security applied to 5G
• NFV Security
• Software Defined Networking (SDN) Security
• Cloud and Virtualization Security
• C-RAN Security
• V2V Security
• Securing 5G Automation
• 5G Monitoring and Security Operations
• Active 5G Defense, Offensive Countermeasures and Cyber Deception
• 5G RAN and NexGen Core Network Penetration Testing and Ethical Hacking
• IMS Security
• Implementing and Auditing 5G Security Controls
• Social Engineering for 5G Penetration Testers
• 5G UE Security and Ethical Hacking
• 5G Virtualization and Private Cloud Security
• Advanced LTE, LTE-Advanced ,LTE-Advanced Pro, and 5G Exploit Development for Penetration Testers
• 5G Forensics Analysis
• Advanced 5G  Forensics, Incident Response, and Threat Hunting
• 5G Cyber Threat Intelligence
• Advanced 5G Forensics: Applied to IoT, V2V and Autonomous Things
• Reverse-Engineering 5G Analysis Tools and Techniques

Module 5: 5G Networks and System Cybersecurity Assessment and Best Practices

• 5G Systems Attacks
• Uniquely Network Concerns
• Reliability and Security
• Role of Obscurity
• Threat Assessment
• Attackers and Assets
• Attack Surface
• Attack Trees
• Security Policy
• 5G System Vulnerabilities
• Backdoors
• Denial of Service (DOS)
• Defensive Architectures
• Combating Complexity
• Defensive Hardware Interfaces
• Public Key Cryptography (PKI)
• Protecting Data In Motion
• Secure Software Process

Module 6: 5G System Vulnerability Analysis  

• Exploiting 5G Systems and Devices
• The Stages of System Exploitation
• Initial Reconnaissance
• Exploitation
• Firmware Unpacking and Modification
• Detecting
• Extracting
• Analysis
• Modification and Creation of new firmware
• Hacking/exploitation techniques, tools and entry points
• Defensive technologies

Module 7: Cybersecurity Attacks and Best Mitigation Practices for 5G Systems Non-Invasive Hardware Reverse Engineering

• Component identification
• Interface Analysis
• Communications Protocols Sniffing
• Decoding and Deciphering Captured Bits
• Critical Data Identification and Detection
• Component Removal and Replacement
• Electronics and Circuit analysis
• Security Measures

Module 8: 5G Security Requirements and Features (Mandatory)

• 3GPP General security requirements
• Requirements on the UE
• Requirements on the gNB
• Requirements on the ng-eNB
• Requirements on the AMF
• Requirements on the SEAF
• Requirements on the UDM
• Core network security
• Trust boundaries
• Visibility and configurability
• Requirements for algorithms, and algorithm selection
• 5G Zero Trust Architecture
• What is 5G “Zero Trust”?
• 5G network architecture and Zero Trust
• Zero Trust as a strategic initiative
• Tools to prevent successful data breaches
• Eliminating the concept of trust rooted in the principle of “never trust
• Zero Trust to protect 5G environment
• Leveraging 5G network segmentation
• Preventing lateral movement
• Providing Layer 7 5G threat prevention
• 5G user-access control
• Deploying 5G Zero Trust
• Steps to Zero Trust
• Identify the protect 5G surface
• Map the 5G transaction flows
• Build a Zero Trust 5G architecture
• Create 5G Zero Trust policy
• Monitor and maintain 5G Zero Trust environment

Module 9: Tonex 5G Security Workshop/Recommendations  

• Key Issues
• Embedded SIM Security
• mmWave Security Issues
• 5G Autonomous Driving Security Solutions
• Critical 5G Security Controls Planning, Implementing and Auditing
• Top 5G Mitigation Strategies Implementing and Auditing
• Advanced 5G Security Principles
• 5G Intrusion Detection
• 5G Wireless Hacker Tools, Techniques, Exploits and Incident Handling
• Issues with Access Network Flash Network Traffic
• Radio interface key management
• User plane integrity
• Security measures
• DOS Attacks Against Network Infrastructure
• Overload of the signaling plane security issues
• Bulk configuration security issues

Module 10: Tonex 5G Cybersecurity Assessment (Workshop using DoD RMF Templates) (Optional)

• Overview of Risk Management Framework (RMF)
• RMF as a set of criteria that dictate how United States government IT systems must be architected, secured, and monitored
• RMF and National Institute of Standards and Technology (NIST) foundation for any data security strategy.
• Evaluate 5G system security vulnerabilities
• Assessing cyber-related information and control systems to relevant regulations, standards and guidance
• Gap analysis to unveil security holes
• real-time situational awareness
• Insider and external threat protection
• System hardening and active defenses for comprehensive protection of 5G system 5G environment
• 5G cybersecurity patching

Module 11: Tonex 5G Cybersecurity Assessment (Workshop using ISO 27001, ISA/IEC 62443 Frameworks) (Optional)

• ISO 27001:2013 as the international standard framework for Information Security Management Systems (ISMS)
• Evaluating continued confidentiality, integrity and availability of information as well as legal compliance
• ISO 27001 implementation and potential security threats: analysis and mitigation
• ISO 27001 applied to 5G
• ISA/IEC 62443 Cybersecurity
• Overview of IEC 62443-4-1:2018
• Security for industrial automation and control systems
• Secure product development lifecycle requirements
• IEC 62443 applied to 5G and critical infrastructure protection
• ISA/IEC 62443 Cybersecurity Fundamentals Specialist
• ISA/IEC 62443 Cybersecurity Risk Assessment Specialist
• ISA/IEC 62443 Cybersecurity Design Specialist
• ISA/IEC 62443 Cybersecurity Maintenance Specialist
• ISA/IEC 62443 Cybersecurity Expert: Individuals who achieve Certificates 1, 2, 3, and 4 are designated as ISA/IEC 62443 Cybersecurity Experts

Optional Workshops: 5G Pentest 

5G Pentesting

• 5G Cyber Security Risk Management
• 5G Security Automation, Incident Response Team Management
• Secure DevOps
• 5G Data Security and Investigations
• Physical 5G Penetration Testing
• Physical Wireless Access Control Systems Elements of Design, Offense/Defense
• 5G Mobile Botnets
• Bot-masters and Bot-proxies
• 5G UE Location Tracking
• 5G Pen Testing
• Overview of Risk Management Framework (RMF)
• RMF as a set of criteria that dictate how United States government IT systems must be architected, secured, and monitored
• RMF and National Institute of Standards and Technology (NIST) foundation for any data security strategy.
• Evaluate 5G system security vulnerabilities
• Key Issues
• Embedded SIM Security
• 5G Autonomous Driving Security Solutions
• Critical 5G Security Controls Planning, Implementing and Auditing
• Top 5G Mitigation Strategies Implementing and Auditing
• Advanced 5G Security Principles
• 5G Intrusion Detection
• 5G Hacker Tools, Techniques, Exploits and Incident Handling
• Issues with Access Network Flash Network Traffic
• Radio interface key management
• User plane integrity
• Security measures

DOS Attacks Against Network Infrastructure

• Overload of the signaling plane security issues
• Bulk configuration security issues
• 5G Security Domains
• 5G Security Requirements from 3GPP
• 5G IoT Exploitation
• 5G Cloud RAN Exploitation
• 5G SBA/HTTP2/JSON/REST API Exploitation
• Security Enforcement Points
• 5G Architecture (RAN, IP Core, Mobile Core, Transport, Etc.)
• 5G Pen Test Planning
• 5G Pen Test Scoping, and Recon
• Inventory of potential 5G vulnerabilities
• High Value 5G Penetration Test
• RMF Control Functions applied to 5G