5G Cybersecurity Training Bootcamp | 3GPP Version

5G Cybersecurity Training Bootcamp

Effective 5G cybersecurity is essential, especially since the  Ericsson Mobility Report estimates that, globally, half of all mobile subscriptions will be 5G by 2027.

5G cybersecurity professionals believe that while 5G architecture is revolutionizing wireless networking, 5G technology also has some cybersecurity risks that enterprises need to address before it becomes mainstream for business use.

A primary 5G cybersecurity issue revolves around the exposure of IoT devices to cybercriminals.

The exponential development of IoT systems has been fueled by consumer electronics, business, network appliances, and industrial IoT (IIoT) devices. 5G technology enhances certain IoT functions, leading to the proliferation of IoT devices and a security problem that individuals and organizations are still trying to figure out.

In the U.S., the Department of Homeland Security has been given responsibility for 5G cybersecurity. Its National Risk Management Center is focusing on several sectors of 5G cybersecurity, especially areas relating to telecommunications.

Additionally, the department’s Cybersecurity and Infrastructure Security Agency (CISA) has assembled a task force of government and industry organizations to de-risk its supply chain, for example by compiling white lists of companies bidding to carry out ICT work on the country’s national infrastructure.

The actions of the Department of Homeland Security and other agencies around the world demonstrate that 5G cybersecurity is being taken very seriously and that organizations and agencies should take notice.

5G cybersecurity is crucial because 5G technology is really at the heart of the digital revolution. Experts in this are believe that in the coming decade 5G will take on even more significance as connectivity comes to underpin every aspect of our lives, from industry to utilities and the military.

This means an increasingly vital role for next-generation networks, such as 5G, in the central nervous system of the economy and national critical infrastructures.

At the same time, cybersecurity itself has taken a new turn.  Cybersecurity has entered a completely new phase. In the beginning, attacks came mainly from relatively unsophisticated garage hackers motivated by activism or a technical challenge. But as the value of information and the systems that carry it increased, criminal groups and corporate spies driven by financial gain joined the ranks.

Now, with digital technologies such as 5G crucial to national infrastructure and security, they’ve become a target for those who have an interest in destabilizing nation states at a political or economic level.

5G Cybersecurity Training Bootcamp Course by Tonex

5G cybersecurity training bootcamp is a 4-day course that focuses on 5G cybersecurity issues and mitigation techniques.

The scope of this training is to leverage the 5G security features which are defined
in standards to provide enhanced cybersecurity capabilities addressing needs for service providers, network equipment manufacturers, software vendors and end-user devices. Participants will learn how to identify security characteristics of the underlying technologies and components of the supporting infrastructure required to effectively operate a 5G network.

5G technology will drive an overhaul of telecommunication networks with its mind-boggling promise. 5G Cybersecurity training Bootcamp is a combination of theoretical lectures and practical insight that helps participants gain in-depth knowledge about current and future state of 5G mobile technology, architecture, protocols and 5G cybersecurity.

5G networks will soon be at the core of mission-critical systems that facilitate the connectivity, automation and digitization of robots, machines, transportation systems and more. But also, cybersecurity experts predict 5G networks will be at center ring for bad actors around the planet to violate.

5G Cybersecurity Bootcamp is a combination of theoretical lectures and practical insight that helps participants gain in-depth knowledge about current and future state of 5G mobile technology, architecture, protocols and 5G cybersecurity.

Learning Objectives  

Upon the completion of 5G Cybersecurity Training Bootcamp, attendees will:

• Learn about the fundamental concepts of 5G systems
• List and discuss various 5G use cases
• Discuss differences and similarities between 5G and 4G LTE
• Discuss end-to-end 5G network architecture
• Describe 5G NR, 5GC: 5G core functions, architecture, AMF, Network Slicing, NG-RAN, SBA, SMF, UPF, SDN/VFN, Network Slicing, MEC, LTE-M, and 5G/NB-IoT
• Identify 5G operational scenarios, D2D, and signaling
• Discuss security architecture and procedures for 5G systems
• Explain 5G security issues, attacks and mitigation
• Learn about 5G pentesting and ethical hacking method using GNU Radio, hackRF one and other mechanisms (Demos and Hands-on activities)

Audience:

• Telecom and Network Professionals
• Cybersecurity Specialists
• Government and Regulatory Authorities
• IoT (Internet of Things) Developers and Integrators
• Corporate IT Managers and Decision-Makers
• Academia and Researchers
• Anyone Interested in 5G Security

Course Agenda

Overview of the 5G Mobile Network

• Overview of 5G
• Overview of 3GPP Release 16
• 5G Network/transport
• 5G Node/platform
• 5G Application and Services
• 5G Vs. 5GE Vs. 4G LTE
• 5G Use Cases
• Enhanced Mobile Broadband
• Connected Vehicles
• Enhanced Multi-Media
• Massive Internet of Things
• Ultra-Reliable Low Latency Applications
• Fixed Wireless Access

The 5G System Survey

• Principles of 5G Core (5GC)
• Principles of 5G New Radio (5G NR)
• NR, gNB, NG-RAN and 5GC
• NG RAN
• Dual Connectivity options

5G RAN and Core Architecture Overview

• Changes and Improvements Compared to 4G
• CP/UP Split
• NW Slicing
• Key Network Functions
• Network Connectivity
• Service-Based Architecture (SBA)
• Network interfaces and services
• Network Exposure Function
• Protocols
• Control and User Plane separation
• Modularization
• Virtualization
• Service-based Architecture (SBA)
• Network Slicing
• NFV and SDN
• Multi-Access Edge Computing (MEC)
• Network Slicing
• Benefits of network slicing
• Network Slice Selection Function
• Interworking with 4G EPC
• 5G Protocol Stack (OSI-based)
• Quick Compare: Verizon, AT&T, T-Mobile, Sprint, others
• Virtualizing the 5G Network Core and use Mobile Edge Computing (MEC)

5G Identifiers

• Subscription Permanent Identifier (SUPI)
• Subscription Concealed Identifier (SUCI)
• Subscription Identification Security
• Permanent Equipment Identifier
• Subscription Identifier De-concealing Function
• 5G Globally Unique Temporary Identifier

5G Evolution of RAN and Core Network

• 5G Core Architecture
• 5G Service Based Architecture SBA
• Network Functions (NFs)
• Access and Mobility Management function (AMF)
• Control Plane Model Layer (CPML)
• Hardware Abstraction Layer (HAL)
• Composable Network Application Processor (CNAP)
• Session Management function (SMF)
• 5G User Plane Function (UPF)
• Policy Control Function (PCF)
• Authentication Server Function (AUSF)
• Unified Data Management (UDM)
• Application Function (AF)
• Network Exposure function (NEF)
• NF Repository function (NRF)
• Network Slice Selection Function (NSSF)
• NETCONF and YANG for control of all Integrated Control Plane
• Evolution of Mobile Base Stations
• Multi-access Edge Computing (MEC)

5G Operational Procedures

• Network Operation: Registration of UE
• Authentication
• Security framework
• UE states
• Procedure for using subscription temporary identifier
• Subscriber privacy
• Secure steering of roaming
• UE-assisted network-based detection of false base station
• Network redundancy in 5G core and network slicing
• PDU Session Establishment
• Components of PDU session
• IP and Ethernet addressing
• 5G-NR Call Flows
• 4G-5G dual connectivity
• 5G-NR Non Standalone Access Flow (EN-DC)
• 5G-NR Standalone Access Registration Flow
• Non-Standalone NR Security

Device to Device Communication (D2D)

• Receiver Synchronization
• Secure D2D Communication in 5G Networks
• Security Issues with D2D
• D2D Security Threats

Overview of Security Architecture in 3GPP

• 3GPP security standards
• Security Functions for 5G
• Increased home control
• Unified authentication framework
• Security Anchor Function (SEAF)
• Subscriber identifier privacy

Overview of 5G Security Architecture

• 5G Security domains
• Security entity at the perimeter of the 5G Core network
• Security entities in the 5G Core network
• Requirements for e2e core network interconnection security
• Authentication framework
• Granularity of anchor key binding to serving network
• Mitigation of bidding down attacks
• Service requirements

Security Requirements and Features

• General security requirements
• Requirements on the UE
• Requirements on the gNB
• Requirements on the ng-eNB
• Requirements on the AMF
• Requirements on the SEAF
• Requirements on the UDM
• Core network security
• Trust boundaries
• Visibility and configurability
• Requirements for algorithms, and algorithm selection

Security Procedures between UE and 5G Network Functions

• Primary authentication and key agreement
• Authentication framework
• Key hierarchy, key derivation, and distribution scheme
• Security contexts
• NAS security mechanisms
• RRC security mechanisms
• Security algorithm selection, key establishment and security mode command procedure
• Security handling in state transitions
• Security handling in mobility
• Dual connectivity
• Security handling for RRC connection re-establishment procedure
• Subscription identifier privacy
• UE parameters update via UDM control plane procedure security mechanism
• Security for non-GPP access to the 5G core network
• Authentication for Untrusted non-GPP Access
• Security of interworking
• Registration procedure for mobility from EPS to 5GS over N26
• Handover procedure from 5GS to EPS over N26
• Handover from EPS to 5GS over N26
• Security procedures for non-service based interfaces
• Security aspects of IMS emergency session handling
• Security procedures between UE and external data networks via the 5G Network
• Security aspects of Network Exposure Function (NEF)
• Service Based Interfaces (SBI)
• Services provided by AUSF
• Services provided by UDM
• Services provided by NRF
• Management security for network slices

Evolution of the Trust Model

• Trust Model
• user equipment (UE)
• Tamper proof universal integrated circuit card (UICC)
• Universal Subscriber Identity Module (USIM)
• The Radio Access Network (RAN)
• gNB the 5G base-station
• Distributed Units (DU) and Central Units (CU)
• 3GPP 5G Security
• Trust model of non-roaming scenario.
• Trust model of roaming scenario

5G Threat Attacks and Surface

• IoT threat surface with 5G
• 5G threat surface for massive IoT
• UE threats
• Ran threats
• Rogue base station threat
• Subscriber privacy threats
• Core network threats
• Network slicing threats
• NFV and SDN threats
• Interworking and roaming threats
• Mitigation controls for 5G network, IoT threat mitigation & detection and
• Mitigation of DDoS attacks
• 5G network threat mitigation
• IoT threat mitigation
• IoT device
• Security requirements for 5G network massive IoT threats
• Detection of DDoS attacks against the 5G RAN
• Mitigation of DDoS attacks against the 5G RAN
• Protecting 5G networks against DDoS and zero day attacks

5G Security Key Hierarchy

• The long term secret key (K) provisioned in the USIM and the 5G core network
• Serving network specific anchor key (KSEAF) derived from K
• The key hierarchy of 5G
• K, Cipher Key (CK) and
• Integrity Key (IK), KAUSF, KSEAF, KAMF, KNASint, KNASenc, KN3IWF,
• KgNB, KRRCint, KRRCenc, KUPint and KUPenc
• Algorithms for ciphering and integrity protection
• Null ciphering and integrity protection algorithms

Ciphering Algorithms

• 128-bit Ciphering algorithms
• 128-NEA1
• 128-NEA2
• 128-NEA3

Integrity Algorithms

• 128-Bit integrity algorithms
• Inputs and outputs
• 128-NIA1
• 128-NIA2
• 128-NIA3

Test Data for the Security Algorithms

• 128-NEA1
• 128-NIA1
• 128-NEA2
• 128-NIA2
• 128-NEA3
• 128-NIA3

Tonex 5G Training Courses and Educational Programs

5G Cybersecurity Bootcamp