Length: 4 Days
Print Friendly, PDF & Email

5G Cybersecurity Bootcamp

There are many technologies powering what’s become known as the Fourth Industrial Revolution – everything from robotics and artificial intelligence (AI) to virtual reality (VR) and the Internet of Things (IoT).

And all of them are being given a push forward by 5G.

While this new world technology called 5G is exciting and fecund with possibilities, it also is a source of much trepidation for security experts who fear 5G will encounter an inordinate number of cybersecurity challenges.

At issue is the vast amount of sensitive data that will be transmitted across 5G networks in order to take advantage of its upgraded architecture. That and the massive interconnectivity of IoT (Internet of Things) devices that offer many more points of entry for cybercriminals.

Cybersecurity professionals pretty much agree that as more sensitive data is transmitted across the network and more mission-critical applications become reliant on 5G, the risk of an attack, service outage or state-sponsored surveillance operation becomes increasingly unpalatable.

Insecure infrastructure – either by accident or design – is simply too great a risk to contemplate.

Mobile operators have answered the bell somewhat by ensuring security is built into the fabric of their 5G networks rather than as an afterthought (as was the case with 4G).

But wireless security experts say that’s not enough and believe there are key 5G protections to zero in on, including:

  • Detect Anomalies
  • Stop and Fix Advanced Malware
  • Prevent Threats
  • Make Threat Intelligence Paramount
  • Incorporate DNS Intelligence

Many organizations worldwide are tackling the issue of cybersecurity in the 5G era. This includes the 3rd Generation Partnership Project, a standards organization that develops protocols for mobile telephony.

5G Cybersecurity Bootcamp Course by Tonex

5G Cybersecurity Bootcamp is a combination of theoretical lectures and practical insight that helps participants gain in-depth knowledge about current and future state of 5G mobile technology, architecture, protocols and 5G cybersecurity.

Learning Objectives  

Upon the completion of 5G Fundamentals training, attendees will:

  • Learn the fundamental concepts of 5G system
  • List and discuss various 5G use cases
  • Discuss differences and similarities between 5G (Release 16) and 4G LTE-Advanced Pro
  • Discuss end-to-end 5G network architecture
  • Describe 5G NR, 5GC: 5G core functions, architecture, AMF, Network Slicing, NG-RAN, SBA, SMF, UPF
  • SDN/VFN, Network Slicing, MEC, LTE-M, 5G/NB-IoT
  • Identify 5G operational scenarios, D2D, and signaling
  • Discuss Security architecture and procedures for 5G systems
  • Explain 5G security issues, attacks and mitigation

Course Agenda

Overview of the 5G Mobile Network

  • Overview of 5G
  • Overview of 3GPP Release 16
  • 5G Network/transport
  • 5G Node/platform
  • 5G Application and Services
  • 5G Vs. 5GE Vs. 4G LTE
  • 5G Use Cases
  • Enhanced Mobile Broadband
  • Connected Vehicles
  • Enhanced Multi-Media
  • Massive Internet of Things
  • Ultra-Reliable Low Latency Applications
  • Fixed Wireless Access

The 5G System Survey

  • Principles of 5G Core (5GC)
  • Principles of 5G New Radio (5G NR)
  • NR, gNB, NG-RAN and 5GC
  • NG RAN
  • Dual Connectivity options

5G RAN and Core Architecture Overview

  • Changes and Improvements Compared to 4G
  • CP/UP Split
  • NW Slicing
  • Key Network Functions
  • Network Connectivity
  • Service-Based Architecture (SBA)
  • Network interfaces and services
  • Network Exposure Function
  • Protocols
  • Control and User Plane separation
  • Modularization
  • Virtualization
  • Service-based Architecture (SBA)
  • Network Slicing
  • NFV and SDN
  • Multi-Access Edge Computing (MEC)
  • Network Slicing
  • Benefits of network slicing
  • Network Slice Selection Function
  • Interworking with 4G EPC
  • 5G Protocol Stack (OSI-based)
  • Quick Compare: Verizon, AT&T, T-Mobile, Sprint, others
  • Virtualizing the 5G Network Core and use Mobile Edge Computing (MEC)

5G Identifiers

  • Subscription Permanent Identifier (SUPI)
  • Subscription Concealed Identifier (SUCI)
  • Subscription Identification Security
  • Permanent Equipment Identifier
  • Subscription Identifier De-concealing Function
  • 5G Globally Unique Temporary Identifier

5G Evolution of RAN and Core Network

  • 5G Core Architecture
  • 5G Service Based Architecture SBA
  • Network Functions (NFs)
  • Access and Mobility Management function (AMF)
  • Control Plane Model Layer (CPML)
  • Hardware Abstraction Layer (HAL)
  • Composable Network Application Processor (CNAP)
  • Session Management function (SMF)
  • 5G User Plane Function (UPF)
  • Policy Control Function (PCF)
  • Authentication Server Function (AUSF)
  • Unified Data Management (UDM)
  • Application Function (AF)
  • Network Exposure function (NEF)
  • NF Repository function (NRF)
  • Network Slice Selection Function (NSSF)
  • NETCONF and YANG for control of all Integrated Control Plane
  • Evolution of Mobile Base Stations
  • Multi-access Edge Computing (MEC)

5G Operational Procedures

  • Network Operation: Registration of UE
  • Authentication
  • Security framework
  • UE states
  • Procedure for using subscription temporary identifier
  • Subscriber privacy
  • Secure steering of roaming
  • UE-assisted network-based detection of false base station
  • Network redundancy in 5G core and network slicing
  • PDU Session Establishment
  • Components of PDU session
  • IP and Ethernet addressing
  • 5G-NR Call Flows
  • 4G-5G dual connectivity
  • 5G-NR Non Standalone Access Flow (EN-DC)
  • 5G-NR Standalone Access Registration Flow
  • Non-Standalone NR Security

Device to Device Communication (D2D)

  • Receiver Synchronization
  • Secure D2D Communication in 5G Networks
  • Security Issues with D2D
  • D2D Security Threats

Overview of Security Architecture in 3GPP

  • 3GPP security standards
  • Security Functions for 5G
  • Increased home control
  • Unified authentication framework
  • Security Anchor Function (SEAF)
  • Subscriber identifier privacy

Overview of 5G Security Architecture

  • 5G Security domains
  • Security entity at the perimeter of the 5G Core network
  • Security entities in the 5G Core network
  • Requirements for e2e core network interconnection security
  • Authentication framework
  • Granularity of anchor key binding to serving network
  • Mitigation of bidding down attacks
  • Service requirements

Security Requirements and Features

  • General security requirements
  • Requirements on the UE
  • Requirements on the gNB
  • Requirements on the ng-eNB
  • Requirements on the AMF
  • Requirements on the SEAF
  • Requirements on the UDM
  • Core network security
  • Trust boundaries
  • Visibility and configurability
  • Requirements for algorithms, and algorithm selection

Security Procedures between UE and 5G Network Functions

  • Primary authentication and key agreement
  • Authentication framework
  • Key hierarchy, key derivation, and distribution scheme
  • Security contexts
  • NAS security mechanisms
  • RRC security mechanisms
  • Security algorithm selection, key establishment and security mode command procedure
  • Security handling in state transitions
  • Security handling in mobility
  • Dual connectivity
  • Security handling for RRC connection re-establishment procedure
  • Subscription identifier privacy
  • UE parameters update via UDM control plane procedure security mechanism
  • Security for non-GPP access to the 5G core network
  • Authentication for Untrusted non-GPP Access
  • Security of interworking
  • Registration procedure for mobility from EPS to 5GS over N26
  • Handover procedure from 5GS to EPS over N26
  • Handover from EPS to 5GS over N26
  • Security procedures for non-service based interfaces
  • Security aspects of IMS emergency session handling
  • Security procedures between UE and external data networks via the 5G Network
  • Security aspects of Network Exposure Function (NEF)
  • Service Based Interfaces (SBI)
  • Services provided by AUSF
  • Services provided by UDM
  • Services provided by NRF
  • Management security for network slices

Evolution of the Trust Model

  • Trust Model
  • user equipment (UE)
  • Tamper proof universal integrated circuit card (UICC)
  • Universal Subscriber Identity Module (USIM)
  • The Radio Access Network (RAN)
  • gNB the 5G base-station
  • Distributed Units (DU) and Central Units (CU)
  • 3GPP 5G Security
  • Trust model of non-roaming scenario.
  • Trust model of roaming scenario

5G Threat Attacks and Surface

  • IoT threat surface with 5G
  • 5G threat surface for massive IoT
  • UE threats
  • Ran threats
  • Rogue base station threat
  • Subscriber privacy threats
  • Core network threats
  • Network slicing threats
  • NFV and SDN threats
  • Interworking and roaming threats
  • Mitigation controls for 5G network, IoT threat mitigation & detection and
  • Mitigation of DDoS attacks
  • 5G network threat mitigation
  • IoT threat mitigation
  • IoT device
  • Security requirements for 5G network massive IoT threats
  • Detection of DDoS attacks against the 5G RAN
  • Mitigation of DDoS attacks against the 5G RAN
  • Protecting 5G networks against DDoS and zero day attacks

5G Security Key Hierarchy

  • The long term secret key (K) provisioned in the USIM and the 5G core network
  • Serving network specific anchor key (KSEAF) derived from K
  • The key hierarchy of 5G
  • K, Cipher Key (CK) and
  • Integrity Key (IK), KAUSF, KSEAF, KAMF, KNASint, KNASenc, KN3IWF,
  • KgNB, KRRCint, KRRCenc, KUPint and KUPenc
  • Algorithms for ciphering and integrity protection
  • Null ciphering and integrity protection algorithms

Ciphering Algorithms

  • 128-bit Ciphering algorithms
  • 128-NEA1
  • 128-NEA2
  • 128-NEA3

Integrity Algorithms

  • 128-Bit integrity algorithms
  • Inputs and outputs
  • 128-NIA1
  • 128-NIA2
  • 128-NIA3

Test Data for the Security Algorithms

  • 128-NEA1
  • 128-NIA1
  • 128-NEA2
  • 128-NIA2
  • 128-NEA3
  • 128-NIA3

 

5G Cybersecurity Bootcamp

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.