Length: 2 Days
VoLTE Security Training by TONEX
VoLTE Security Training covers all VoLTE security and insecurity aspects of voice, video and multimedia solutions in LTE, EPC and IMS networks. Voice over LTE (VoLTE) is an integrated and essential foundation for the future of mobile service provider business models in transition from 2G and 3G networks to LTE and VoLTE. Migration to VoLTE will have performance, interoperability, security, signaling, and billing challenges for the mobile operators and need to be addressed.
TONEX VoLTE Security Training provides essential knowledge and skills for engineers and non-engineers who are concerned on LTE, EPC, IMS and VoLTE security, insecurity and performance.
VoLTE (Voice-over-LTE) as the designated voice solution to the LTE mobile network using EPC and IMS networks has to address VoLTE security before full rollout. Learn about several vulnerabilities in both LTE, EPC and IMS control plane and user plane functions, which can be exploited to disrupt both data and voice services in operational networks.
Learn how to validate attacks using commodity smartphones/UE (rooted and unrooted) in international mobile carriers: UE OS and chipset, prohibit non-VoLTE apps from accessing, injecting packets into VoLTE control and data planes, IPv6 attacks and more. Does LTE, EPC, IMS network infrastructure lacks proper access control and runtime check?
Who Should Attend?
IT managers, network engineers, telecom managers, security managers, IT auditors, project managers, analysts, security engineers, security administrators, or any technical professional working with or planning to work with commercial and government based VoLTE technologies including: Security professionals, incident handling teams, penetration testers, auditors, network security planning teams, network administrators, IT and telecom engineers, and IT security management. This course is also beneficial for the homeland security community, DoD and crime prevention/investigation officers.
Learning Objectives
Upon completion of VoLTE training bootcamp, the participants will:
- Understand LTE, IMS and VoLTE
- Learn VoLTE security issues
- Identify VoLTE security features
- Evaluate VoLTE security
- Understand the threats and security holes with VoLTE call control protocols
- Identify IMS and SIP Security Features and learn how to configure and administer those features
- Learn SIP security issues including Port usage risk, firewall inspection, and NAT configurations
- Examine VoLTE best practices to support risk mitigation
- Examine VoLTE management tools and best practices to support risk mitigation
- Learn how NAT, STUN, TURN, ICE, IMS security nodes and firewalls impact call setup, media streams, latency, and application level gateway
- Understand SIP NAT Traversal
- Examine how to overcome NAT issues using STUN, TURN, and ICE
- Examine cryptographic protocols, Datagram Transport Layer Security (DTLS) protocol, Secure Real-time Transport Protocol (SRTP) protocol and Session Description Protocol Security Descriptions (SDES) protocol
Course Topics
Overview of Voice over LTE (VoLTE)
- Traditional Mobile Systems
- VoLTE network architecture
- VoLTE protocols
- VoLTE signaling, media and supporting protocols
- VoLTE support protocols
- VoLTE proprietary protocols
- VoLTE media protocols
VoLTE Security Issues
- VOLTE Risks, Threats, and Vulnerabilities
- Confidentiality and Privacy
- Integrity Issues
- Availability and Denial of Service
- Proxy Servers
- Encryption Issues and Performance
- Existing Security Features within the SIP Protocol
- Authentication of Signaling Data using HTTP Digest Authentication
- S/MIME Usage within SIP
- Confidentiality of Media Data
- TLS usage within SIP
- IPSEC usage within SIP
- Security Enhancements for SIP
- VoLTE scenarios through protocols
- Application-Layer Gateways (ALG’s)
- Session Border Controllers (SBC’s)
VoLTE Attack Vectors
- Mobile network to the attacker
- VoLTE Security Threat Overview
- LTE, IMS, IP and Voice Network Designs
- Types of attacks
- Denial of Service (DOS)
- TCP/IP insecurity
- Eavesdropping
- Sniffing/Snooping/Wiretapping
- Quality of Service Issues
- Quality of Service Implications for Security
- Best Practices
- Hacking terminal equipment identity (IMEI) of a called party
- Leaking geolocation information of a callee
- P-CSCF and Session Border Controller (SBC)
- DDOS attack from mobile terminals
- Dealing with Attacks
- Integrity, Confidentiality, Authentication and Non-repudiation
- Eavesdropping
- Jamming
- Active modification
- Toll stealing
- Unauthorized Access
- Toll Fraud
- Application Layer Attack Mitigation
- Secure VoLTE protocols
- DTLS, S/MIME, SIP over IPSec, and SIP identity
- VoLTE supporting infrastructure
VoLTE Defense and Mitigation
- Hardened SBC DDOS handling
- SIP INVITE phone number enumeration
- INVITE rate-limiting function
- Embed information in SDP
- Limit the size of SDP
- Source ID spoofing
- Policing by SBC
Topology leak on key SIP headers - SBC strips out unnecessary headers
- Leaking IMEI information
- Uniform Resource Name (URN) pattern
- Excluding information on responses
- Geolocation information
- IMS implementations
- Cell ID of the callee
- P-Access-Network-Info header of responses
- SBC strips out unnecessary headers
- VoLTE Network Security Design
Secure VoLTE Protocols
- VLANs, port security controls, and 802.1x/EAP
- SIP MD5 authentication, Secure SIP (SIPS or SIP/TLS)
- SIP over DTLS, S/MIME
- SIP over IPSec, and SIP identity
- Media protocols
- SRTP, SDES, secure call recording, and RTP over IPSec
- Key-exchange protocols
- MIKEY, SDescriptions, ZRTP, and DTLS-SRTP
- Man-in-the-Middle (MitM), port scanning, and banner grabbing
- ARP spoofing and MitM attacks
- VoLTE signaling attacks: (SIP-based)
- VoLTE Media Attacks: (RTP-based)
- RTP eavesdropping
- Voice conversations and DTMF tones
- RTP recording
- RTP manipulation
- Replacing, inserting, and mixing audio in standard and MitM scenarios
- Signaling plane
- Call setup and tear down
- Gateways and endpoints
- Management plane
VoLTE Security and Audit Policies
- Policy Creation
- Policy Conformance
- Incident Handling
- Auditing Standards and Certifications
- Basic Auditing and Assessing Strategies
- The Six-Step Audit Process