5G Wireless Security Training

Today, we see a world ignited by the fast-paced technology of mobile broadband, first experienced with 4G a decade ago. The world is now seeing the next generation rollout of 5G services. We can expect a lot, because there is a more ambitious agenda and higher expectations of how 5G services will change our daily lives.

Mobile security began with 2nd generation systems. That is also where this Mobile Security and Technical Overview of the 5G System Training course begins. This course is designed for individuals who already have a good understanding of how mobile cellular services function. The goal of this course is to expand on how security technology and protocols have evolved from the early 90s to today’s 5G services.  This Mobile Security and Technical Overview of the 5G System Training course leverages legacy standards, showing how ideas and concepts were used to construct security standards. Each generation of mobile security standards influenced the next. As flaws were discovered in the design of these older security protocols, security experts learned important lessons, continuing to develop more secure systems and better methodologies to protect data against cybercrime.

The main security focus of this Mobile Security and Technical Overview of the 5G System Training course is on 4G and 5G systems. These two generations will remain tightly intertwined, well into the next decade. However, 5G mobile networks are only a part of the security landscape. There are older, reliable underpinnings of mobile security that are rapidly changing deployment models for massive Machine Type Communications (mMTC).

Another complex topic, covered in this Mobile Security and Technical Overview of the 5G System Training course, are the multitude of subscriber and network identifiers used in mobile networks, with each generation, more complex schemes of identifiers are used. Many of these are required to increase the security measures for these newer standards.

In the past, cellular technology relied on the physical SIM card, securely containing the mobile operator’s security credentials. Now, with Over-The-Air (OTA) provisioning of embedded SIMs (eSIMs), things are changing rapidly. If the industry fails to provide robust security for these newer provisioning methods, it will create a security catastrophe. Countries around the world are experiencing the mass introduction of eSIMs, remote SIM provisioning and now, integrated SIMs (iSIMs). Coverage of these technologies are important subjects in this course.

The second half of this Mobile Security and Technical Overview of the 5G System Training course provides a technical overview of the 5G System (5GS), which is a key subject of the entire course.

Section 6 delves into the meaning of a Service Based Architecture (SBA), and why this is a big departure from all previous generations of mobile cellular technologies and standards.

Section 7 provides an overview of Software Defined Networks (SDN) and Network Function Virtualization (NFV). It describes how SDN and NFV are fundamental to the 5G Core (5GC) network architecture. Section 3 provides a detailed description of 5G Core Network functions. This section also provides an example of Vehicle to Anything (V2X) deployment model. It concludes with an overview of the Security Edge Protection Proxy (SEPP), which provides security between mobile operator roaming partner networks.

Section 8 provides extensive coverage of the 5G Radio Access Network (RAN), referred to as New Radio (NR). Some of the topics include the frequency bands defined for use with 5G NR, how Massive MIMO is being deployed in 5G NR, and duplexing modes & supplementary frequency bands.

Section 9 expands on the previous section’s topic by defining the Centralized-RAN, or C-RAN, for 5G. Since the 5G RAN includes macrocells and small cells, RAN architectures can very significantly, allowing for many different deployment options. This section provides key examples, using ladder diagrams to show the protocol flows used in 5G C-RANs.

Section 10, the final section, introduces the details of 5G security, which was previously introduced as a high-level topic earlier in the course. This section begins with the topic on Private/Public key pairs to demonstrate one of the most significant security procedures for 5G, the protection of the mobile’s IMSI, while attaching to the network. This is followed by a demonstration of the Subscription Concealed Identifier (SUCI) procedure, step-by-step. security algorithms, which many are brought forward from the LTE security architecture. A 5G Security overview is then provided, along with the Authentication and Key Agreement (AKA) procedure. Next, theh5G key hierarchy is shown in detail. The course wraps up with a summary of the security procedures and securing the communication between the access and core networks

5G Wireless Security TrainingDuration: 5 days

RESOURCES
RELATED COURSES
CUSTOMIZE It
  • We can adapt this 5G Wireless Security Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this 5G Wireless Security Training course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the 5G Wireless Security Training Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the 5G Wireless Security Training course in manner understandable to lay audiences.
AUDIENCE/TARGET GROUP

The target audience for this 5G Wireless Security Training course:

  • All
5G Wireless Security Training - CLASS PREREQUISITES

The knowledge and skills that a learner must have before attending this 5G Wireless Security Training course are:

  • Have previous experience in the field or classroom training on 2G and 3G networks
  • Have some experience or training with flow diagrams describing service connections
  • Have a thorough understanding of circuit-switched and packet-switched domains
  • Understand the differences between signaling (control) and user planes
  • Have a solid understanding of TCP/IP protocols and how packet network operate, in general
  • Have some background in the foundations of Information Security
  • Having a background in mobile cellular security is a plus, but is not necessary
5G Wireless Security Training - OBJECTIVES

Upon completing this 5G Wireless Security Training course, learners will be able to meet these objectives:

  • Trace the evolution in Radio Access Network (RAN) architectures for cellular networks, from the early standards through 5G
  • List the features in a 5G Access Network and describe the advantages of the architecture
  • Understand the structure of the 3GPP’s three Technical Specification Groups (TSGs), and how to locate specific specifications when needed
  • See the changes to the RAN architecture, from 2G to 5G, and describe how the significant changes have improved cell coverage and security
  • List the three major International Mobile Telecommunications requirements, produced by the ITU=R that served as a blueprint for 3G, 4G and 5G mobile systems
  • Describe the features and weaknesses of 2G GSM & 2.5G GPRS mobile security
  • Describe the features and weaknesses of 3G UMTS mobile security
  • Describe the features and weaknesses of 4G LTE mobile security
  • Describe the features and potential concerns for 5G mobile security
  • List the authentication vectors introduced in 3G UMTS and describe the function of each
  • List the authentication vectors introduced in 4G LTE and describe the function of each
  • Describe how authentication procedures developed for 3G influenced the 4G design, and how 4G has influenced 5G authentication
  • Define the mechanisms used for encryption of mobile traffic and describe the significant changes made with each generation
  • List the LTE security stratums and the functions that are performed over each
  • Describe each of the three NAS Layer states in LTE
  • Define each of the 5G Phase-I security tasks
  • Describe the two phases of 5G security and the use cases they affect
  • Diagram the security functions in the 5G architecture
  • Describe the differences between the two Authentication and Key Agreement (AKA) mechanisms defined for 5G Access Networks
  • Sketch the security trust model for 5G networks and describe the concepts behind the design
  • Explain the 5G key hierarchy used and the increased security protection it provides, compared with the key hierarchy used in 4G
  • Define the structure for the Integrated Circuit Card Identifier (ICCID), used to uniquely identify SIMs
  • Describe the structure for the International Mobile Subscriber Identity (IMSI), and know how to perform global lookups
  • Describe the structure of the Temporary Mobile Subscriber Identity (TMSI)
  • Describe the structure of the International Mobile Equipment Identity (IMEI)
  • List the global network and subscriber identifiers used in 2G/2.5G networks
  • List the global network and subscriber identifiers used in 3G networks
  • List the global network and subscriber identifiers used in 4G networks
  • List the global network and subscriber identifiers used in 5G networks
  • Describe the function of mobility management for 3G, 4G, and 5G networks
  • Define the two Subscription Permanent Identifier (SUPI) formats used in 5G
  • Define the 5G Permanent Equipment Identifier (PEI) formats used for 5G devices
  • Define the Structure of Subscription Concealed Identifier (SUCI) and explain its use
  • List the steps involved with how the UE conceals the SUPI and how the UDM in the network de-conceals it
  • Understand how 4G and 5G GUTIs are mapped when an inter-RAT handover is performed for a UE between LTE and 5G networks
  • Describe the difference between the two output schemes used for the Elliptic Curve Integrated Encryption (ECIES)
  • Describe two types of Fixed Network Residential Gateways (FNRGs) that are supported for 5G Fixed Mobile Convergence (FMC)
  • Define the logical structure for the UICC
  • Describe the different Applications Toolkits (SDKs) for SIMs (2G, 3G, 4G, 5G)
  • Describe the Universal SIM (USIM) used in 3G, 4G and 5G devices
  • Define the properties of an embedded SIM (eSIM), and its primary uses
  • List the different SIM file types and related security conditions
  • Describe the differences between M2M and IoT technologies
  • Describe the process that was developed for remote provisioning of SIMs
  • Understand how consumer remote eSIM provisioning differs from M2M IoT provisioning
  • Describe the basic architecture of the integrated SIM (iSIM) and explain how it differs from eSIMs
5G Wireless Security Training - COURSE SYLLABUS
How 5G is Changing Mobile Security
Global Standardization of Mobile Cellular Networks
  • Rationale Behind 2G to 4G Security
  • ITU Radiocommunications Sector (ITU-R)
  • IMT Mobile Cellular Developments and Deployments
  • World Radio Conferences (WRCs)
  • Wireless Spectrum in Demand by Mobile Network Operators
  • GSM/GPRS & UMTS Interfaces and Nodes
  • Overview of 3GPP and its Organizational Structure
  • 3GPP Technical Specification Groups (TSGs)
  • 4th Generation Mobile Cellular Service
  • 4G LTE Basic Architecture
  • The IP Multimedia Subsystem (IMS) Architecture
  • Heterogeneous Networks (HetNets): 5G Network Deployments
  • 5G Transport Architecture
  • 5G International Mobile Telecommunications 2020
  • 5G Use Cases and Cellular Network Services
  • 5G Requirements
Concepts of Basic Information Security (InfoSec)
  • 2G: GSM Security
    1. GSM Subscriber Identity Modules (SIMs)
    2. GSM Authentication
    3. GSM Encryption
  • Security Vulnerabilities with GSM Networks
  • Overview of 3G UMTS Security
    1. UMTS Security Features
    2. Generating UMTS Authentication Vectors (AVs)
    3. UMTS Mutual Authentication Process
    4. USIM-Based Encryption for UMTS
    5. UMTS Key Distribution for Encryption
    6. Security Vulnerabilities with UMTS Networks
  • Overview of 4G LTE Security
  • LTE Security Stratums
  • Generating Authentication Vectors (AVs) in LTE
  • Overview of 4G LTE Security
  • LTE Security Stratums
  • Generating Authentication Vectors (AVs) in LTE
  • LTE Key Hierarchy
  • LTE Security Procedures:
    1. Authentication
    2. NAS Security Setup
    3. AS Security Setup
  • Mobile Security Architecture Evolution: 2G Through 4G
  • Security Threats and Vulnerabilities for LTE
  • Overview of 5G Security
  • Security Functions in 5G Architecture
  • Authentication and Key Agreement (AKA) within a 5G System
  • Security Trust Model for 5G Networks
  • Non-Standalone (NSA) Security
  • 5G Key Hierarchy
Identifiers Used in Mobile Cellular Networks
  • Integrated Circuit Card Identifier (ICCID) Unique Global Identifier for each SIM
  • Unique Global Identifiers used in 2G, 3G, 4G, and now 5G: International Mobile Subscriber Identity (IMSI)
  • Temporary Mobile Subscriber Identity (TMSI)
  • Unique Global Identifiers used in 2G, 3G, 4G, and now 5G: International Mobile Equipment Identities (IMEIs)
  • GSM Global Identifiers: Four Parameters
  • System Aspects of 3G UMTS Mobility Management
  • 3G Registration Area Definitions for Paging & Mobility Management
  • LTE Non-Access Stratum (NAS) Layer States
  • EPS Connection Management (ECM) RRC Layer States
  • 4G LTE Identifiers
  • Overview of 5G Subscriber Related Identities
  • State Transitions Between EMM and ECM: Assigning GUTI and C-RNTI for UE Identification by the LTE Network
  • Overview of 5G Subscriber Related Identities
  • 5G Subscriber Permanent Identifier (SUPI) Formats
  • Structure of Subscription Concealed Identifier (SUCI)
  • Concealing the Subscriber Permanent Identifier (SUPI)
  • 5G Permanent Equipment Identifier (PEI)
  • Structure of the 5G-GUTI and the 5G-S-TMSI
  • 5G Network Related Identities
  • Inter-RAT Handovers: Mapping the 4G-GUTI to 5G-GUTI
  • 5G Fixed Mobile Convergence (FMC)
The Evolution of Subscriber Identity Modules (SIMs)
  • Universal Integrated Circuit Card (UICC) Logical Structure
  • Application Toolkits for SIMs
  • USIM Application Toolkit (USAT) Features
  • USIM Application Toolkit (USAT): Location Information
  • Characteristics of the Universal Integrated Circuit Card (UICC)
  • Expanding Terminology for SIMs
  • Embedded eSIM (eUICC)
  • Mobile Security: Distribution of Shared Secret Keys
  • Mobile Security: Distribution of Shared Secret Keys
  • File Types and Related Security Access Conditions
  • Typical SIM Card File System Structure for GSM (2G)
  • Universal SIM (USIM) File System Structure for 3G, 4G & 5G Access
  • IMS Application Data File (ISIM)
  • USIM File System Structure: Security, Unique Subscriber Identity and Service Table
  • USIM Card File System Structure for 5G
  • Combination SIM (Combi SIM) Slots for Smartphones
Provisioning SIMs and Embedded SIMs (eSIMs)
  • The Difference Between M2M and IoT
  • MFF2 SIM Linear Distribution & Subscription Model for M2M
  • Issues with using MFF2 SIMs for M2M Devices
  • How eSIMs are Changing the Market
  • Introduction to Embedded SIMs (eSIMs)
  • Overview of eUICC Service Provider Profiles
  • Remote Provisioning using eSIMs
  • Two Remote Provisioning Methods for Operational Profiles
  • Two Provisioning Models for eSIMs
  • GSMA’s M2M Remote Provisioning Architecture
  • GSMA’s Consumer Remote Provisioning Architecture
  • How Consumer Remote SIM Provisioning Works
  • eUICC Architecture Overview
  • Operator Profile Download and Installation Flow
  • The Integrated SIM (iSIM)
The 5G System (5GS) – Service Based Architecture (SBA)
  • Submission of initial 5G description for IMT-2020
  • LTE-M & NB-IoT Introduced in 4G LTE-Advanced
  • 3GPP Release Timeline for Specifications
  • 5G Performance and Flexibility Enables New Use Cases
  • Technical Requirements for 5G
  • 5G-PPP KPI Evaluation of Use Cases
  • Attack Surfaces Open with Interconnections Between CS Domain and Internet
  • Overview of 5G Access and Core Networks
  • EPC migration to Control & User Plane Separation (CUPS)
  • Mapping EPC Functions to 5G CN Functions
  • LTE Network Security Issues with the Diameter Protocol
  • LTE Network Security Issues with the Diameter Protocol
  • Reference Point Representation of the 5G Core
  • 5G System (5GS) Service Based Architecture (SBA)
  • Introduction to Multi-Access Edge Computing (MEC)
  • Multi-Access Edge Computing (MEC) in 5G
  • Expected Edge Evolution
  • Service Based Architecture (SBA) Service Framework
  • Non-Stand Alone (NSA) Architecture
  • 5G Standalone Architecture (SA)
  • 5G NR Architecture Deployment Options
  • LTE-NR Dual Connectivity with Carrier Aggregation
  • Next Generation Satellites and 5G: SaT5G
SDN and NFV Fundamental to the 5G Core Architecture
  • Major Trends in Mobile Networking
  • 5G Mobile Network Architecture
  • SDN in NFV Architectural Framework
  • Development of Software Defined Networks:
    1. Intro to Software Defined Networks (SDNs)
    2. Northbound and Southbound Interfaces Defined for SDN

Application Program Interface (API) Defined

  1. SDN Control and User Planes
  2. SDN Provides Scale and Resiliency

Intro to Network Functions Virtualization (NFV) Traditional Switches & Routers

    1. Switch Virtualization with Open vSwitch
    2. Network Functions Virtualization (NFV) Framework

NFV Infrastructure – NFVI Layers

  1. Virtual Network Function (VNF)
  2. Management and Network Orchestration (MANO)
  • 4G LTE Core Network Virtualization
  • Technology Breakthrough with RAN Architecture
  • RAN Virtualization Forms for 5G Networks
  • SDN/NFV used in 5G Network Architecture
5G Core Functions
  • 5G System (5GS)
  • User Plane Function (UPF)
  • Access and Mobility Management Function (AMF)
  • Session Management Function (SMF)
  • Policy Control Function (PCF)
  • Unified Data Management (UDM)
  • Unified Data Repository (UDR)
  • Application Function (AF)
  • Authentication Server Function (AUSF)
  • Network Slicing Explained
  • Network Slice Selection Function (NSSF)
  • Introduction to the Service Capability Exposure Function (SCEF)
  • Network Exposure Function (NEF)
  • Network Repository Function (NRF)
  • Simplified Example of 5G API Calls
  • NFs Offer Services to other NFs in a Structured Way
  • V2X Deployment Model
  • Security Edge Protection Proxy (SEPP):
    End-to-End HTTP/2 Roaming Architecture
  • 5GS Roaming Architecture – Local Break Out (LBO)
    1. Service Based Interface Representation
    2. Reference Point Representation
  • 5GS Roaming Architecture – Home Routed (HR)
    1. Service Based Interface Representation
    2. Reference Point Representation
5G Radio Access Network (5G RAN)
  • 5G Control/User Plane Split and New Radio (NR) Interface
  • 5G User Plane (UP) Protocol Stack
  • 5G Control Plane (CP) Protocol Stacks
  • New Multiple Access Schemes for NR
  • Higher Order Modulation Rates Supported with 5G NR
  • 5G NR Frame and Bandwidth Numerologies
  • Frame Slots for Different Numerology Configurations
  • Massive Multiple-Input Multiple-Output (MIMO)
  • Frequency Ranges for 5G New Radio (NR)
    1. FR1 Frequency Division Duplex (FDD) Frequency Bands
    2. FR1 Time Division Duplex (TDD) Frequency Bands

FR2 Time Division Duplex (TDD) Frequency Bands

  1. Supplementary Uplink (SUL) Frequency Bands
  2. Supplementary Downlink (SDL) Frequency Bands
  • CBRS Tiered User Classes and Frequency Spectrum
  • Using Unlicensed Spectrum for 5G NR (NR-U)
  • 5G Distributed & Centralized RAN Elements
  • 5G Xn – Control and User Plane Protocol Stacks
  • XnAP within the Xn-C (Control) Protocol Stacks
  • F1 Application Protocol (F1AP)
  • F1 Protocol Stack Split Between CU and DU
  • F1 Functional Split Options
  • Bandwidth Considerations for C-RAN
  • Quality of Service (QoS) Flows Across the Xn-User Plane (Xn-U)
Centralized-RAN (C-RAN) for 5G
  • Alternative Splitting Options for Centralized RAN Architecture
  • Alternative C-RAN Solutions: enhanced Common Public Radio Interface (eCPRI)
  • Multiple Splits Can Be Adopted by Service Providers: Combining 3GPP (Option 2) and eCPRI (Option 6 or 7)
  • IEEE 1914: Next Generation Fronthaul Interface (NGFI)
  • Other Alternatives for C-RAN Architectural Splits
  • NG-RAN Transport Network: Midhaul Connections
  • NG-RAN Transport Network: Fronthaul Connections
  • Centralized Radio Access Network (C-RAN) Transport
  • 5G C-RAN Procedures: UE Initial Access
  • Intra-gNB-CU Handover Illustrated
  • 5G C-RAN Procedures: Intra gNB-CU Handover
  • 5G C-RAN Procedures: Dual Connectivity (EN-DC)
Introduction to 5G Security
  • Generating and Using Private/Public Key Pairs
  • Public Key Infrastructure (PKI)
  • 5G Identity Exchange Between UE and Network
  • 5G Security Overview
  • UE Must Identify which Authentication and Key Agreement (AKA) Mechanism to Utilize
  • Generating the Key Access Security Function (KAUSF)
  • Generating the 5G Home Environment Authentication Vector (HE AV)
  • 5G Key Hierarchy
  • Key Distribution in 5G
  • Non-3GPP Access to 5G Core Networks
  • 5G Authentication and Key Agreement (AKA) Procedure
  • Generation of 5G Authentication Vector (AV)
  • Device (UE) Authentication Procedure
  • Authentication Confirmation and UDM Validity Monitoring
  • IPX Allowed to Modify HTTP/2 Messages
5G Wireless Security Training Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help.
Request More Information

    Time frame: