5G Security Training | 5G Wireless Security Training

5G Security Training | 5G Wireless Security Training

Print Friendly, PDF & Email

Introduction:

5G Wireless Security Training Course – Hands-On (Online Live!)

Future wireless systems will require a paradigm shift in how they are networked, organized, configured, optimized, and recovered automatically, based on their operating situations. Emerging Internet of Things (IoT) and Cyber-Physical Systems (CPS) applications aim to bring people, data, processes, and things together, to fulfill the needs of our everyday lives.

With the emergence of software defined networks, adaptive services and applications are gaining much attention since they allow automatic configuration of devices and their parameters, systems, and services to the user’s context change. It is expected that upcoming Fifth Generation (5G) wireless networks, known as more than an extension to 4G, will be the backbone of IoT and CPS, and will support IoT systems by expanding their coverage, reducing latency and enhancing data rate.

Guarantee to Run:

In this regard, it is crucial to have security by design in 5G wireless networks, considering the constraints imposed by heterogeneous IoT and CPS systems. Our aim is to promote the development of 5G security by design. The proposed 5G Security Training Workshop will serve as a forum for researchers from academia, government and industries, to exchange ideas, present new results, and provide future visions on these topics.

Duration: 4 days

RESOURCES:

  • 5G Security Training Guide by Madhusanka Liyanage , Ijaz Ahmad, et al – Paperback/Amazon
  • 5G Security Training Guide by Patrick Marsch , Ömer Bulakci, et al. – Paperback/Amazon
  • 5G Security Training Guide by Erik Dahlman – Paperback/Kindle/Amazon
  • 5G Security Training by Mahdi Talebi – Kindle/Amazon
  • 5G Security Training Guide by Patrick Marsch , Ömer Bulakci, et al. – Hardcover/Amazon
  • 5G Wireless Security Training Guide by Louise Steele, Patricia J. Rullo, et al. – Hardcover/Amazon
  • 5G Wireless Security Training Guide by Scott Meredith – Hardcover/Amazon
  • 5G Wireless Security Training Guide by Harri Holma, Antti Toskala, et al. – Hardcover/Amazon
  • 5G Wireless Security Training Guide by Muhammad Ali Imran, Yusuf Abdulrahman Sambo, et al. – Hardcover/Amazon
  • 5G Wireless Security Training Guide by Michael Fox – Hardcover/Amazon
  • 5G Wireless Security Training Guide by Ajay R. Mishra – Hardcover/Amazon

Related Courses

5G Security Training – Customize it:

If you are familiar with some aspects of this 5G Security Training course, we can omit or shorten their discussion.

We can adjust the emphasis placed on the various topics or build the 5G Security Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).

If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the 5G Security Training course in manner understandable to lay audiences.

Course Objectives Per/Syllabus Section:

Section 1 begins by defining security in mobile cellular platforms. A look at the past generations of security methods is presented to illustrate the security shortcomings and corrective action process. This section provides an understanding of some of the initial underpinnings, introduced in 2G that still apply, since they are incorporated into 5G security. One of the key topics focuses on security for smartphones. This section also provides an overview of 5G security technologies and concludes with a description of characteristics that help define 5G security.

Section 2 provides an introduction and overview involving the framework and technical attributes that define 5G network. This section begins with the International Mobile Telecommunications – 2020 (IMT-2020) document, crafted by the ITU-Radiocommunication Sector, which outlines the requirements and the three primary use cases that 5G networks support. It concludes with an explanation on the concept of 5G network slicing, and why it is crucial for security in 5G networks.

Section 3 provides an overview for the 5G network and system architecture. This section lays out the foundation of the 5G System, which includes the core and access networks that are part of the overall design. The latter topics provide a description on the 3GPP’s standards development process, divided into two phases, designed to meet the challenge of the ITU-R’s IMT-2020 requirements.

Section 4 delves into the meaning of a Service Based Architecture (SBA), and why this is a big departure from all previous generations of mobile cellular technologies and standards. The first topic provides and overview of Software Defined Networks (SDN). This is followed by the topic of Network Function Virtualization (NFV). Both topics help define the SBA, supporting the 5G Core Network (CN). The next topic provides a complete description of the modules, or functions used in the CN. Next, 5G infrastructure management nodes are defined. Lastly, the 5G reference points (interfaces) are described, which interconnect the SBA modules.

Section 5 is the largest section, in the course, covering several topics for the 5G radio interface, which is critical to providing good security design. The section begins with defining the 5G Radio Access Network (RAN), referred to as New Radio (NR). The next few topics cover the frequency bands defined for use with 5G NR, how Massive MIMO is being deployed in 5G NR, and duplexing modes & supplementary frequency bands.

Next, a description of 5G RAN connectivity options are covered, important to understanding what path can be chosen by service providers, as they migrate from existing mobile cellular networks to 5G. One important point to comprehend is the Dual-Connectivity (DC) operation, where 5G devices can establish multiple independent data (bearer) connections to provide greater throughput. The complex arrangement between existing 4G LTE eNBs and 5G gNBs is described in greater detail via several more topics.

Next, the Evolution of Base Station (BS) connectivity is covered, showing the implementation of the CPRI and eCPRI standards that link components of the decoupled BS modules together, and have provided a path toward the development of Centralized and Cloud RAN architectures. The topic of OpenRAN architecture is also included, along with the descriptions of various connectivity schemes between the RAN and core networks, which include Backhaul, Midhaul, and Fronthaul. The section concludes with the topic of small cells, describing the various types and technologies used to provide better overall coverage (indoor and outdoor) for service providers.

Section 6 covers the topic of devices connecting to the service providers’ network. A key goal in this section is to introduce the many identifiers used on both the network and device side. This incorporates a discussion on the security functions, related to the various identities. Registration and connection management will be covered, with examples on these processes shown in detail.

Section 7 covers the procedures surrounding security in 5G networks. It begins with defining the two sets of security mechanisms that involve network access and network domain. This is followed by a description of the five properties that contribute to the trustworthiness of the 5G system.

The next topic is an overview on 5G security, followed by 5G security algorithms, which many are brought forward from the LTE security architecture. In-depth coverage of the Authentication and Key Agreement (AKA) is covered next, followed by the details of the 5G AKA process. This section wraps up with a summary of the security procedures and securing the communication between the access and core networks.

Section 8 is the final section in this course, which covers the emerging concepts involving 5G communications technology. It begins with the evolution of networked computing, which helps explain the reasoning behind the separation of control and user planes in both 4.5G and 5G networks. Unlicensed spectrum will be a big part for 5G connections, along with shared spectrum (licensed and unlicensed), which will allow higher data rates by using additional RF assets.

Another important topic covered is the emergence of 5G private networks. This section explains the various options for implementing these private networks and who the likely candidates are that will make use of them. Finally, a brief description on Device-to-Device (D2D) communications will be provided, pointing out the advantages and security concerns.

Course Syllabus

Section 1: The Evolutions to 5G Security

  • Rationale Behind 2G to 4G Security
    • Protect Basic Connectivity Service (Voice, and later packet data)
    • Objective: Earn User’s Trust by Providing Privacy; Safeguard Operator’s Network from Unauthorized use via Cloning
  • Security Characteristics Regarding All Generations of Mobile Networks
    • Zero-Configuration from a User’s Perspective
    • Automatic Provisioning Through Variants of SIM Cards
  • 2G GSM Security Highlights
    • Development of Users’ Trust with Privacy Via Radio Interface Encryption
    • Solved Billing Accuracy by Implementing Authentication to Thwart Cloning
    • Introduction of Tamper-Resistant SIM Card – Terminal Independent Security
    • Security Operation Without User Intervention or Assistance
    • Random Temporary Mobile Subscriber Identifiers (TMSIs) Used for Subscriber Identity Privacy
    • Use of Mobile Operator Proprietary Authentication Algorithms
  • 2G GSM Security Issues Identified
    • One-Way Authentication – Subscriber-to-Network Identification (No Protection from Rouge BSs)
    • Attacks on GSM Security Now Common (Fulfilled Design Goals of 10-Year Economic Lifetime)
    • IMSI Sent During Network Attachment are Unencrypted
    • Rogue BSs Can Act as IMSI Catchers, forcing a Mobile Station (MS) to Divulge IMSI
  • 2G GSM Identifiers That Remain Part of Mobile Communications Today
    • International Mobile Subscriber Identity (IMSI)
    • International Mobile Equipment Identity (IMEI)
  • 3G UMTS Security Highlights
    • Enhanced Authentication and Key Agreement Mechanism
    • Mutual Authentication Introduced (Subscriber-to-Network, Network-to-Subscriber)
    • Supports Packet TMSIs (P-TMSIs) Used for Subscriber Identity Privacy
    • Introduction of Authenticated Management Field (AMF) Providing Defining Operator-Specific Operations in the Authentication Process
    • Agreement on an Integrity Key (IK) for Integrity Protection of Signaling Information
    • Ciphering and Integrity Protection Terminates at the RNC, ensuring that the Interface Between BS and RNC is Secure in the RAN
    • Cipher and Integrity Key Lengths of 128 bits are Used to Provide Enhanced Security Protection
    • Trust and Confidence increased by Use of Published Security Algorithms
  • 3G UMTS Security Issues Identified
    • IMSI Sent During Network Attachment are Unencrypted
    • Ciphering between UE & RNC, IPSec Optional to Secure Traffic Between RNC & Core
  • Introduction of Smartphones
    • Smartphones become the Modern Swiss-Army Knife
    • Incorporation of Mobile Apps – Customized Software Tools for Everything
    • Smartphone Operating Systems (Oss)
    • The Rise of Security Issues on Smartphones
    • Video: Mobile Security – How It Works? (IBM Think Academy)
  • 4G LTE Security Highlights
    • Mutual Authentication Protects User from Rogue BS Attachments
    • Set of ‘f’ Algorithms are Open, used between the UE and HSS, along with a Secret Key
    • Improved Authentication Algorithms Introduced for Both RAN and Core Networks
    • Improved Authentication Algorithms Introduced for User Plane Security
    • Integrity Checking used to Ensure Messages Have Not Been Tampered with While in Transit
    • Non-Access Stratum (NAS) and Radio Resource Control (RRC) Signaling Security Provides Integrity Checking & Encryption for Signaling between UE & MME
    • IPSec can be used on IP Access Interfaces between RAN and Core (e.g., S1-MME and S1-U)
    • Introduces Globally Unique Temporary UE Identifiers (GUTI) for Subscriber Identity Privacy, used to Mask the User’s IMSI
  • 4G LTE Security Issues Identified
    • Service Providers Challenge: Balancing the Relationship between Device Manufacturers, Subscribers, Mobile Apps, along with Device Security
    • Video: Why Mobile Security Matters (Lookout.com)
    • Encryption of NAS, RRC, and User Plane Traffic is Optional for the Mobile Operator
    • Use of IPSec Encryption is Optional on IP Access Links (e.g., S1-MME & S1-U)
    • IMSI Sent During Network Attachment are Unencrypted
    • Authentication
  • Security Characteristics of 5G:
    • Video: Tech Talk: 5G Security (Ericsson)
    • 5G Security Technology:
      • Entity Hosting the USIM App: Removable SIM card or Embedded UICC Chip
      • Strong Mutual Authentication, Crucial for Enabling Trusted Services
      • Security Solutions are a Mix at the Edge Device, and at the Core Network
      • Multiple Security Frameworks Supported
      • 5G Reuses Some of the Existing Solutions used in 4G, and non-3GPP Frameworks
      • 5G Security, Privacy, & Trust will be Great, due to incorporation of IoT & URLLC
      • Local Secure Elements (SEs) in Devices, must also Support other Secure Services, (e.g., Emergency Call Management & Virtual Networks for IoT)
    • 5G Phase I (Rel. 15) – Security Drivers Remain Consistent; Trustworthy Connectivity for High Data-Rate Mobile Broadband Service
    • Additional Key Drivers for 5G – Support for Connecting Industries: Manufacturing and Processing, Intelligent Transport, Smart Grids, eHealth, etc.
    • New Service Delivery Models will be used Involving 3rd Party Providers in Ecosystem
    • The Need to Secure Cloud and Virtualization Technologies in the Core Network and Edge
    • Incorporating the use of Application Program Interfaces (APIs), Involving 3rd Party Service Providers, Outside the Mobile Operator’s Direct Control
    • Optimizations Provided by 3rd Party Software that Function on Shared Hardware Platforms, Alongside Dedicated Mobile Operator Software
    • Going Beyond Unique Subscriber Support, Incorporating other Security Mechanisms
    • Key Goal is Protection of Data, Transported Between Core, Edge, and Access Networks
    • Video: Mobile Security (DHS Science and Technology Directorate)

Section 2: System Overview and Technical Attributes for 5G Networks

    • International Telecommunications Union (ITU) Standardization Sector
    • Video: Overview of the ITU
    • ITU-R Requirements for 5G: International Mobile Telecommunications – 2020 (IMT-2020)
    • Use Cases for 5G
      • enhanced Mobile Broadband (eMBB) – High Data Rate Services
      • massive Machine (mMTC) – Cellular radio extension of Internet of Things (IoT) on an industrial scale, e.g., machine-to-machine, involving low data rate exchanges over wide area networks
      • Ultra-Reliable Low Latency Communications (URLLC) – Involves data exchanges providing reliable and critical communications (e.g., health monitoring, autonomous driving vehicles, etc.)
      • Exercise: Create a spider diagram showing the different attributes for each of the three use cases for 5G.
    • ITU Vision for IMT-2000 and Beyond
      • Extreme capacity (eMBB Devices – Up to 10 Mbps/m2)
      • High Data Rate (eMBB Devices up to 100 Mbps, with Peak Data Rate = 20 Gbps)
      • High Spectrum Efficiency (eMBB – UL Peak = 15 bps/Hz, DL Peak = 30 bps/Hz)
      • High Connection Density (mMTC – Up to 1 Million per km2)
      • Energy Efficiency (mMTC may Require up to 10-Year Batter Life)
      • Low Complexity (mMTC Massive Quantity, Requiring Low Cost per Device)
      • Ultra Reliability (URLLC Reliability at least 99.99% Success Probability, within 1 ms)
      • Extreme Mobility (URLLC and eMBB Devices – Speeds up to 500 km/hour
      • Low Latency (URLLC Devices – As Low as 1 ms is Targeted for Most Applications)
    • Concept of 5G Network Slicing
      • Network Architecture Enables Multiplexing (Combining) of Virtualized Resources to Provide an Isolated End-to-End Tailored Network Solution for a Particular Application
      • Virtual (Software-Based) Resources Share Same Physical Network Infrastructure; Applications must remain Isolated to Provide Greater Security & Performance Features
      • Exercise: Create a list of considerations for what specific electronic modules an automobile manufacture might need to communicate with, for monitoring vehicle performance and maintenance requirements. Further elaborate on what level of security would be needed for access to/from these electronic modules.

Section 3: 5G Network and System Architecture

  • 5G System (5GS)
    • 5G Core Network (5G CN)
    • 5G Access Network (AN)
      • 3GPP Next-Generation Radio Access Network (NG-RAN)
        • 5G New Radio (5G NR)
        • Evolved – UMTS Terrestrial Radio Access (E-UTRA)
      • Non-3GPP Access Networks (AN)
        • Wireless LAN, or WiFi (IEEE 802.11)
        • Wired Broadband Access
      • User Equipment Key Features
        • 5G New Radio (NR) Support
        • User Equipment (UE) Enhanced Capabilities
        • New Identification Parameters
        • Improved Security Measures for Different Use Cases (URLLC, mMTC, & eMBB)
      • New Radio NodeB (gNB)
        • Radio Resource Management (RRM)
        • Security Enhancements
        • 5G Core (5GC) Node Selection: Core Access and Mobility Function (AMF)
        • Handovers
      • Mobility Management
        • UE States: Idle vs Connected
        • Paging – 5G Tracking Areas
      • 3GPP’s Multi-Phase Approach to IMT-2020
        • Phase 1: Release-15 Specifications – Accelerate eMBB Deployments, Plus Establish Foundation for Future 5G Innovations
          • Non-Standalone (NSA) Architecture: 5G Networks Aided by Existing 4G Infrastructure, for Operators that Wish to be First to Offer 5G Speeds for eMBB
          • Standalone Architecture (SA): Offers Greater Possibilities to Implement multiple Use Cases, Representing the Complete Architecture of all 5G Radio Networks

Phase 2: Release-16 Specifications – Deliver New Fundamental 5G NR Technologies that Complete the Vision to Expand and Evolve the 5G Ecosystem

Section 4: 5G System (5GS) – Service Based Architecture (SBA)

  • Overview of Software Defined Networks (SDN)
    • Evolution of Networked Computing
    • Emergence of Virtual Machines (VMs)
    • Intro to SDNs with North- and Southbound interfaces defined
    • Application Program Interface (API) defined
    • SDN Transport API architecture described
    • SDN separation of Control- and Data Planes demonstrated
  • Network Function Virtualization (NFV): Implementation of Modules vs Network Nodes
    • Traditional hardware switches vs. virtual switches
    • Overview of NFV Framework: 4 components
    • Three parts of the NFVI layer demonstrated
    • Three layers of Management and Network Orchestration (MANO) in NFV Framework defined
    • NFV Operational- and Business Support Subsystems defined
    • OpenStack for NFV
  • 5G Core Architecture – SBA Modules:
    • Access and Mobility Management Function (AMF)
    • Session Management Function (SMF)
    • User Plane Function (UPF)
    • Data Network
    • Policy Control Function (PCF)
    • Unified Data Management (UDM)
    • Unified Data Repository (UDM)
    • Authentication Server Function (AUSF)
  • 5G Infrastructure Management Nodes
    • Network Slice Selection Function (NSSF)
    • Network Exposure Function (NEF)
    • NF Repository Function (NRF)
  • Create a list of security procedures for a network slice that can be used by an automobile manufacturer, involving the maintenance, and monitoring of customer vehicles on the road.
  • 5G Reference Points (Interfaces)
    • NG1: Between UE and AMF (Access and Mobility Management Function)
    • NG2: Between gNB (i.e. 5G base station) and AMF
    • NG3: Between gNB and UPF (User Plane Function)
    • NG4: Between SMF (Session Management Function) and UPF
    • NG5: Between PCF (Policy Control Function) and AF (Application Function).
    • NG6: Between UPF and DN (Data Network)
    • NG7: Between SMF and PCF
    • NG8: Between Unified Data Management (UDM) and AMF
    • NG9: Between two core UPFs
    • NG10: Reference point between UDM and SMF
    • NG11: Between SMF and SMF
    • NG12: Between AMF and AUSF (Authentication Server Function)
    • NG13: Between UDM and AUSF
    • NG14: Between two AMFs
    • NG15: Between PCF and AMF (in Non-roaming scenario)

Section 5: 5G Radio Access Network (5G RAN) & Interconnection to the Core Network

  • Video: Understanding Electromagnetic Radiation (Learn Engineering)
  • New Radio (NR) Air Interface
    • NR Multiple Access: Cyclic Prefix-Orthogonal Frequency Division Multiplexing (CP-OFDM)
    • Scalable Air Interface: Subcarrier Spacing = 15 x 2nkHz
    • Frame Structure
    • Higher Order Modulation & Forward Error Correction: Adaptive Modulation and Coding
    • Use of Millimeter Wave (mmWave) Frequencies
  • 5G Frequency Bands
    • FR1: 450 to 6,000 MHz (Sub-6 GHz Band)
    • FR2: 24,250 to 52,600 MHz (mm-Wave) – n257 Through n261
    • Exercise: Calculate the power level to distance ratio needed to transmit various mmWave frequencies in the FR2 range.
  • Massive Multiple-In Multiple-Out (MIMO) Deployment
    • Beamforming
    • Beam Steering
    • Exercise: Calculate the physical area needed to house a Massive MIMO antenna array for mmWave frequencies.
  • 5G Duplexing Modes and Supplementary Bands
    • Frequency Division Duplex (FDD) – Bands n1 Through n28 (Below 3 GHz)
    • Time Division Duplex (TDD) – Bands n34 Through n74, and n77 Through n79
    • Supplementary Downlinks – Bands n75 and n76
    • Supplementary Uplinks – Bands n80 Through n86
  • 5G RAN Connectivity Options
    • Non-Standalone Architecture (NSA)
      • Option 3 – E-UTRA New Radio-Dual Connectivity (EN-DC): EPC Core Network, 4G eNB for the Primary Radio Link & Signaling, 5G gNB as the Secondary Link for Providing DC
      • Option 4 – New Radio-E-UTRA (NE-DC): 5G Core (5GC), gNB as the Primary Radio Link & Signaling, NG-eNB as the Secondary Link for Providing DC
      • Option 7 – New Radio-E-UTRA (NGEN-DC): 5G Core (5GC), NG-eNB as the Primary Radio Link & Signaling, gNB as the Secondary Link for Providing DC
    • Option 2: New Radio – 5G Core (5GC), gNB for Radio Link (User & Control Planes)
    • Option 5: New Radio – 5G Core (5GC), NG-eNB for Radio Link (User & Control Planes)
  • Dual-Connectivity: Using Radio Resources Provided by at Least Two Different Access Points
    • Bearer Split
    • Master Cell Group
    • Master RAN Note
    • Secondary Cell Group
    • Secondary RAN Node
    • New Radio (NR) Dual Connectivity
  • Multi-Radio Access Technology (RAT) Dual Connectivity
    • E-UTRA – NR Dual Connectivity
    • NG-RAN – E-UTRA-NR Dual Connectivity
    • NR – E-ETRA Dual Connectivity
  • Radio Resource Connections (RRCs)
    • Signaling Radio Bearers (SRBs)
    • Master and Secondary RAN Node Signaling Exchange
  • Master Cell Group (MGC) Split SRB
  • User Plane Splitting: MCG and SCG Bearers
  • Mobility and Dual Connectivity
  • F1 Reference Point
  • Evolution of Base Station (BS) Connectivity
    • Standalone Base Station: Conventional Cell Site Architecture
    • Contemporary BS in Distributed RAN (D-RAN)
    • Fronthaul Connections using Radio over Fiber (RoF)
    • Distributed – Radio over Fiber (D-RoF)
    • Common Public Radio Interface (CPRI): Interface for LTE between BBUs & RRUs
    • enhanced CPRI (eCPRI): Interface between BBUs and RRUs for 5G ANs
    • eCPRI supports Open Architecture within the RAN
  • Geographic Separation of Base Band Unit (BBU) and Remote Radio Head (RRH)
    • Centralized RAN (C-RAN)
      • BBU processing Moved to a Centralized Location in the CN
      • Allows Pooling of BBU Capacity
      • RRUs used at Base Station (Cell Site)
    • Cloud RAN
      • Takes Additional Step Beyond Centralized RAN by Virtualizing the BBU Function
      • Software Can Run on Generic Processors
    • OpenRAN (O-RAN) Architecture
      • Alternative to Legacy/Proprietary Equipment in the RAN
      • Legacy/Proprietary Hardware Components and Software Code are Intertwined – Closed Supplier Chain, when Equipment Supplied by Nearly a Single Supplier
      • OpenRAN Introduces Competition to Existing Supplier Chain Model
      • O-RAN Specs Work with Different Vendors’ BBUs, which are Defined by 3GPP Specs
    • Split Unit Base Station Architecture:
      • Central Unit (gNB-CU)
      • Distributed Unit (gNB-DU)
      • F1 Reference Point
      • Control and User Plane Separation for the gNB-CU
    • Connections Between 5G Core Network (CN) and 5G Access Network (AN)
      • Backhaul – Connection Between 5G CN and 5G AN
      • Midhaul – Connection Between the CU and DU
      • Fronthaul – Connection Between RRU and BBU
    • Small Cells
      • Video: Overview of Cellular Technology (Anixter Wireless Solutions)
      • Macrocell Coverage Gaps and Improve Indoor Cellular Signal Connectivity
      • Permit Greater Subscriber Capacity and Faster Data Speeds
      • Types of Small Cells: Femto, Pico, Micro/Macro
      • Densification: Higher Spectral Efficiency & Reduced Power Consumption
      • Microcells/Metrocells for Shorter Range, Higher Capacity, Outdoor Coverage
      • Distributed Antenna Systems (DASs), Extending Coverage
        • In-building DAS Architecture Defined
        • DAS Deployments: Large Buildings, Airports, Public Venues, etc.
        • Video: Who Uses DAS?
      • Cellular/WiFi Coexistence
        • Public WiFi Hotspots
        • Private (Residential) WiFi LANs
        • WiFi Offloading: Handing Cellular Traffic Over to WiFi Unlicensed Bands
        • Video: Supporting Large Scale Use of WiFi in Venues
      • Small Cell Backhaul Solutions
        • Femtocells: Internet Broadband
        • Picocells: Point-to-Point Microwave
        • Metro-/Microcells: Fiber or Microwave
      • Heterogeneous Networks (HetNets)
        • HetNets Define Concurrent Operation of Macro-, Micro-, Pico- & Femtocells
        • Self-Organizing Networks (SON): Software Solution for Managing HetNets
      • Other Benefits: Lower Communications Latency, Increased Data Rates, Reduced Energy
  • Exercise: Create a layout for a small cell/DAS system for an outdoor stadium

Section 6: Initial Acquisition Process

  • Subscriber Related Identities
    • Subscription Permanent Identifier (SUPI)
      • Typically, in the Form of a Traditional IMSI
      • May be in the Form of a Network Access Identifier (NAI)
      • 5GS Requires that the SUPI not be Sent Across the 5G RAN unencrypted
    • Subscription Concealed Identifier (SUCI)
      • Allows the Device to Conceal the SUPI
      • SUPI is Encrypted with a Public Key Provided by the Network
      • Additional Level of Privacy: Device Only Supplies the SUCI, Never the SUPI
    • 5G Temporary Mobile Subscriber Identity (5G-TMSI): Generated by the AMF During the Generation of the Subscriber’s 5G-GUTI; Uniquely Identifies the UE within the AMF
    • 5G Globally Unique Temporary Identifier (5G-GUTI)
      • Used as a means of keeping the Subscriber’s SUPI (IMSI) Confidential
      • AMF Allocates the 5G-GUTI During Device Registration to the Network
      • Comprised of the Globally Unique AMF ID (GUAMI) and the 5G Temporary Mobile Subscriber Identity (5G-TMSI)
      • 5G-S-TMSI: A Shortened Version of the GUTI can be used to Provide Greater Efficiency of Radio Signaling Procedures, Due to Lower Overhead
      • The Device will be Allocated an IPv4 or IPv6 Address, as Appropriate, Unless an Unstructured or Ethernet PDU Session is being Used
    • 5G Network Related Identities and Security Functions
      • Subscriber Identifier De-Concealing Function (SIDF): Network Entity Responsible for Decrypting the SUCI using the Network’s Private Key
      • Considerations for 5G CNs with many AMFs
        • AMF Pointer – Uniquely Identifies an AMF with an AMF Set
        • AMF Region IDs Serve Larger Networks with More AMFs than can be Identified by using only the Set ID and AMF Pointer Combined (i.e., Higher Level of Identification Hierarchy)
        • AMF Pointer can be Repeated, Providing the AMF Region ID is Unique
      • NR Cell Global Identifier (NCGI): Used to Identify an NR Cells Globally
      • NCGI Constructed from Two Elements: PLMN ID, and NR Cell Identity (NCI)
      • gNB Identifier (gNB ID): Used to Identify gNBs within a PLMN; the gNB ID is Contained within the NCI of its Cells
      • Global gNB ID: Used to Identify Cells Globally, Constructed from the PLMN & gNB ID
      • Globally Unique Identifier AMF ID (GUAMI): Serves as the Globally Unique Identifier for each AMF, within the 5G System
      • Entities across the 5G system are Identified using a Fully Qualified Domain Name (FQDN), used by Network Nodes to ID other Nodes, when an IP Address is Not Known
    • Unique Equipment ID: Permanent Equipment Identifier (PEI), in the Form of the Traditional IMEI
    • Registration and Connection Management
      • Registration Management
      • Connection Management
      • Radio Resource Control (RRC) States
        • RRC Idle
        • RRC Inactive
        • RRC Connected
      • Network Access
        • PLMN and Network Selection
        • Cell Selection
        • RRC Connection Establishment
      • 5G Registration
        • Key Information in the Registration Request:
          • Registration type
          • SUPI / SUCI or 5G-GUTI
          • Security Parameters
          • Requested NSSAI
          • UE 5G Core Network Capabilities
          • PDU Session Status
        • Subscription Data:
          • Subscriber Status/Restrictions
          • Roaming Policy Permitted Data Networks
          • Allowed QoS – Bandwidth
          • Allowed Services
          • Network Slicing Information
        • Key Information in the Registration Accept
          • 5G-GUTI
          • Registration Area
          • Mobility Restrictions
          • PDU Session Status
          • Allowed NSSAI
          • Periodic Registration Update Timer
        • Network Function Selection
          • gNB – AMF Selection
          • AMF – AUSF and SMF Selection
          • AMF/SMF – PCF Selection
          • SMF – UPF Selection
        • Deregistration
          • UE Initiated Deregistration
          • Network Initiated Deregistration

Section 7: Intro to 5G Security

  • Video: Understanding Encryption (Learn Engineering)
  • Two Sets of Security Mechanisms
    • Network Access Security Mechanisms: Security Features that Provide Users with Secure Access to Services Through the Mobile Device and the Radio Node (LTE eNB, NG-eNB, or 5G gNB)
    • Network Domain Security Mechanisms: Features that Enable Nodes to Securely Exchange Signaling Data and User Data (e.g., Between Radio Nodes and the Core Network Nodes)
  • Five Properties that Contribute to the Trustworthiness of the 5G System
    • Resilience
      • 5G NR Access Developed with Different Use Cases, or Classes
      • URLLC Class Ideal for Industrial Control, Critical Infrastructure and Public Safety Applications
      • Split Unit Base Stations – Central Unit (CU) & Distributed Unit (DU): User Plane Encryption can be Managed from a Secure CU Location, While Keeping Non-Security Sensitive Functions at DUs
      • Network Slicing Isolates Groups of Network Functions from other Functions
    • Communication Security
    • Identity Management
    • Privacy
    • Security Assurance
  • 5G Security Overview
    • Flexible Authentication Framework: Other Types of Credentials, in Addition to SIMs
    • Enhanced Subscriber Privacy Features to Mitigate the IMSI Catcher Threat
    • Higher-Layer Protocol Security Mechanisms Protecting Service-Based Interfaces
    • Integrity Protection of User Data Over the Air Interface
    • Security Architecture in 5G and LTE/4G Systems: Need for Dual Function Support
    • New Authentication Framework
    • Enhanced Subscriber Privacy
    • Service-Based Architecture and Interconnect Security
    • Integrity Protection of the User Plane (UP)
    • How an Encrypted IMSI is Supported for Initial Attach Between the Mobile and 5G Core
      • Device Must Have Both IMSI and Home Network’s Public Asymmetric Key
      • Device Generates Ephemeral Public/Private Pair of Asymmetric Keys
      • Device uses Home Network’s Public Asymmetric Key, and Its Private Asymmetric Key to Generate Ephemeral Key (Ephemeral Encryption Key)
      • Mobile Device uses Ephemeral Encryption Key to Encrypt its IMSI
    • Non-Standalone 4G/5G Dual Connectivity Security
  • 5G Security Algorithms – Used for Encryption and Integrity
    • NEA0 – Null
    • 128-NIA1 SNOW 3G
    • 128-NIA2 AES
    • 128-NIA3 ZUC
  • Authentication and Key Agreement (AKA): Principle Technique Used in a 5G System to Facilitate both Security Key Generation, Distribution and Mutual Authentication between the Device and Network
    • Authentication: Providing mutual authentication between the device and the network
    • Key Agreement: Generation and Distribution of an Anchor Key, from Which Security Keys are Derived and Used to Support RRC, NAS and User Plane Traffic
    • AKA Mechanisms Supported in 5G
      • 5G AKA (EPS-AKA*) – Based on EPS-AKA, carried by 5G Protocols; Permitted for use in 3GPP Access Networks
      • EAP-AKA’ – Uses Extensible Authentication Protocol to carry AKA Information; Permitted for use in both 3GPP and Non-3GPP Access Networks
    • Authentication Vector (AV) Generation
      • KAUSF – Master Key Supplied to AUSF, from which all Other Key Material is Eventually Derived
      • RAND – Random Number, Serving as an Input to the ‘f’ algorithms Used by the Device and the Network to Generate the AV
      • AUTN – Authentication Token, used by the device to Verify the Legitimacy of the Network
      • XRES* – Expected Response, Used by the Network to Check that the Device is Legitimate
    • Description of How the 5G HE AV is Produced
  • 5G AKA
    • 5G AKA Procedure
    • Generation of 5G AV
    • Device Authentication
      • NAS Authentication Process
      • Authentication Confirmation
      • How the Validity of an Authentication is Monitored in 5G
      • Why HXRES is Used for Roaming in Visited Networks
    • Key Derivation at the AMF
      • 5G Key Hierarchy
      • Key Derivation in 5G
        • USIM / Subscriber Database: K, CK, IK
        • UE / MSM: KASME, KNAS enc, KNAS int
        • UE / 5G RAN: K5GNB, NH, KUP enc, KRRC enc, KRRC int, K5GNB*
      • Security Procedures
        • Key Distribution in 5G
        • NAS Signaling Security
          • Positioning the NAS SMC Procedure
          • NAS Security Mode Command Procedure
        • RRC Signaling Security: RRC Security Mode Command
      • Security AN to CN Communication
        • IPSec Capabilities:
          • Encryption of User Data
          • Authentication and Integrity of Data
          • Protection Against Replay Attacks
        • IPSec Basic Operation
        • Establishment of gNB Security Associations

Section 8: Emerging Concepts in 5G Communications Technology

  • Evolution of Networked Computing
    • Emergence of Virtual Machines (VMs)
    • Intro to SDNs with North- and Southbound interfaces defined
    • Application Program Interface (API) defined
    • SDN Transport API architecture described
    • SDN separation of Control- and Data Planes demonstrated
  • Unlicensed and Shared Spectrum Used to Enhance Mobile Cellular Connections
    • MulteFire Alliance: MulteFire 1.0 Specification
    • Citizen Broadband Radio Service (CBRS)
  • 5G Private (Cellular) Networks vs Non-Private Networks
    • 3GPP Rel. 15: Private Networks (PNs) – No interaction with Service Provider Networks
    • 3GPP TS 22.261 (Rel. 16) Non-Public Network (NPN): Multiple Deployments
      • Completely Standalone Networks
      • Private Networks Hosted by a PLMN (Mobile Operator)
      • Services May be Offered as a Slice of a 5G PLMN
    • Benefits of Private Networks: Improved Coverage, High Security, Added Privacy, Ultra-Low Latency, Ultra-High Reliability, Traffic Prioritization, Congestion Management, Interference Management, Cost Control
    • Potential uses for Private Networks
      • Hubs: Airports, Railyards, Shipping Ports, Etc.
      • Remote Sites: Off-Shore Gas and Oil Platforms, Mines, Construction Sites, Etc.
    • Device-to-Device (D2D) Communications
      • Enabling Devices to Communicate Directly with Each Other without Routing Path Through Network Infrastructure
      • Public Safety Communication Support, in Case of Infrastructure Damage
      • Proximity-Based Services where Devices Detect their Proximity and Subsequently Trigger a Variety of Services (Social Networking Apps, Advertisements, Smart Communication Between Vehicles, Local Exchange of Information
5G Wireless Security Training Workshop Course Wrap-Up

Request More Information

    Time frame:

    0