The training course starts with the brief introduction to 5G system architecture, various dangers, threats and attack scenarios and short introduction to basic cryptographic techniques used in digital communication. This is followed by presentation of security requirements on 5G system and recommendations from various organizations. The next parts of the course present various standardized security mechanisms and their details for securing communication with users/devices, inside the network, and towards external entities and other networks.
Medium level of technical knowledge of the structure and procedures in the 5G networks is required. We recommend our “5G System Overview” or “5G Core Network Architecture” courses for the background knowledge.
NOTE: This document describes a product under development, additional topics might be added in a final version.
5G Security: Basics, Aspects, Threats
- What is security: confidentiality, integrity, identity protection, intrusion prevention, etc.
- Security aspects of end-user and IoT devices, radio access network, core network, application servers and communication with other networks.
- 5G system introduction: architecture, relation to 4G networks, selected deployment scenarios, use cases, Service-Based Architecture principles, centralized RAN option.
- Possible attack vectors: malware in devices/app servers, misbehaving UEs, compromised base stations, fake base stations, passive air interface monitoring, active interception, physical intrusion to IoT devices, etc.
- Overview of UE security functions, mobility and session-related procedures, identifiers.
- Basic cryptographic techniques: symmetric/asymmetric encryption, key exchange, hash functions, signatures, certificates, etc.
Requirements and Recommendations
- 3GPP 5G security requirements on UE, gNB, centralized RAN, AMF, UDM, AUSF, NRF, SEPP, NEF, and Network Functions using Service-Based Architecture
- NGMN Alliance recommendations on 5G security: network and access, DoS/DDoS attacks prevention, network slicing, Multi-access Edge Computing, low latency communication, etc.
- GSM Association recommendation on security: for network operators, IoT service ecosystem and IoT end-device ecosystem.
- GSM Association: lists of critical and high-priority security recommendations, details of selected recommendation examples.
- Network Equipment Security Assurance Scheme and 3GPP Security Assurance Specifications (SCAS), selected SCAS examples for gNB, AMF, etc.
- Evolution of the trust model and principles of Zero-Trust Security approach to networks security.
UE-related Security Procedures in 5G
- Evolution from 2G to 5G: authentication, ciphering, integrity protection.
- 5G air interface security algorithms
- Pre-R99 SIM and R99+ USIM security features comparison.
- 5G system authentication methods: 5G AKA and EAP-AKA’.
- Visited PLMN verification: handling of XRES* and HXRES*.
- SUPI protection: concealment and de-concealment to/from SUCI, selected details of the protection schemes
- Protection of initial NAS messages.
- EPS security key hierarchy.
- 5GS security key hierarchy, for NR and non-3GPP access, for 5G-AKA and EAP-AKA’ authentication methods.
- Selected details of Key Derivation Functions in 5GS key hierarchy, for mobility, for interworking with EPS.
- Air interface user-plane security.
- RAN-based periodic local re-authentication.
- …and more
5G Network Security Functions and Procedures
- Security for non-3GPP access: untrusted Wi-Fi, trusted Wi-Fi, wireline.
- “Vertical” security for 4G/5G network exposure via SCEF and NEF.
- Security principles for inter-operator communication via SEPP and pre-5G interfaces.
- Security comparison of protocols for roaming communication: MAP, Diameter, HTTP.
- Network slice isolation.
- SDN and NFV security principles.
- …and more