Professional Documents
Culture Documents
CWB1057 Security in 5G
CWB1057 Security in 5G
CWB1057 Security in 5G
5G NETWORKS
If you have any questions, concerns or comments regarding this course please write to us at: friends@awardsolutions.com
This course book and the material and information contained in it are owned by Award Solutions, Inc. This course book was designed for use as a student guide with the subject matter course taught
(“Award Solutions”) and Award Solutions reserves for itself and successors and assigns all right, title and by Award Solutions’ authorized employees and contractors. It was not designed to be a
interest in and to the Award Content, Award Solutions’ logos and other trademarks, including all standalone textbook. Award Solutions makes no representations or warranties and disclaims all
copyrights, authorship rights, moral rights, publication and distribution rights, trademarks and other implied warranties with respect to the information contained herein or products derived from
intellectual property rights. Award grants no license or other rights in the contents of the course book or use of such information and Award Solutions undertakes no obligation to update or otherwise
course, except as may be expressly set forth in a duly executed written agreement between Award modify the information or to notify the purchaser or any user of any update or obsolescence. To
Solutions and the authorized user of this course book or the user’s employee or principal. This course the extent permitted by applicable law, Award’s total liability in connection with the course
book shall not be modified, reproduced, disseminated, or transmitted by or in any medium, form or means, and/or course material is the amount actually received by Award from the purchaser/user for
electronic or mechanical, including photocopying, recording or any information retrieval system, in whole the purchase or license of the course and course material. This course book is not made for
or in part, without Award Solutions, Inc.’s express, prior written consent signed by an authorized officer publication or distribution in the public domain and shall not be published or placed in the
whose authority is evidenced by a duly signed corporate resolution. public domain, in whole or in part, without Award Solutions, Inc.’s express, prior written consent
signed by an authorized officer whose authority is evidenced by a duly signed corporate
resolution.
The 3GPP, LTE, LTE-Advanced, and 5G logos are the property of Third Generation Partnership Project (3GPP). The content of this document is based on
3GPP/LTE specifications which are available at www.3gpp.org.
Welcome to
Security in 5G
Networks
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
About Award Solutions
Trusted by :
Network
255+
Vendors Tool Vendors Application
Chipset Service Providers
Vendors Providers
companies in
cable and
wireless
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute. Updated: Nov. 2020
Award Solutions: A Great Partner
Network troubleshooting
700+ sessions delivered on 14
different technologies
98% Recommend our services
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
3GPP Third Generation Partnership Project gNB-DU gNB-Distributed Unit
4G Fourth Generation Wireless Systems HE Home Environment
5G Fifth Generation Wireless Systems HRES* Home Response
ABBA Anti-Bid Down Between Architectures HXRES* Home Expected Response
AI Artificial Intelligence ID Identity or Identifier
AKA Authentication and Key Agreement IK Integrity Key
AMF Access and Mobility Management Function IMEI International Mobile Equipment Identity
API Application Programming Interface IMS IP Multimedia Subsystem
ARPF Authentication Credential Repository and Processing Function IMSI International Mobile Subscriber Identity
AUSF Authentication Server Function IP Internet Protocol
AUTN Authentication Token IPSec Internet Protocol Security
Acronyms
AV Authentication Vector IT Information Technology
CASB Cloud Acess Security Broker LTE Long Term Evolution
CK Ciphering Key MEC Multi-Access or Mobile Edge Computing
CU Central Unit N3IWF Non-3GPP Interworking Function
CU-CP Central Unit Control Plane NAI Network Access Identifier
DDoS Distributed Denial of Service NAS Network Attached Storage
DoS Denial of Service NEF Network Exposure Function
DTLS Datagram Transport Layer Security NF Network Function
DU Distributed Unit NR New Radio
E1 5G gNB-CU to gNB-CU interface NRF NF Repository Function
EAP-AKA Extensible Authentication Protocol Authentication and Key PEI Permanent Equipment Identifier
Agreement PLMN Public Land Mobile Network
EIR Equipment Identity Register PSTN Public Switched Telephone Network
eNB Evolved Node B or E-UTRAN Node B RAN Radio Access Network
F1 5G F1 Interface RAND Random Number
F1-C F1-Control Plane RES Response
F1-U F1-User Plane REST Representational State Transfer
FW Firewall RG Residential Gateway
gNB next generation NodeB RRC Radio Resource Control
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
SA Standalone
SD-WAN Software-Defined Wide Area Network
SE Serving Environment
SEAF Security Anchor Function
SEPP Security Edge Protection Proxy
SGW Security Gateway
SIDF Subscription Identifier De-concealing Function
SMC Security Mode Command
SMF Single Mode Fiber
SUCI Subscription Concealed Identifier Subscription
SUPI Permanent Identifier
Acronyms
TLS Transport Layer Security
TS Technical Specification
UDM Unified Data Management
UDR Usage Data Record
UE User Equipment
UP User Plane
USIM UMTS Subscriber Identity Module
VoLTE Voice over LTE
VPN Virtual Private Network
W-5GAN Wireline 5G Access Network
WAF Web Application Firewall
W-AGF Wireline Access Gateway Function (AGF)
Wi-Fi Wireless Fidelity
XRES Expected user RESponse
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
How is security in 5G networks different than
4G networks?
What are potential attack vectors in 5G
networks?
What enables 5G networks to be more secure?
What does the 5G network security architecture
look like?
AGENDA Privacy, Authentication and Confidentiality
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Consumer-centric to Business-centric
Value Everything Everything
5G people use businesses use
3G Internet
2G Text
1G Voice
Consumer- Business-
centric Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
centric
Fiber/Ethernet IMS PSTN
LTE
UDM
PCF
AMF
5G
NR gNB-CU UPF SMF
Transport UPF
Midhaul Network
Fully Virtualized
5G networks have virtualized Core and RAN, moving to Open RAN
5G Security
Diverse Set of Services and Devices
Challenges Many different services need to be secured, along with a variety of devices
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Architectural Shift: 4G to 5G
Pre-5G: Secure like a Telco Network 5G: Secure like an IT Network
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
How is security in 5G networks different than 4G
networks?
What are potential attack vectors in 5G
networks?
What enables 5G networks to be more secure?
What does the 5G network security architecture
look like?
YOU ARE
HERE Privacy, Authentication and Confidentiality
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
General Model for Security Threats
S Spoofing Targets authenticity
Mitigate using authentication and zero-trust policy
enforcement
T Tampering Targets integrity Mitigate using strong ciphering and integrity algorithms
Information
I disclosure
Targets confidentiality
Mitigate using strong cryptography keys and end-to-end data
encryption
Elevation of
E privilege
Targets authorization
Mitigate by implementing zero-trust, OAuth 2.0, and other
policy enforcement mechanisms
AMF
NR gNB-CU UPF
Transport
Midhaul Network
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Possible Threats and Vulnerabilities
Radio
Interconnect
MEC
5G UE
vCU 4G/5G Core Applications
DU RAN
Over
Threat/Vulnerability UE the Air gNB VRAN/ORAN/MEC Core Applications Interconnect
Malware X
DoS/DDoS/DDoS Bots X
Eavesdropping X
Jamming X
Rogue gNB X
Insecure interfaces X X X
OS or S/W insecurities X X X X X
Virtualization
X X X
vulnerabilities
Slice security X X X
Service interruption X X X X X X
Unauthorized access X X X X X X X
API exploitation X X X X
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
How is security in 5G networks different than 4G
networks?
What are potential attack vectors in 5G
networks?
What enables 5G networks to be more secure?
What does the 5G network security architecture
look like?
YOU ARE
HERE Privacy, Authentication and Confidentiality
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Areas to Secure for 5G Networks
Source: 5G Americas
Infrastructure Network
Orchestration and
Applications
management
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Architectural Security Framework for 5G Networks
5G-Specific Security Zero Trust Architecture
Features • Assume nothing in the network is safe
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Summary of 5G Network Security Solutions
Enhanced authentication Interconnect security TLS1.2/1.3 and OAuth 2.0 in
framework enhancements Service-Based Architecture
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
How is security in 5G networks different than 4G
networks?
What are potential attack vectors in 5G
networks?
What enables 5G networks to be more secure?
What does the 5G network security architecture
look like?
YOU ARE
HERE Privacy, Authentication and Confidentiality
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Security Domains
Management Domain
Manages everything
User
Domain
SIM card and
device
Application Domain
Applications
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
5G Authentication Framework
NR
5G UE gNB
5G RAN
Wi-Fi
N3IWF
Y4
W-AGF
5G RG
W-5GAN 5G Visited/Serving Network 5G Home Network
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Ciphering and Integrity for User Traffic
Application Level
IPSec Radio
N3IWF
Applications
5G UE RAN
vCU 4G/5G Core
DU
5G Cypher
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
DU-CU Interface Security
IPsec
CU
F1-C
CU-CP
F1 N2/N3
DU E1 5G Core
5G Core Network
SEPP
Data
gNB-CU UPF
Network
gNB-DU/RU
5G RAN
Involved in security
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Security Mechanism for Service-Based Interfaces
TLS for Security
NF
5G Service 5G Service
Consumer Provider
SBI API Call
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Security for Interconnect/Roaming
N32
cSEPP pSEPP
TLS
N32-c
NF NF
IPX1
5G Network 1 Diameter GTP 5G Network 2
FW FW
PRINS
N32
4G Network 5G Network 3
IPX2 PRINS pSEPP
N32-c
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
How is security in 5G networks different than 4G
networks?
What are potential attack vectors in 5G
networks?
What enables 5G networks to be more secure?
What does the 5G network security architecture
look like?
YOU ARE
HERE Privacy, Authentication and Confidentiality
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
User Confidentiality in 5G
Permanent Identities
SUPI IMSI or NAI
IMEI
PEI Used by 5G-EIR to check the black list
Provide Confidentiality
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Key Separation in 5G for Enhanced Security
UDM
USIM SEAF
UDR
KSEAF
K AUSF K
KAUSF
AMF
KAUSF
KgNB KAMF
NAS Signaling
KAMF KNASenc KNASint 5G-AKA EAP-AKA’
Encryption Int Protection
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
UDM/ARPF/
Initiating 5G Authentication
SEAF/AMF AUSF SIDF
1. Registration Request
(SUCI or 5G-GUTI)
2. Request to Authenticate
3. Serving network
authorization
5. Choose an
authentication
method
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Authentication Procedure for 5G-AKA: 1
SEAF/AMF
UDM/ARPF
AUSF
1. Query SIDF to
retrieve SUPI from
SUCI and generate AV
5. Authentication Request
RAND, AUTN
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Authentication Procedure for 5G-AKA: 2
SEAF/AMF
UDM/ARPF
AUSF
6. Verify AUTN
and compute RES*
7. Authentication Response
9. Request to Authenticate
RES*
10. Verify RES* with
XRES*
KSEAF, SUPI
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Network
6. Start downlink
ciphering
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Summary of Security In 5G
Enhanced authentication Interconnect security TLS1.2/1.3 and OAuth 2.0 in
framework enhancements Service-Based Architecture
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
5G for 50% Off
Use coupon code WEBINAR50ECURERoW
Get 50% off the listed price through 1/31/2023
5G Core Network Overview 5G Services and Network Architecture
Add both courses to your cart to save $150 with the coupon code.
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
Follow Award Solutions
@AwardSolutions @5GUniversityGroup
Award Solutions Confidential and Proprietary
Contact Information
5G Services & Network Welcome to MIMO and VRAN and Open RAN
Overview of CBRS 4h LTE-M NB-IoT 4h
Architecture 4h Beamforming in 5G 1h Overview 4h
5G Radio Technologies Multi-Access Edge Integrated Access and O-RAN Architecture Wireless Technologies &
and Deployments 4h New Computing (MEC) 4h Backhaul Overview 4h Overview 4h New Network Operations 4h
New
MEC Architecture O-RAN Architecture and
Operations Overview 1d Operations 1d New
5G RF Planning and Design 5G (NSA) RAN Signaling 5G (SA) RAN Signaling and LTE and NB-IoT Signaling
3d and Operations 3d Operations 3d and Operations 3d
5G (NSA) RAN
Performance Workshop 4d
5G (NSA) RF Performance
Workshop (UE Based) 3d
courses)
5G Core Networks (SA) Multi-Access Edge Containers and Microservices
Network Slicing in 5G 4h
Overview 4h Computing (MEC) 4h in Telecom 4h
CNF and Kubernetes Network Slicing Architecture MEC Architecture Operations
Orchestration Essentials 1d and Operations Overview 1d Overview 1d
5G Core 5G Virtualization
5G Voice Solutions:
VoNR and EPS Fallback 2d