CWB1057 Security in 5G

WELCOME TO SECURITY IN
5G NETWORKS
Award Solutions’ eBook is authorized for a single user only.

Distribution and/or reproduction in any form is strictly prohibited and may result in legal action. CWB1057 Version 1.0
Plano, Texas USA
Phone: +1.972.664.0727
Website: www.awardsolutions.com
If you have any questions, concerns or comments regarding this course please write to us at: friends@awardsolutions.com
© 2022 Award Solutions, Inc. All Rights Reserved.
This course book and the material and information contained in it are owned by Award Solutions, Inc. This course book was designed for use as a student guide with the subject matter course taught
(“Award Solutions”) and Award Solutions reserves for itself and successors and assigns all right, title and by Award Solutions’ authorized employees and contractors. It was not designed to be a
interest in and to the Award Content, Award Solutions’ logos and other trademarks, including all standalone textbook. Award Solutions makes no representations or warranties and disclaims all
copyrights, authorship rights, moral rights, publication and distribution rights, trademarks and other implied warranties with respect to the information contained herein or products derived from
intellectual property rights. Award grants no license or other rights in the contents of the course book or use of such information and Award Solutions undertakes no obligation to update or otherwise
course, except as may be expressly set forth in a duly executed written agreement between Award modify the information or to notify the purchaser or any user of any update or obsolescence. To
Solutions and the authorized user of this course book or the user’s employee or principal. This course the extent permitted by applicable law, Award’s total liability in connection with the course
book shall not be modified, reproduced, disseminated, or transmitted by or in any medium, form or means, and/or course material is the amount actually received by Award from the purchaser/user for
electronic or mechanical, including photocopying, recording or any information retrieval system, in whole the purchase or license of the course and course material. This course book is not made for
or in part, without Award Solutions, Inc.’s express, prior written consent signed by an authorized officer publication or distribution in the public domain and shall not be published or placed in the
whose authority is evidenced by a duly signed corporate resolution. public domain, in whole or in part, without Award Solutions, Inc.’s express, prior written consent
signed by an authorized officer whose authority is evidenced by a duly signed corporate
resolution.
The 3GPP, LTE, LTE-Advanced, and 5G logos are the property of Third Generation Partnership Project (3GPP). The content of this document is based on
3GPP/LTE specifications which are available at www.3gpp.org.
Welcome to
Security in 5G
Networks
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
About Award Solutions
Trusted by :
Network
255+
Vendors Tool Vendors Application
Chipset Service Providers
Vendors Providers
companies in
cable and
wireless
Recognized 11 times in:
Training Partner to leading industry events:
Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute. Updated: Nov. 2020
Award Solutions: A Great Partner
Network troubleshooting
700+ sessions delivered on 14
different technologies
98% Recommend our services
LTE 101k Individuals with improved

performance on LTE
5G
18k+ Individuals with improved
performance on 5G
8 As a Technology Training 11 Recognized as a Best Company

Years Partner of MWC Years to Work for in Texas
Individuals engaged on Average hours saved per engineer

2.3k data-driven technologies
like Automation and AI
190 per year after taking our Data
Automation Mentoring Program
3GPP Third Generation Partnership Project gNB-DU gNB-Distributed Unit
4G Fourth Generation Wireless Systems HE Home Environment
5G Fifth Generation Wireless Systems HRES* Home Response
ABBA Anti-Bid Down Between Architectures HXRES* Home Expected Response
AI Artificial Intelligence ID Identity or Identifier
AKA Authentication and Key Agreement IK Integrity Key
AMF Access and Mobility Management Function IMEI International Mobile Equipment Identity
API Application Programming Interface IMS IP Multimedia Subsystem
ARPF Authentication Credential Repository and Processing Function IMSI International Mobile Subscriber Identity
AUSF Authentication Server Function IP Internet Protocol
AUTN Authentication Token IPSec Internet Protocol Security
Acronyms
AV Authentication Vector IT Information Technology
CASB Cloud Acess Security Broker LTE Long Term Evolution
CK Ciphering Key MEC Multi-Access or Mobile Edge Computing
CU Central Unit N3IWF Non-3GPP Interworking Function
CU-CP Central Unit Control Plane NAI Network Access Identifier
DDoS Distributed Denial of Service NAS Network Attached Storage
DoS Denial of Service NEF Network Exposure Function
DTLS Datagram Transport Layer Security NF Network Function
DU Distributed Unit NR New Radio
E1 5G gNB-CU to gNB-CU interface NRF NF Repository Function
EAP-AKA Extensible Authentication Protocol Authentication and Key PEI Permanent Equipment Identifier
Agreement PLMN Public Land Mobile Network
EIR Equipment Identity Register PSTN Public Switched Telephone Network
eNB Evolved Node B or E-UTRAN Node B RAN Radio Access Network
F1 5G F1 Interface RAND Random Number
F1-C F1-Control Plane RES Response
F1-U F1-User Plane REST Representational State Transfer
FW Firewall RG Residential Gateway
gNB next generation NodeB RRC Radio Resource Control
SA Standalone
SD-WAN Software-Defined Wide Area Network
SE Serving Environment
SEAF Security Anchor Function
SEPP Security Edge Protection Proxy
SGW Security Gateway
SIDF Subscription Identifier De-concealing Function
SMC Security Mode Command
SMF Single Mode Fiber
SUCI Subscription Concealed Identifier Subscription
SUPI Permanent Identifier
Acronyms
TLS Transport Layer Security
TS Technical Specification
UDM Unified Data Management
UDR Usage Data Record
UE User Equipment
UP User Plane
USIM UMTS Subscriber Identity Module
VoLTE Voice over LTE
VPN Virtual Private Network
W-5GAN Wireline 5G Access Network
WAF Web Application Firewall
W-AGF Wireline Access Gateway Function (AGF)
Wi-Fi Wireless Fidelity
XRES Expected user RESponse
How is security in 5G networks different than
4G networks?
What are potential attack vectors in 5G
networks?
What enables 5G networks to be more secure?
What does the 5G network security architecture
look like?
AGENDA Privacy, Authentication and Confidentiality
Consumer-centric to Business-centric
Value Everything Everything
5G people use businesses use
Autonomous cars, remote health

4G Video monitoring, Virtual Reality,
Industry 4.0,..
3G Internet
2G Text
1G Voice
Consumer- Business-
centric Award Solutions Proprietary - Award Solutions' eBook is intended for a single user only. Do not distribute.
centric
Fiber/Ethernet IMS PSTN
LTE
What is different about 5G?

4G
Backhaul
HSS
Data Networks
LTE eNB Evolved Packet Core
Number and Virtualization in Edge computing REST API-based

Open RAN Network slicing
type of devices RAN and Core with MEC protocols
UDM
PCF
AMF
5G
NR gNB-CU UPF SMF
Transport UPF
Midhaul Network
gNB-DU Virtualized Edge Data Networks

5G UE
Virtualized Core
Larger Attack Surface
Very distributed architecture and many, many more locations
Fully Virtualized
5G networks have virtualized Core and RAN, moving to Open RAN
5G Security
Diverse Set of Services and Devices
Challenges Many different services need to be secured, along with a variety of devices
What’s new? Functional Disaggregation and API-based Communication

Network functions are disaggregated and communicate using REST APIs
Introduction of New Business Models

MEC and network slicing bring new players into the ecosystem and
supply chain
Architectural Shift: 4G to 5G
Pre-5G: Secure like a Telco Network 5G: Secure like an IT Network
How is security in 5G networks different than 4G
networks?
networks?
look like?
YOU ARE
HERE Privacy, Authentication and Confidentiality
General Model for Security Threats
S Spoofing Targets authenticity
Mitigate using authentication and zero-trust policy
enforcement
T Tampering Targets integrity Mitigate using strong ciphering and integrity algorithms
R Repudiation Targets non-repudiability

Mitigate using strict authentication and tracking and logging
of users’ actions
Information
I disclosure
Targets confidentiality
Mitigate using strong cryptography keys and end-to-end data
encryption
Mitigate by deploying anti-DoS and anti-DDoS protection

Denial of
D service
Targets availability
mechanisms using IPSec, DTLS, certificate-based
authentication, filtering, rate control, and advanced
monitoring for critical functions
Elevation of
E privilege
Targets authorization
Mitigate by implementing zero-trust, OAuth 2.0, and other
policy enforcement mechanisms
Note: Developed from original STRIDE model by Microsoft.

Scope of Impact
UDM
AMF
NR gNB-CU UPF
Transport
Midhaul Network
gNB-DU Virtualized Data Networks

5G UE
Edge
Virtualized Core
Roaming
Possible Threats and Vulnerabilities
Radio
Interconnect
MEC
5G UE
vCU 4G/5G Core Applications
DU RAN
Over
Threat/Vulnerability UE the Air gNB VRAN/ORAN/MEC Core Applications Interconnect
Malware X
DoS/DDoS/DDoS Bots X
Eavesdropping X
Jamming X
Rogue gNB X
Insecure interfaces X X X
OS or S/W insecurities X X X X X
Virtualization
X X X
vulnerabilities
Slice security X X X
Service interruption X X X X X X
Unauthorized access X X X X X X X
API exploitation X X X X
networks?
networks?
look like?
YOU ARE
Areas to Secure for 5G Networks
Source: 5G Americas
Infrastructure Network
Network Functions Users
Orchestration and
Applications
management
Architectural Security Framework for 5G Networks
5G-Specific Security Zero Trust Architecture
Features • Assume nothing in the network is safe
Microsegmentation Secure Access Service Edge

• Attacker can only go to smallest part Convergence of:
of the network, cannot move • Network: Access, SD-WAN, VPN
laterally and cannot exfiltrate data • Security: SGW, WAF, FW, CASB
Summary of 5G Network Security Solutions
Enhanced authentication Interconnect security TLS1.2/1.3 and OAuth 2.0 in
framework enhancements Service-Based Architecture
Anti-Bid-down Between RAN split architecture

Enhanced privacy using SUCI
Architectures (ABBA) security enhancements
Network slice selection

User plane integrity
authentication and
protection
authorization
networks?
networks?
look like?
YOU ARE
Security Domains
Management Domain
Manages everything
User
Domain
SIM card and
device
Application Domain
Applications
Non-Access Stratum Domain Core Network
Access Stratum Domain Network Domain

Radio Network Includes Radio,
Core, and Transport
networks
5G Authentication Framework
NR
5G UE gNB
5G RAN
Y2 AMF/SEAF AUSF UDM/ARPF/SIDF
Wi-Fi
N3IWF
Y4
W-AGF
5G RG
W-5GAN 5G Visited/Serving Network 5G Home Network
Ciphering and Integrity for User Traffic
Application Level
IPSec Radio
N3IWF
Applications
5G UE RAN
vCU 4G/5G Core
DU
5G Cypher
DU-CU Interface Security
IPsec
CU
F1-C
CU-CP
F1 N2/N3
DU E1 5G Core
CU-CP Secure Access Service Edge (SASE)

F1-U
may provide:
• IPSec
DTLS • DoS/DDoS protection
IPsec IPsec • Access control
IPsec
Operator deployment choice
(Optional)
Service-based interfaces
use REST APIs
NSSAAF NSSF NEF NRF PCF UDM WAF AF
5G Core Network
SEPP
SCP AUSF AMF SMF NWDAF
Data
gNB-CU UPF
Network
gNB-DU/RU
5G RAN
Involved in security
Security Mechanism for Service-Based Interfaces
TLS for Security
NF
TLS, OAuth 2.0 OAuth 2.0 for Authorization

SBI Message Bus
Operators may choose to deploy one,

NF
Restful APIs both, or none.
HTTP/2
5G Service 5G Service
Consumer Provider
SBI API Call
TLS Client TLS Server
Security for Interconnect/Roaming
NF SCP N32-f NF SCP
N32
cSEPP pSEPP
TLS
N32-c
NF NF
UPF IPUPS IPUPS UPF
IPX1
5G Network 1 Diameter GTP 5G Network 2
FW FW
PRINS
N32
4G Network 5G Network 3
IPX2 PRINS pSEPP
N32-c
networks?
networks?
look like?
YOU ARE
User Confidentiality in 5G
Permanent Identities
SUPI IMSI or NAI
IMEI
PEI Used by 5G-EIR to check the black list
Provide Confidentiality
SUCI Partially encrypted IMSI, one-time use

Used if UE has no 5G-GUTI
5G-GUTI A Temporary ID assigned by network
Key Separation in 5G for Enhanced Security
UDM
USIM SEAF
UDR
KSEAF
K AUSF K
KAUSF
AMF
KAUSF
KgNB KAMF
NAS Signaling
KAMF KNASenc KNASint 5G-AKA EAP-AKA’
Encryption Int Protection
NAS RRC Signaling User Plane

Encr/IP KRRCenc KUPenc
Encryption Encryption
RRC and UP KRRCint KUPint
Encr/IP Int Protection Int Protection
UDM/ARPF/
Initiating 5G Authentication
SEAF/AMF AUSF SIDF
1. Registration Request
(SUCI or 5G-GUTI)
2. Request to Authenticate
UE ID, Serving Network Name
3. Serving network
authorization
4. Get Authentication Info Request
UE ID, Serving Network Name
5. Choose an
authentication
method
Authentication Procedure for 5G-AKA: 1
SEAF/AMF
UDM/ARPF
AUSF
1. Query SIDF to
retrieve SUPI from
SUCI and generate AV
2. . Get Authentication Info Response
5G HE AV(RAND, AUTN, XRES*,KAUSF),

5G – AKA indication, SUPI
3. Store XRES* and

compute HXRES*
4. Request to Authenticate Response
5G SE AV : RAND, AUTN, HXRES*
5. Authentication Request
RAND, AUTN
Authentication Procedure for 5G-AKA: 2
SEAF/AMF
UDM/ARPF
AUSF
6. Verify AUTN
and compute RES*
7. Authentication Response
(SUCI or 5G-GUTI and RES)
8. Compute HRES* and

compare it with HX RES*
9. Request to Authenticate
RES*
10. Verify RES* with
XRES*
11. Request to Authenticate Response
KSEAF, SUPI
Network
Ciphering and Integrity

1. Success full UE
Authentication
2. Change to Radio Connection
(Start Ciphering and Integrity Check )
Conceptually similar operations

for each of the following:
3. Start uplink ciphering,
downlink de-ciphering and 4. Start uplink de-
ciphering
• Radio connection signaling
integrity protection
• Core network signaling
5. Change to Radio Connection Done • User traffic
(Ciphering and Integrity Started)
6. Start downlink
ciphering
Summary of Security In 5G
Enhanced authentication Interconnect security TLS1.2/1.3 and OAuth 2.0 in
framework enhancements Service-Based Architecture
Anti-Bid-down Between RAN split architecture

Enhanced privacy using SUCI
Architectures (ABBA) security enhancements
Network slice selection

User plane integrity Microsegmentation, Zero
authentication and
protection Trust Architecture and SASE
authorization
5G for 50% Off
Use coupon code WEBINAR50ECURERoW
Get 50% off the listed price through 1/31/2023
5G Core Network Overview 5G Services and Network Architecture
3-month Access 3-month Access

1-hrs of On-Demand Content 4-hrs of On-Demand Content
A $100 Value A $200 Value
Add both courses to your cart to save $150 with the coupon code.
Follow Award Solutions
AwardSolutions.com @AwardSolutions @AwardSolutionsInc
@AwardSolutions @5GUniversityGroup
Award Solutions Confidential and Proprietary
Contact Information
If you have any questions or would like additional information,

please feel free to contact us.
Join my LinkedIn Network Join my LinkedIn Network

Manohara S.R. Gabriel Marchi
gabriel@awardsolutions.com
+49 162 6575336
Award Solutions Proprietary
More Webinars from Award Solutions
1. Welcome to 5G Enhancement in R17

• December 15th, 11 a.m. (USA)
2. Welcome to 5G SA Operations
• January 12th, 2 p.m. (UK)
3. Welcome to Open RAN & O-RAN Arch
• February 9th, 2 p.m. (UK)
4. 5G NSA RAN KPIs and Performance
• March 9th, 2 p.m. (UK)
5. Additional webinars are in development and
scheduling for 2023!

Thank You from Award Solutions

5G RAN Learning Path
RF and Radio Network Welcome to RF Planning 5G NR Air Interface 5G NR Air Interface
Welcome to 5G 1h
Fundamentals 1.5h and Design 1h Overview – Part I 1h Overview - Part II 1h
Foundation
5G Services & Network Welcome to MIMO and VRAN and Open RAN
Overview of CBRS 4h LTE-M NB-IoT 4h
Architecture 4h Beamforming in 5G 1h Overview 4h
5G Radio Technologies Multi-Access Edge Integrated Access and O-RAN Architecture Wireless Technologies &
and Deployments 4h New Computing (MEC) 4h Backhaul Overview 4h Overview 4h New Network Operations 4h
New
MEC Architecture O-RAN Architecture and
Operations Overview 1d Operations 1d New
5G RAN - Planning 5G RAN Performance

5G NR Air Interface 2d
Advanced
5G RF Planning and Design 5G (NSA) RAN Signaling 5G (SA) RAN Signaling and LTE and NB-IoT Signaling
3d and Operations 3d Operations 3d and Operations 3d
5G (NSA) RAN
Performance Workshop 4d
5G (NSA) RF Performance
Workshop (UE Based) 3d
Express On-Demand Expanded On-Demand Expert Led Blended

Approx. 1h 4h+ (Live over Web or In Person) (Self-paced + Live over Web)
Award Solutions Proprietary
5G Core Network and Virtualization Learning Path
Welcome to SDN and NFV (3
Welcome to 5G 1h 5G Core Network Overview 1h
Foundation
courses)
5G Core Networks (SA) Multi-Access Edge Containers and Microservices
Network Slicing in 5G 4h
Overview 4h Computing (MEC) 4h in Telecom 4h
CNF and Kubernetes Network Slicing Architecture MEC Architecture Operations
Orchestration Essentials 1d and Operations Overview 1d Overview 1d
5G Core 5G Virtualization
5G Networks and Services Cloud Native NFV Architecture

2d and Operation 3d
Advanced
5G Core Network Signaling Kubernetes Orchestration

and Operations 3d Workshop 3d
5G Voice Solutions:
VoNR and EPS Fallback 2d
Express On-Demand Expanded On-Demand Expert Led Blended

Approx. 1h 4h+ (Live over Web or In Person) (Self-paced + Live over Web)

CWB1057 Security in 5G

Uploaded by

Copyright:

Available Formats

You might also like

CWB1057 Security in 5G

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CWB1057 Security in 5G

Uploaded by

Copyright:

Available Formats

WELCOME TO SECURITY IN

Award Solutions’ eBook is authorized for a single user only.

© 2022 Award Solutions, Inc. All Rights Reserved.

Recognized 11 times in:

Training Partner to leading industry events:

LTE 101k Individuals with improved

8 As a Technology Training 11 Recognized as a Best Company

Individuals engaged on Average hours saved per engineer

Autonomous cars, remote health

What is different about 5G?

LTE eNB Evolved Packet Core

Number and Virtualization in Edge computing REST API-based

gNB-DU Virtualized Edge Data Networks

What’s new? Functional Disaggregation and API-based Communication

Introduction of New Business Models

R Repudiation Targets non-repudiability

Mitigate by deploying anti-DoS and anti-DDoS protection

Note: Developed from original STRIDE model by Microsoft.

gNB-DU Virtualized Data Networks

Network Functions Users

Microsegmentation Secure Access Service Edge

Anti-Bid-down Between RAN split architecture

Network slice selection

Non-Access Stratum Domain Core Network

Access Stratum Domain Network Domain

Y2 AMF/SEAF AUSF UDM/ARPF/SIDF

CU-CP Secure Access Service Edge (SASE)

NSSAAF NSSF NEF NRF PCF UDM WAF AF

SCP AUSF AMF SMF NWDAF

TLS, OAuth 2.0 OAuth 2.0 for Authorization

Operators may choose to deploy one,

TLS Client TLS Server

NF SCP N32-f NF SCP

UPF IPUPS IPUPS UPF

SUCI Partially encrypted IMSI, one-time use

5G-GUTI A Temporary ID assigned by network

NAS RRC Signaling User Plane

UE ID, Serving Network Name

4. Get Authentication Info Request

UE ID, Serving Network Name

2. . Get Authentication Info Response

5G HE AV(RAND, AUTN, XRES*,KAUSF),

3. Store XRES* and

4. Request to Authenticate Response

5G SE AV : RAND, AUTN, HXRES*

(SUCI or 5G-GUTI and RES)

8. Compute HRES* and

11. Request to Authenticate Response

Ciphering and Integrity

Conceptually similar operations

Anti-Bid-down Between RAN split architecture

Network slice selection

3-month Access 3-month Access

AwardSolutions.com @AwardSolutions @AwardSolutionsInc

If you have any questions or would like additional information,

Join my LinkedIn Network Join my LinkedIn Network

1. Welcome to 5G Enhancement in R17

Award Solutions Confidential and Proprietary

Award Solutions Confidential and Proprietary