4G and 5G networks security techniques and algorithms document discusses:
1. 4G LTE security features including access security using authentication vectors, ciphering for confidentiality, and integrity mechanisms.
2. 5G Release 15 security architecture with network domains for access, core, and services as well as enhanced subscriber identity privacy using encrypted SUPI.
3. Comparison of authentication protocols between 4G AKA and 5G AKA with home network control in 5G.
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...PositiveTechnologies
Mobile network operators are planning to invest heavily in coming years to implement the transition to stand-alone 5G. However, in likening to 5G with interconnected infrastructure, 5G SA is prone to protocol vulnerabilities that can allow the malicious actor to impersonate subscribers, disclose subscriber profiles and cause a denial of service (DoS).
What you'll learn:
- How to spot the various types of threats in the 5G stand-alone core
- Network misconfigurations that open doors to attacks on subscribers
- 5G SA protocol components that malicious actors actively target
- An effective security strategy for the avoidance of network disruption
I have described VoLTE IMS Architecture in simplified way . Are you also finding 3GPP Specs complicated & Complex for VoLTE IMS . It covers Role played by individual Networks Elements as mentioned below :-
# VoLTE SIP Handset : SIP Support , UAC , UAS , User Agent , SIP-UA
# Underlying LTE Network : MME , SGW , PGW , PCRF , HSS , Dedicated Bearer , QCI , Default Bearer
# IMS Core : SIP Servers , P-CSCF , I-CSCF , S-CSCF , TAS , MMTEL , BGw , MRF , ATCF , ATGW , IBCF , MGCF , IM-MGW , TrGW
# Voice Core or PSTN Network for Break-in or Break-out Calls
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...PositiveTechnologies
Mobile network operators are planning to invest heavily in coming years to implement the transition to stand-alone 5G. However, in likening to 5G with interconnected infrastructure, 5G SA is prone to protocol vulnerabilities that can allow the malicious actor to impersonate subscribers, disclose subscriber profiles and cause a denial of service (DoS).
What you'll learn:
- How to spot the various types of threats in the 5G stand-alone core
- Network misconfigurations that open doors to attacks on subscribers
- 5G SA protocol components that malicious actors actively target
- An effective security strategy for the avoidance of network disruption
I have described VoLTE IMS Architecture in simplified way . Are you also finding 3GPP Specs complicated & Complex for VoLTE IMS . It covers Role played by individual Networks Elements as mentioned below :-
# VoLTE SIP Handset : SIP Support , UAC , UAS , User Agent , SIP-UA
# Underlying LTE Network : MME , SGW , PGW , PCRF , HSS , Dedicated Bearer , QCI , Default Bearer
# IMS Core : SIP Servers , P-CSCF , I-CSCF , S-CSCF , TAS , MMTEL , BGw , MRF , ATCF , ATGW , IBCF , MGCF , IM-MGW , TrGW
# Voice Core or PSTN Network for Break-in or Break-out Calls
A quick look at 5G System architecture in Reference point representation and in Service Based representation and also look at the different Network Functions (NFs) within the 5G System.
Mobile Networks Architecture and Security (2G to 5G)
+ Mobile Networks History 2G/3G/4G/LTE/5G
+ CS/PS/EPC/5GC Core Network Elements Overview
+ Mobile Networks Basic Scenarios
+ Mobile Network Security
+ Authentication / Ciphering
Topics covered in this presentation:
1. RF spectrum and GSM specifications
2. FDMA and TDMA
3. Digital Voice Transmission
4. Channel coding, Interleaving and Burst formatting
5. GMSK
6. Frame structure of GSM
7. Corrective actions against multipath fading
This guide covers the deployment of Aruba remote access points (RAP) in fixed telecommuter and micro branch office sites, and it is considered part of the base designs guides within the VRD core technologies series. This guide covers the design recommendations for remote network deployment and it explains the various configurations needed to implement a secure, high-performance virtual branch office (VBN) solution with Aruba RAPs.
The Long Term Evolution (LTE) is the latest step in an advancing series of mobile telecommunications systems. In this paper, authors show interest on the security features and the cryptographic algorithms used to ensure confidentiality and integrity of the transmitted data. A closer look is taken upon EPS confidentiality and integrity algorithms. The authors also defined AKA, AS and NAS security and key derivations during normal Attach process and Handover also.
A quick look at 5G System architecture in Reference point representation and in Service Based representation and also look at the different Network Functions (NFs) within the 5G System.
Mobile Networks Architecture and Security (2G to 5G)
+ Mobile Networks History 2G/3G/4G/LTE/5G
+ CS/PS/EPC/5GC Core Network Elements Overview
+ Mobile Networks Basic Scenarios
+ Mobile Network Security
+ Authentication / Ciphering
Topics covered in this presentation:
1. RF spectrum and GSM specifications
2. FDMA and TDMA
3. Digital Voice Transmission
4. Channel coding, Interleaving and Burst formatting
5. GMSK
6. Frame structure of GSM
7. Corrective actions against multipath fading
This guide covers the deployment of Aruba remote access points (RAP) in fixed telecommuter and micro branch office sites, and it is considered part of the base designs guides within the VRD core technologies series. This guide covers the design recommendations for remote network deployment and it explains the various configurations needed to implement a secure, high-performance virtual branch office (VBN) solution with Aruba RAPs.
The Long Term Evolution (LTE) is the latest step in an advancing series of mobile telecommunications systems. In this paper, authors show interest on the security features and the cryptographic algorithms used to ensure confidentiality and integrity of the transmitted data. A closer look is taken upon EPS confidentiality and integrity algorithms. The authors also defined AKA, AS and NAS security and key derivations during normal Attach process and Handover also.
Authentication and Key Agreement in 3GPP Networks csandit
The huge demand for mobile communications with broad band and usage of new wireless
applications motivated the development of new wireless access technologies. The recent
expansion of wireless technologies, novel applications and the advancement in mobile technology after UMTS-3G has been taken up to the next level by the 3GPP Long Tem
Evolution/System Architecture Evolution (LTE/SAE). It has achieved the realisation of better bandwidth, full interworking with other access/backend systems using all-IP architecture with well-defined interworking with circuit switched system. The system is defined to work across multiple access networks (3GPP and non 3GPP) may be trusted or non-trusted. The security mechanism in wireless area has evolved from original analog systems through GSM and
UMTS. The GSM has focussed the security for radio path whereas UMTS has enhanced it in to network functionalities. The future networks based on IP mechanism demands more security features, since the threats related to IP are also possible.
EVALUATION OF SECURITY ATTACKS ON UMTS AUTHENTICATION MECHANISMIJNSA Journal
In this study security of internet access over the Third Generation (3G) telecommunication systems is considered and Universal Mobile Telecommunications System (UMTS) is selected as the most popular system among 3G systems. The study then focuses on network access security mechanism of UMTS, called Authentication and Key Agreement (AKA). In addition, twenty types of important attacks and threats in UMTS system are presented and classified based on three major security factors; authentication, confidentiality, and data integrity. The evaluations finally show that the authentication factor is more interesting than other factors for hackers. Then, we describe four attacks named; man-inthe-middle, denial of service, identity catching, and redirection as the most significant attacks against authentication mechanism. Furthermore, we provide some solutions and methods to improve AKA
mechanism and prevent these attacks in UMTS system.
This paper clarifies the standards defined around LTE network security by standard development organizations including 3GPP, ITU, ETSI, and industry group NGMN. It also examines the different security borders of the mobile network, and delves deeper into the requirements of the Mobile Access Border - the border between the RAN and the core (S1).
Performance Analysis of Mobile Security Protocols: Encryption and Authenticat...CSCJournals
Due to extremely high demand of mobile phones among people, over the years there has been a great demand for the support of various applications and security services. 2G and 3G provide two levels of security through: encryption and authentication. This paper presents performance analysis and comparison between the algorithms in terms of time complexity. The parameters considered for comparison are processing power and input size. Security features may have adverse effect on quality of services offered to the end users and the system capacity. The computational cost overhead that the security protocols and algorithms impose on lightweight end users devices is analyzed. The results of analysis reveal the effect of authentication and encryption algorithms of 2G and 3G on system performance defined in terms of throughput which will further help in quantifying the overhead caused due to security.
Intermediate: Security in Mobile Cellular Networks3G4G
A brief presentation looking at how Security has evolved in the mobile cellular networks from 2G to 4G. This is a very high level presentation but links are provided for anyone interested in studying this topic in detail.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
LTE is designed with strong cryptographic techniques, mutual authentication between LTE network elements with security mechanisms built into its architecture.
With the emergence of the open, all IP based, distributed architecture of LTE, attackers can target mobile devices and networks with spam, eavesdropping, malware, IP-spoofing, data and service theft, DDoS attacks and numerous other variants of cyber-attacks and crimes.
4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G..4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and preceding 5G.4G is the fourth generation of broadband cellular network technology, succeeding 3G and
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
When stars align: studies in data quality, knowledge graphs, and machine lear...
4G and 5G network security techniques and algorithms.pdf
1. 4G and 5G networks security techniques and
algorithms
ITU PITA Workshop on
Mobile network planning and security
Sami TABBANE
23-25 October 2019 – Nadi, Fiji Islands
1
6. ITU Recommendations
6
RECOMMENDATION PUBLICATION
No. TITLE
X.1087 A guideline to technical and operational countermeasures for telebiometric applications using mobile devices 2016
X.1121 Framework of security technologies for mobile end-to-end data communications 2004
X.1122 Guideline for implementing secure mobile systems based on PKI 2004
X.1123 Differentiated security service for secure mobile end-to-end data communication 2007
X.1124 Authentication architecture for mobile end-to-end data communication 2007
X.1125 Correlative Reacting System in mobile data communication 2008
X.1126 Guidelines on mitigating the negative effects of infected terminals in mobile networks 2017
X.1127 Functional security requirements and architecture for mobile phone anti-theft measures 2017
X.1143 Security architecture for message security in mobile web services 2007
X.1147 Security requirements and framework for Big Data analytics in mobile Internet services 2018
X.1158 Multi-factor authentication mechanisms using a mobile device 2014
X.1196 Framework for the downloadable service and content protection system in the mobile Internet Protocol Television (IPTV) environment 2012
X.1247 Technical framework for countering mobile messaging spam 2016
X.1249 Technical framework for countering mobile in-application advertising spam 2019
X.tsfpp Technical security framework for the protection of users' personal information while countering mobile messaging spam [2020]
X.Suppl.30 ITU-T X.805 – Security guidelines for mobile virtual network operators 2017
Work item Subject / Title Timing
X.5Gsec-q Security guidelines for applying quantum-safe algorithms in 5G systems 2020-03
X.5Gsec-t Security framework based on trust relationship in 5G ecosystem 2021-03
X.5Gsec-ecs Security Framework for 5G Edge Computing Services 2021-03
X.5Gsec-guide Security guideline for 5G communication system based on ITU-T X.805 2021-09
7. Evolution of trust models
7
2G Trust model 3G Trust model
4G Trust model 5G Trust model
From ITU Workshop on 5G Security (03/2018)
9. Main changes and additions in LTE / 3G:
• Introduction of a hierarchical key system in
which keys can be changed for different
purposes (e.g., HO),
• Separation of the security functions for the NAS,
• Introduction of the concept of forward security:
limits the security issues when a disclosed key is
used
Security Aspects and parameters in LTE
9
10. • Re-use of UMTS Authentication and Key Agreement
(AKA)
• Use of USIM required (GSM SIM excluded)
• Extended key hierarchy
• Longer keys
Main characteristics
Security Aspects and parameters in LTE
10
12. ASME
• Access Security Management Entity (ASME) is assumed by the
MME.
• It receives the top-level keys in an access network from the HSS
or HLR.
• The MME invokes the AKA procedures by requesting
authentication vectors to the HE (Home environment). The HE
sends an authentication response back to the MME that contains a
fresh authentication vector, including a base-key named KASME
12
16. User Identities
• International Mobile Subscriber Identity (IMSI) allocated to
each mobile subscriber in every (GSM, UMTS, and EPS)
system.
• VLRs, SGSNs and MMEs may allocate Temporary Mobile
Subscriber Identities (X-TMSI) for subscriber identity
confidentiality.
• An MS may be allocated three TMSIs through the:
• VLR (TMSI)
• SGSN (P-TMSI)
• MME (S-TMSI, M-TMSI, part of GUTI, Globally Unique Temporary UE
Identity).
16
17. User Identities
Temporary Mobile Subscriber Identity (TMSI) structure and coding
is chosen by agreement between operator and ME manufacturer in
order to meet local needs.
TMSI = 4 bytes.
Globally Unique Temporary UE Identity (GUTI): unambiguous
identification of the UE that does not reveal the UE or the user's
permanent identity in the Evolved Packet System (EPS). It allows the
identification of the MME and network.
GUTI = GUMMEI + M-TMSI, where
GUMMEI = MCC + MNC + MME Identifier
MME Identifier = MME Group ID + MME Code
MCC and MNC shall have the same field size as
in earlier 3GPP systems.
M-TMSI shall be of 32 bits length.
MME Group ID shall be of 16 bits length.
MME Code shall be of 8 bits length.
17
18. GUTI for UE identity protection
• Temporary identity used instead of the permanent identity IMSI.
• GUTI may be transferred from the MME to the UE via:
• Attach Accept message as an answer to an Attach Request
message,
• Tracking Area Update Accept message as an answer to a Tracking
Area
• Update Request message,
• GUTI Re-allocation Command message.
18
20. • Security concerns:
• UE authentication (USIM: 128 bits
key);
• Internal signaling protection
(integrity), signaling and traffic
encryption;
• Signaling encryption for RRC and
NAS.
• Safety is enhanced by
protecting all entities
• Hierarchical protection (UE, eNB,
ASME, HSS, AuC);
• Transport security on all interfaces.
Security Aspects and parameters in LTE
eNodeB
RRC
S-GW
MME
IPsec
KNASenc
KNASint
KUPenc
KRRCenc
KRRCint
USIM / AuC
UE / HSS
UE / MME
UE / eNB
K
CK, IK
KeNB
KNASint
KNASenc
KUPenc KRRCint KRRCenc
KASME
ASME: Access Security Management Entity
20
21. • Encryption is performed at the eNodeB.
• MSPs (Mobile Services Provider) to
support encryption within the transport
network, especially if using third-party
backhaul transport providers or public
Internet transport.
• IPSec tunneling between the eNodeB
and the security gateway used to secure
data and provide QoS to manage the
security centrally.
Security Aspects in LTE
21
22. NAS security
• NAS messages, UE and MME scope .
• NAS message communication between UE and MME
are Integrity protected and Ciphered with extra NAS
security header.
AS security
• RRC and user plane data, UE and eNB scope .
• PDCP layer in UE and eNB side responsible for
ciphering and integrity.
• RRC messages integrity protected and ciphered but
U-Plane data is only ciphered.
Security Aspects and parameters in LTE
22
27. LTE Ciphering and Integrity Algorithms
Security Aspects and parameters in LTE
27
28. • Security keys for AS (Access Stratum)
• User data and control
• Different from those used in EPC.
• eNodeB keys:
• KeNB: Derived by the UE and the MME from KASME ('Master Key')
and issued by the MME in eNodeB
• KeNB: used to derive the AS traffic keys and handover key KeNB *
• KeNB
*: Derived from the UE and the source from eNodeB KeNB or
valid NH (Next Hop) During the handover, the terminal and the
target eNodeB derive a new KeNB
* from KeNB
Security Aspects and parameters in LTE
28
29. • KUPenc: Derived from KeNB and used to encrypt the user plane
• KRRCint: Derived from KeNB and used to ensure the integrity of
RRC message
• KRRCenc: Derived from KeNB and used to encrypt RRC messages
• Next Hop (NH): Intermediate key used to derive KeNB
* during
intra-LTE handover security
• The NCC (Next Hop Chaining Counter) determines if the next
KeNB
* must be based on a current KeNB
* or fresh NH:
• If no fresh NH available target PCI (Physical Cell Identity) + KeNB
• Fresh NH Target PCI + NH
Security Aspects and parameters in LTE
29
46. 5G security architecture (AN–Access Network, HE–Home Environment, ME–Mobile Equipment,
SN–Serving Network)
46
• Network domain security (II): features and mechanisms to enable network nodes to securely exchange.
• User domain security (III): features and mechanisms at the UE that secure the access to UE and mobile
services. It establishes hardware security mechanisms to prevent the UEs and USIMs from being altered.
• Service-Based Architecture (SBA) domain security (IV): network features and mechanisms for network
element registration, discovery and authorization, for protecting the service-based interfaces. It allows
new 5GC functions, which may be implemented as virtual network functions, to be securely integrated.
Enables secure roaming, which involves the SN as well as the home network (HN)/HE.
• Visibility and configurability of security: features and mechanisms to allow informing users whether a
security feature is in operation. Can be used to configure security features. As the 3GPP 5G security
specifications establish optional security features and degrees of freedom for implementation and
operation, 5G users may encounter different security context.
• Network access security (I): features and mechanisms to enable a
UE to authenticate and securely access network services. UEs
exchange protocol messages through the access network with the
serving network (SN) and leverage the PKI, where keys are stored
in the USIM and the home environment (HE).
48. 5G security architecture
48
SEcurity Anchor
Function (SEAF):
holds the root key
(known as anchor key)
for the visited network
Network Domain Security
Transport Layer Security
SEcurity Protection Proxy (SEPP) for the
control plane of the internetwork interconnect
Authentication credential Repository
and Processing Function (ARPF):
keeps the authentication credentials
49. Trust model in the UE
2 trust domains:
1. The tamper proof universal integrated
circuit card (UICC) on which the Universal
Subscriber Identity Module (USIM) resides
as trust anchor
2. The Mobile Equipment (ME)
The USIM and the ME form the UE.
49
50. DU and CU in the RAN
• RAN is separated into:
Distributed Units (DU): does not have any
access to customer communications. May be
deployed in unsupervised sites
Central Units (CU): terminates the AS security.
Deployed in sites with restricted access to
maintenance personnel
• DU and CU form the gNB
50
51. Core network security
• Access and Mobility Management Function (AMF) serves as
termination point for NAS security.
• AMF is collocated with the SEcurity Anchor Function (SEAF)
that holds the root key (known as anchor key) for the visited
network
• The security architecture allows separation of the security anchor
from the mobility function in a future evolution of the system
architecture
• The ARPF (Authentication Credential Repository and Processing
Function) is collocated with the UDM and stores the long-term
security credentials like the key K (EPS AKA) or EAP-AKA for
authentication
51
53. MAJOR CHANGES IN 5G –SUBSCRIBER PRIVACY
53
Solution:
• SUPI encrypted with home network public key on
initial attach (SUCI)
• Complete authentication
• Then, send SUPI from HPLMN to VPLMN
• Finally, confirm SUPI by binding into a key
Further details:
• Encryption can done on UE or USIM
• Two algorithms standardized on UE side
• Algorithms on the USIM can be controlled by
operators
Note: in order to fight against IMSI catchers, 5G introduces the Subscriber Permanent Identifier (SUPI), as
replacement of the IMSI, and a PKI for the encryption of the SUPI into the Subscriber Concealed Identifier
(SUCI)
54. SUPI (IMSI) Privacy
54
4G
• Initial attach with permanent identity
• Response to identity request in clear
5G improvements
• Encryption of SUPI with public key of home operator (SUCI)
• Routing information (home network ID) in clear
• SUPI revealed to VPLMN only after authentication
• Binding of SUPI into key
• UE and HPLMN have to use the same SUPI: requested for lawful
intercept purposes
• Respond to identifier request with SUCI
• No SUPI based paging
60. MAJOR CHANGES IN 5G –AUTHENTICATION HOME CONTROL IN 5G AKA
60
Based on EPS AKA
• New authentication confirmation
• New RES* and H(X)RES*
Calculation of RES*:
• KDF(CK, IK, SN name, RAND, RES)
• Calculated in ARPF and UE
Calculation of HRES*:
• HASH(RAND, RES*)
• Calculated in SEAF and AUSF
• Used for authentication by the SEAF
67. 67
5G key hierarchy
Key hierarchy extended:
• KAUSF at home network
• KSEAF at visited network
Reasons for KAUSF
• Quick reauthentication
• Protecting home to UE traffic,
e.g. steering of roaming under
discussion
Reasons for KSEAF
• Separate security anchor from
mobility anchor
• Pre-empts AMF at insecure
locations
70. Radio Network Security
70
Integrity protection
Split of gNB into Central and Distributed Unit (CU/DU)
• CU performs security functions (confidentiality/integrity)
• Can be located closer to the core
Visibility
• Requirement to enable applications to check security being
applied to the connection
74. Main security enhancements with 5G
• Security anchor in the SEAF co-located with the AMF. The SEAF creates
the primary authentication a unified anchor key KSEAF (common for all
accesses)
• Access agnostic primary authentication with home control
• Protection SUPI (Subscriber Permanent Identifier 5G IMSI-equivalent ) of
the air with a public key encryption
• Security key establishment and management
• Security for mobility
• Service based architecture security
• Inter-network security, privacy and security for services provided over 5G
with secondary authentication (for ex. between an enterprise and the
UE to authenticate access to a corporate APN)
74
