5G Wireless Security Training

Commitment 4 Days, 7-8 hours a day.
Language English
User Ratings Average User Rating 4.8 See what learners said
Delivery Options Instructor-Led Onsite, Online, and Classroom Live


Today, we see a world ignited by the fast-paced technology of mobile broadband, first experienced with 4G a decade ago. The world is now seeing the next-generation rollout of 5G services. We can expect a lot because there is a more ambitious agenda and higher expectations of how 5G services will change our daily lives.

5G Wireless Security Training covers the following topics:
  • 5G Wireless Security: The Evolutions to 5G Wireless Security
  • 5G Wireless Security: System Overview and Technical Attributes for 5G Networks
  • 5G Wireless Security: 5G Network and System Architecture
  • 5G Wireless Security: 5G System (5GS) – Service-Based Architecture (SBA)
  • 5G Wireless Security: Intro to 5G Wireless Security
  • And more…
  • 4 days of 5G Wireless Security Training with an expert instructor
  • 5G Wireless Security Training Electronic Courseware
  • Certificate of Completion
  • 100% Satisfaction Guarantee

Mobile security began with 2nd generation systems. That is also where this course begins. This 5G Wireless Security Training course is designed for individuals who already have a good understanding of how mobile cellular services function. The goal of this course is to expand on how security technology and protocols have evolved from the early 90s to today’s 5G services.  This 5G Wireless Security Training course leverages legacy standards, showing how ideas and concepts were used to construct security standards. Each generation of mobile security standards influenced the next. As flaws were discovered in the design of these older security protocols, security experts learned important lessons, continuing to develop more secure systems and better methodologies to protect data against cybercrime.

The main security focus of this course is on 4G and 5G systems. These two generations will remain tightly intertwined, well into the next decade. However, 5G mobile networks are only a part of the security landscape. There are older, reliable underpinnings of mobile security that are rapidly changing deployment models for massive Machine Type Communications (mMTC).

Another complex topic, covered in this 5G Wireless Security Training course, is the multitude of subscriber and network identifiers used in mobile networks, with each generation, more complex schemes of identifiers are used. Many of these are required to increase the security measures for these newer standards.

In the past, cellular technology relied on the physical SIM card, securely containing the mobile operator’s security credentials. Now, with the Over-The-Air (OTA) provisioning of embedded SIMs (eSIMs), things are changing rapidly. If the industry fails to provide robust security for these newer provisioning methods, it will create a security catastrophe. Countries around the world are experiencing the mass introduction of eSIMs, remote SIM provisioning, and now, integrated SIMs (iSIMs). Coverage of these technologies is an important subject in this course.

The second half of this 5G Wireless Security Training course provides a technical overview of the 5G System (5GS), which is a key subject of the entire course.

Section 6 delves into the meaning of a Service Based Architecture (SBA), and why this is a big departure from all previous generations of mobile cellular technologies and standards.

Section 7 provides an overview of Software Defined Networks (SDN) and Network Function Virtualization (NFV). It describes how SDN and NFV are fundamental to the 5G Core (5GC) network architecture. Section 3 provides a detailed description of 5G Core Network functions. This section also provides an example of the Vehicle to Anything (V2X) deployment model. It concludes with an overview of the Security Edge Protection Proxy (SEPP), which provides security between mobile operator roaming partner networks.

Section 8 provides extensive coverage of the 5G Radio Access Network (RAN), referred to as New Radio (NR). Some of the topics include the frequency bands defined for use with 5G NR, how Massive MIMO is being deployed in 5G NR, and duplexing modes & supplementary frequency bands.

Section 9 expands on the previous section’s topic by defining the Centralized-RAN, or C-RAN, for 5G. Since the 5G RAN includes macrocells and small cells, RAN architectures can vary significantly, allowing for many different deployment options. This section provides key examples, using ladder diagrams to show the protocol flows used in 5G C-RANs.

Section 10, the final section, introduces the details of 5G security, which was previously introduced as a high-level topic earlier in the course. This section begins with the topic of Private/Public key pairs to demonstrate one of the most significant security procedures for 5G, the protection of the mobile’s IMSI while attaching to the network. This is followed by a demonstration of the Subscription Concealed Identifier (SUCI) procedure, step-by-step. security algorithms, which many are brought forward from the LTE security architecture. A 5G Security overview is then provided, along with the Authentication and Key Agreement (AKA) procedure. Next, the 5G key hierarchy is shown in detail. The course wraps up with a summary of the security procedures and securing the communication between the access and core networks.


Upon completing this 5G Wireless Security Training course, learners will be able to meet these objectives:

  • The goal of this 5G Wireless Security Training Workshop course is to give the participant a strong and intuitive understanding of what security in wireless systems is and how the security functions are implemented in the 5G, 5G NR, 802.11ax, mmWave/802.11ay radio and core network. The 5G Wireless Security Training Workshop course focuses both on the air interface and the core network security principles, vulnerabilities, attack vectors, and mitigation.
  • We can adapt this 5G Wireless Security Training Workshop course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this 5G Wireless Security Training Workshop, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the 5G Wireless Security Training Workshop around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the 5G Wireless Security Training Workshop course in a manner understandable to lay audiences.

The target audience for this 5G Wireless Security Training Workshop course:

  • Telecom engineer
  • Anyone who wants to learn 5G technology
  • Engineers with telecom experience
  • Engineers with telecom & IT experience
  • Anyone who wants to learn advance technology

The knowledge and skills that a learner must have before attending this 5G Wireless Security Training course are:

  • It is highly recommended that attendees have a solid background in the principles of cellular communications principles. Having an awareness of how cellular communications has evolved through 4th Generation (4G) LTE networks and protocols is helpful. It is not necessary that attendees have a background in 5G systems. However, it is important that prospective attendees understand that this 5G Wireless Security Training course cannot possibly cover all subjects related to 5G, even at an introductory level, in a four-day timeframe.


Global Standardization of Mobile Cellular Networks
  • Rationale Behind 2G to 4G Security
  • ITU Radiocommunications Sector (ITU-R)
  • IMT Mobile Cellular Developments and Deployments
  • World Radio Conferences (WRCs)
  • Wireless Spectrum in Demand by Mobile Network Operators
  • GSM/GPRS & UMTS Interfaces and Nodes
  • Overview of 3GPP and its Organizational Structure
  • 3GPP Technical Specification Groups (TSGs)
  • 4th Generation Mobile Cellular Service
  • 4G LTE Basic Architecture
  • The IP Multimedia Subsystem (IMS) Architecture
  • Heterogeneous Networks (HetNets): 5G Network Deployments
  • 5G Transport Architecture
  • 5G International Mobile Telecommunications 2020
  • 5G Use Cases and Cellular Network Services
  • 5G Requirements
Concepts of Basic Information Security (InfoSec)
  • 2G: GSM Security
    • GSM Subscriber Identity Modules (SIMs)
    • GSM Authentication
    • GSM Encryption
  • Security Vulnerabilities with GSM Networks
  • Overview of 3G UMTS Security
    • UMTS Security Features
    • Generating UMTS Authentication Vectors (AVs)
    • UMTS Mutual Authentication Process
    • USIM-Based Encryption for UMTS
    • UMTS Key Distribution for Encryption
    • Security Vulnerabilities with UMTS Networks
  • Overview of 4G LTE Security
  • LTE Security Stratums
  • Generating Authentication Vectors (AVs) in LTE
  • Overview of 4G LTE Security
  • LTE Security Stratums
  • Generating Authentication Vectors (AVs) in LTE
  • LTE Key Hierarchy
  • LTE Security Procedures:
    • Authentication
    • NAS Security Setup
    • AS Security Setup
  • Mobile Security Architecture Evolution: 2G Through 4G
  • Security Threats and Vulnerabilities for LTE
  • Overview of 5G Security
  • Security Functions in 5G Architecture
  • Authentication and Key Agreement (AKA) within a 5G System
  • Security Trust Model for 5G Networks
  • Non-Standalone (NSA) Security
  • 5G Key Hierarchy
Identifiers Used in Mobile Cellular Networks
  • Integrated Circuit Card Identifier (ICCID) Unique Global Identifier for each SIM
  • Unique Global Identifiers used in 2G, 3G, 4G, and now 5G: International Mobile Subscriber Identity (IMSI)
  • Temporary Mobile Subscriber Identity (TMSI)
  • Unique Global Identifiers used in 2G, 3G, 4G, and now 5G: International Mobile Equipment Identities (IMEIs)
  • GSM Global Identifiers: Four Parameters
  • System Aspects of 3G UMTS Mobility Management
  • 3G Registration Area Definitions for Paging & Mobility Management
  • LTE Non-Access Stratum (NAS) Layer States
  • EPS Connection Management (ECM) RRC Layer States
  • 4G LTE Identifiers
  • Overview of 5G Subscriber-Related Identities
  • State Transitions Between EMM and ECM: Assigning GUTI and C-RNTI for UE Identification by the LTE Network
  • Overview of 5G Subscriber-Related Identities
  • 5G Subscriber Permanent Identifier (SUPI) Formats
  • Structure of Subscription Concealed Identifier (SUCI)
  • Concealing the Subscriber Permanent Identifier (SUPI)
  • 5G Permanent Equipment Identifier (PEI)
  • Structure of the 5G-GUTI and the 5G-S-TMSI
  • 5G Network-Related Identities
  • Inter-RAT Handovers: Mapping the 4G-GUTI to 5G-GUTI
  • 5G Fixed Mobile Convergence (FMC)
The Evolution of Subscriber Identity Modules (SIMs)
  • Universal Integrated Circuit Card (UICC) Logical Structure
  • Application Toolkits for SIMs
  • USIM Application Toolkit (USAT) Features
  • USIM Application Toolkit (USAT): Location Information
  • Characteristics of the Universal Integrated Circuit Card (UICC)
  • Expanding Terminology for SIMs
  • Embedded eSIM (eUICC)
  • Mobile Security: Distribution of Shared Secret Keys
  • Mobile Security: Distribution of Shared Secret Keys
  • File Types and Related Security Access Conditions
  • Typical SIM Card File System Structure for GSM (2G)
  • Universal SIM (USIM) File System Structure for 3G, 4G & 5G Access
  • IMS Application Data File (ISIM)
  • USIM File System Structure: Security, Unique Subscriber Identity, and Service Table
  • USIM Card File System Structure for 5G
  • Combination SIM (Combi SIM) Slots for Smartphones
Provisioning SIMs and Embedded SIMs (eSIMs)
  • The Difference Between M2M and IoT
  • MFF2 SIM Linear Distribution & Subscription Model for M2M
  • Issues with using MFF2 SIMs for M2M Devices
  • How eSIMs are Changing the Market
  • Introduction to Embedded SIMs (eSIMs)
  • Overview of eUICC Service Provider Profiles
  • Remote Provisioning using eSIMs
  • Two Remote Provisioning Methods for Operational Profiles
  • Two Provisioning Models for eSIMs
  • GSMA’s M2M Remote Provisioning Architecture
  • GSMA’s Consumer Remote Provisioning Architecture
  • How Consumer Remote SIM Provisioning Works
  • eUICC Architecture Overview
  • Operator Profile Download and Installation Flow
  • The Integrated SIM (iSIM)
The 5G System (5GS) – Service-Based Architecture (SBA)
  • Submission of initial 5G description for IMT-2020
  • LTE-M & NB-IoT Introduced in 4G LTE-Advanced
  • 3GPP Release Timeline for Specifications
  • 5G Performance and Flexibility Enables New Use Cases
  • Technical Requirements for 5G
  • 5G-PPP KPI Evaluation of Use Cases
  • Attack Surfaces Open with Interconnections Between CS Domain and Internet
  • Overview of 5G Access and Core Networks
  • EPC migration to Control & User Plane Separation (CUPS)
  • Mapping EPC Functions to 5G CN Functions
  • LTE Network Security Issues with the Diameter Protocol
  • LTE Network Security Issues with the Diameter Protocol
  • Reference Point Representation of the 5G Core
  • 5G System (5GS) Service-Based Architecture (SBA)
  • Introduction to Multi-Access Edge Computing (MEC)
  • Multi-Access Edge Computing (MEC) in 5G
  • Expected Edge Evolution
  • Service-Based Architecture (SBA) Service Framework
  • Non-Stand Alone (NSA) Architecture
  • 5G Standalone Architecture (SA)
  • 5G NR Architecture Deployment Options
  • LTE-NR Dual Connectivity with Carrier Aggregation
  • Next-Generation Satellites and 5G: SaT5G
SDN and NFV Fundamental to the 5G Core Architecture
    • Major Trends in Mobile Networking
    • 5G Mobile Network Architecture
    • SDN in NFV Architectural Framework
    • Development of Software-Defined Networks:
      • Intro to Software Defined Networks (SDNs)
      • Northbound and Southbound Interfaces Defined for SDN
      • Application Program Interface (API) Defined
      • SDN Control and User Planes
      • SDN Provides Scale and Resiliency
    • Intro to Network Functions Virtualization (NFV) Traditional Switches & Routers
      • Switch Virtualization with Open vSwitch
      • Network Functions Virtualization (NFV) Framework
      • NFV Infrastructure – NFVI Layers
      • Virtual Network Function (VNF)
      • Management and Network Orchestration (MANO)
    • 4G LTE Core Network Virtualization
    • Technology Breakthrough with RAN Architecture
    • RAN Virtualization Forms for 5G Networks
    • SDN/NFV used in 5G Network Architecture
5G Core Functions
  • 5G System (5GS)
  • User Plane Function (UPF)
  • Access and Mobility Management Function (AMF)
  • Session Management Function (SMF)
  • Policy Control Function (PCF)
  • Unified Data Management (UDM)
  • Unified Data Repository (UDR)
  • Application Function (AF)
  • Authentication Server Function (AUSF)
  • Network Slicing Explained
  • Network Slice Selection Function (NSSF)
  • Introduction to the Service Capability Exposure Function (SCEF)
  • Network Exposure Function (NEF)
  • Network Repository Function (NRF)
  • Simplified Example of 5G API Calls
  • NFS Offer Services to other NFs in a Structured Way
  • V2X Deployment Model
  • Security Edge Protection Proxy (SEPP):
    End-to-End HTTP/2 Roaming Architecture
  • 5GS Roaming Architecture – Local Break Out (LBO)
    1. Service-Based Interface Representation
    2. Reference Point Representation
  • 5GS Roaming Architecture – Home Routed (HR)
    1. Service-Based Interface Representation
    2. Reference Point Representation
5G Radio Access Network (5G RAN)
      • 5G Control/User Plane Split and New Radio (NR) Interface
      • 5G User Plane (UP) Protocol Stack
      • 5G Control Plane (CP) Protocol Stacks
      • New Multiple Access Schemes for NR
      • Higher Order Modulation Rates Supported with 5G NR
      • 5G NR Frame and Bandwidth Numerologies
      • Frame Slots for Different Numerology Configurations
      • Massive Multiple-Input Multiple-Output (MIMO)
      • Frequency Ranges for 5G New Radio (NR)
        1. FR1 Frequency Division Duplex (FDD) Frequency Bands
        2. FR1 Time Division Duplex (TDD) Frequency Bands
  • FR2 Time Division Duplex (TDD) Frequency Bands
  1. Supplementary Uplink (SUL) Frequency Bands
  2. Supplementary Downlink (SDL) Frequency Bands
  • CBRS Tiered User Classes and Frequency Spectrum
  • Using Unlicensed Spectrum for 5G NR (NR-U)
  • 5G Distributed & Centralized RAN Elements
  • 5G Xn – Control and User Plane Protocol Stacks
  • XnAP within the Xn-C (Control) Protocol Stacks
  • F1 Application Protocol (F1AP)
  • F1 Protocol Stack Split Between CU and DU
  • F1 Functional Split Options
  • Bandwidth Considerations for C-RAN
  • Quality of Service (QoS) Flows Across the Xn-User Plane (Xn-U)
Centralized-RAN (C-RAN) for 5G
  • Alternative Splitting Options for Centralized RAN Architecture
  • Alternative C-RAN Solutions: enhanced Common Public Radio Interface (eCPRI)
  • Multiple Splits Can Be Adopted by Service Providers: Combining 3GPP (Option 2) and eCPRI (Option 6 or 7)
  • IEEE 1914: Next Generation Fronthaul Interface (NGFI)
  • Other Alternatives for C-RAN Architectural Splits
  • NG-RAN Transport Network: Midhaul Connections
  • NG-RAN Transport Network: Fronthaul Connections
  • Centralized Radio Access Network (C-RAN) Transport
  • 5G C-RAN Procedures: UE Initial Access
  • Intra-gNB-CU Handover Illustrated
  • 5G C-RAN Procedures: Intra gNB-CU Handover
  • 5G C-RAN Procedures: Dual Connectivity (EN-DC)
Introduction to 5G Security
  • Generating and Using Private/Public Key Pairs
  • Public Key Infrastructure (PKI)
  • 5G Identity Exchange Between UE and Network
  • 5G Security Overview
  • UE Must Identify which Authentication and Key Agreement (AKA) Mechanism to Utilize
  • Generating the Key Access Security Function (KAUSF)
  • Generating the 5G Home Environment Authentication Vector (HE AV)
  • 5G Key Hierarchy
  • Key Distribution in 5G
  • Non-3GPP Access to 5G Core Networks
  • 5G Authentication and Key Agreement (AKA) Procedure
  • Generation of 5G Authentication Vector (AV)
  • Device (UE) Authentication Procedure
  • Authentication Confirmation and UDM Validity Monitoring
  • IPX Allowed to Modify HTTP/2 Messages
5G Wireless Security Training5G Wireless Security Training Course Wrap-Up


    Are you Human?