P1 Training Description TS-270 v1.0 jbt · PDF fileo Huawei LTE-SAE-EPC UGW (GGSN, S-GW, PDN...

3
©2017 P1 Security. All rights reserved. ² Training Description 2017 TS-270 LTE Security and Insecurity

Transcript of P1 Training Description TS-270 v1.0 jbt · PDF fileo Huawei LTE-SAE-EPC UGW (GGSN, S-GW, PDN...

Page 1: P1 Training Description TS-270 v1.0 jbt · PDF fileo Huawei LTE-SAE-EPC UGW (GGSN, S-GW, PDN GW): role & structure. ... Microsoft Word - P1 Training Description TS-270_v1.0_jbt.docx

©2017P1Security.Allrightsreserved.

²

TrainingDescription

2017

TS-270LTESecurityandInsecurity

Page 2: P1 Training Description TS-270 v1.0 jbt · PDF fileo Huawei LTE-SAE-EPC UGW (GGSN, S-GW, PDN GW): role & structure. ... Microsoft Word - P1 Training Description TS-270_v1.0_jbt.docx

©2017P1Security.Allrightsreserved.

TS-270LTESecurityandInsecurity

Descriptionoftraining

Learnaboutmoderntelecom,mainlineandmobile,systemsandnetworksfor4GLTEmobilenetworkservice.Understand the securitymechanismof LTE and the Evolved Packet Core network securityandvulnerabilities.LearnindetailthevariousproblemsthatmayhappeninLTEnetworksanddefineaplanofstudytobecomeanLTENetworkauditor.DurationUniqueversion:2days.Attendeeswillreceive

• AccesstoEricsonDiameterstackandVM;• Diameterfuzzingtoolsandscripts;• GTPscanningtoolsandscripts;• Trainingmaterial:copyofthepresenter’sslides.

Prerequisitesfortraining

• Basicknowledgeoftelecom&networkprinciples:o Whatis2G,3G,4G;o OSInetworklayers;o Basicknowledgeoftelecomtechnologies.

• LaptopwithLinuxinstalledeitherinVMornative,BacktrackorUbuntuwithreverseengineeringandhackingtoolsrecommended;

• GoodknowledgeandusageofWireshark;

Coveredinthistraining

• LTEIntroduction;• LTESecurityarchitecture;• LTENetworkelementsoverviewandsecurityroles&functions;• LTECommunicationsecurity,cryptographyandkeymanagement;• StudyofLTEprotocols:

o S1AP;o X2AP;o Diameter;o GTP-C;o GTP-U;o GTPv2;o GTP’;o NAS.

Page 3: P1 Training Description TS-270 v1.0 jbt · PDF fileo Huawei LTE-SAE-EPC UGW (GGSN, S-GW, PDN GW): role & structure. ... Microsoft Word - P1 Training Description TS-270_v1.0_jbt.docx

©2017P1Security.Allrightsreserved.

• TypicalattacksonLTEinfrastructure;• RecapofSS7attackscenariosandcomparisonto4G;• RoleoflegacyinLTEsecurity;• Networkelementsandtheirfunctions,HSS,DRA/DEA,MME,PCRF,eNodeB,PGW,SGW;• DRAremoteandRCEcompromiseviaDiameter(Casestudy);• VulnerabilitiesinVoLTE;• AnalysisofNetworkelementandvulnerabilities:

o GenericLTENetworkelementvulnerabilities;o HuaweiLTE-SAE-EPCHSS:structure,vulnerabilities,integration,provisioning,

hardwareattacks;o HuaweiLTE-SAE-EPCUGW(GGSN,S-GW,PDNGW):role&structure.

• DiametersecurityandcomparisontoSIGTRANandRadiusprotocols;• Diameterfuzzingandscanning(hands-on);• Diameterinaroamingcontext;• NASsecurity,protocolreviewandknownattacks(casestudies);• SCTPprotocolbasics,scanningandattackscenarios(hands-on);• SGW–PGWinfrastructureanddesignandGTPv2scanningandfuzzing(hands-on);• S1APinterfaceprotocolstudyandknownvulnerabilities(casestudy);• AttackscenariosovertheS1APinterface(hands-on);• AttackingO&M(OAM&Management)ofnetworkelements(hands-on);• Crackingradiusprotocol(hands-on);• GRX/IPXcompromisecasestudies,architectureanddesignandknownvulnerabilities;• ScenariosofattackofLTEnetwork:

o Radio-based,subscriberrole;o Infrastructure-based,transmissionorRANvector;o Internal-basedattack;o Interconnectbasedattackscenrarios.


WDUH - h24-files.s3.amazonaws.comh24-files.s3.amazonaws.com/119969/438361-4HUxM.pdf · mdc 45 4500 c ac 6 gw 94 005 ... 20 gw 94 308 gw 94 328 gw 94 348 gw 94 368 gw 94 318 gw 94

WDUH - h24-files.s3.amazonaws.comh24-files.s3.amazonaws.com/119969/438361-4HUxM.pdf · mdc 45 4500 c ac 6 gw 94 005 ... 20 gw 94 308 gw 94 328 gw 94 348 gw 94 368 gw 94 318 gw 94

Gw Attachments

Gw Attachments

Gw Handhout

Gw Handhout

GW VISIBLE LITTER AUDIT - Sustainable GW | The George ...

GW VISIBLE LITTER AUDIT - Sustainable GW | The George ...

On the growth and form of cortical convolutions · LETTERS NATUREPHYSICSDOI:10.1038/NPHYS3632 Cortical plate Subplate White matter zone y GW 22 GW 40 GW 29 GW 34 Adult GW 26 Simulation

On the growth and form of cortical convolutions · LETTERS NATUREPHYSICSDOI:10.1038/NPHYS3632 Cortical plate Subplate White matter zone y GW 22 GW 40 GW 29 GW 34 Adult GW 26 Simulation

Larbert High School Faculty of Mathematics24453]Higher_Past...2009 P1 Q15 2009 P1 Q21 2010 P1 Q1 2010 P1 Q8 2010 P1 Q21 2010 P1 Q23 2011 P1 Q2 2011 P1 Q8 2011 P1 Q21 2012 P1 Q4 2012

Larbert High School Faculty of Mathematics24453]Higher_Past...2009 P1 Q15 2009 P1 Q21 2010 P1 Q1 2010 P1 Q8 2010 P1 Q21 2010 P1 Q23 2011 P1 Q2 2011 P1 Q8 2011 P1 Q21 2012 P1 Q4 2012

P1 Training Description TS-310 20171010 Word - P1 Training Description TS-310 20171010.docx Created Date 10/10/2017 9:37:32 AM ...

P1 Training Description TS-310 20171010 Word - P1 Training Description TS-310 20171010.docx Created Date 10/10/2017 9:37:32 AM ...

Gw Function

Gw Function

All pages balaji · 2012-11-08 · 5 Lifestyle Products GW-3111 GW-3112 GW-3113 GW-3114 GW-3115 GW-3116 GW-3117 GW-3118 GW-3119

All pages balaji · 2012-11-08 · 5 Lifestyle Products GW-3111 GW-3112 GW-3113 GW-3114 GW-3115 GW-3116 GW-3117 GW-3118 GW-3119

Optional Components/Features Summary · 2019. 11. 18. · Aug. 22, 2018 P1 Technologic Systems Date Title: Rev: Designer Sheet 1 of 34 TS-7120 Standard Options Option 1 TS-7120-PROTO

Optional Components/Features Summary · 2019. 11. 18. · Aug. 22, 2018 P1 Technologic Systems Date Title: Rev: Designer Sheet 1 of 34 TS-7120 Standard Options Option 1 TS-7120-PROTO

Design: GW online community Hideyoshi Ruwwe John Wuidenticalsoftware.com › rpg › gw › gw5_rapture_of_the_deep.pdf · 2007-06-23 · Design: GW online community Editing: GW online

Design: GW online community Hideyoshi Ruwwe John Wuidenticalsoftware.com › rpg › gw › gw5_rapture_of_the_deep.pdf · 2007-06-23 · Design: GW online community Editing: GW online

Weather, Power & Market Forecasts with Gra fa. na€¦ · Temperature Forecast Current Models 2/28 Power Demand Anomaly GFS ENS 10.4 GW 17.6 GW 21.2 GW 20.3 GW 10.1 GW 14 GW -383.1

Weather, Power & Market Forecasts with Gra fa. na€¦ · Temperature Forecast Current Models 2/28 Power Demand Anomaly GFS ENS 10.4 GW 17.6 GW 21.2 GW 20.3 GW 10.1 GW 14 GW -383.1

GW Lists123

GW Lists123

Business and regulatory challenges and solutions with respect ......Italia 14,5 GW Grecia 0,3 GW Romania 0,5 GW Messico 2,1 GW India 0,2 GW Australia 0,3 GW Sud Africa 0,5 GW Brasile

Business and regulatory challenges and solutions with respect ......Italia 14,5 GW Grecia 0,3 GW Romania 0,5 GW Messico 2,1 GW India 0,2 GW Australia 0,3 GW Sud Africa 0,5 GW Brasile

GW Physics

GW Physics

Gw Usmicron300

Gw Usmicron300

GW - Hydrohub GW Scale Electrolyser - ISPT · 2019. 11. 15. · GW - Hydrohub GW Scale Electrolyser A conceptual design, fit for implementation in 5 industrial regions, for a 1-GW

GW - Hydrohub GW Scale Electrolyser - ISPT · 2019. 11. 15. · GW - Hydrohub GW Scale Electrolyser A conceptual design, fit for implementation in 5 industrial regions, for a 1-GW

Bedrock Geology Of Midway Area Wesley R. Lueck Esko ... · cellaneous Map M-183, Scale 1:24,000. ... Gw Ba Ba Ba Ss Ss Gw Gw Gw Ga Ga Ga Ga Ba Ss Gw Ba Ga Ss Gw Wesley R. Lueck ...

Bedrock Geology Of Midway Area Wesley R. Lueck Esko ... · cellaneous Map M-183, Scale 1:24,000. ... Gw Ba Ba Ba Ss Ss Gw Gw Gw Ga Ga Ga Ga Ba Ss Gw Ba Ga Ss Gw Wesley R. Lueck ...

Http Www.securenode.com Resources White Papers VPNFP3 GW GW

Http Www.securenode.com Resources White Papers VPNFP3 GW GW

Topic5PowerTransmissionComponents GW

Topic5PowerTransmissionComponents GW