P1 Training Description TS-270 20170928 v3 JBT in this training • LTE Introduction; • LTE...
Transcript of P1 Training Description TS-270 20170928 v3 JBT in this training • LTE Introduction; • LTE...
©2017P1Security.Allrightsreserved.
²
TrainingDescription
2017
TS-270LTESecurityandInsecurity
©2017P1Security.Allrightsreserved.
TS-270LTESecurityandInsecurity
Descriptionoftraining
Learnaboutmoderntelecom,mainlineandmobile,systemsandnetworksfor4GLTEmobilenetworkservice.UnderstandthesecuritymechanismofLTEandtheEvolvedPacketCorenetworksecurityandvulnerabilities.LearnindetailsthevariousproblemsthatmayhappeninLTEnetworksanddefineaplanofstudytobecomeanLTENetworkauditor.DurationUniqueversion:2days.Attendeeswillreceive
• Diameterscanning&fuzzingtoolsandscripts;• GTPscanningtoolsandscripts;• Trainingmaterial:copyofthepresenter’sslidesthroughIntralinksWebplatformtoolforaone
Yeardurationafterthetraining’sdelivery.
Prerequisitesfortraining
• Basicknowledgeoftelecom&networkprinciples:o Whatis2G,3G,4G;o OSInetworklayers;o Basicknowledgeoftelecomtechnologies.
• LaptopwithKaliLinuxinstalledeitherinVMornative;• GoodknowledgeandusageofWireshark;
Coveredinthistraining
• LTEIntroduction;• LTESecurityarchitecture;• LTENetworkelementsoverviewandsecurityroles&functions;• LTECommunicationsecurity,cryptographyandkeymanagement;• StudyofLTEprotocols:
o S1AP;o X2AP;o Diameter;o GTP-C;o GTP-U;o GTPv2;o GTP’;o NAS.
• TypicalattacksonLTEinfrastructure;
©2017P1Security.Allrightsreserved.
• RecapofSS7attackscenariosandcomparisonto4G;• RoleoflegacyinLTEsecurity;• Networkelementsandtheirfunctions:HSS,DRA/DEA,MME,PCRF,eNodeB,PGW,SGW;• DRAremoteandRCEcompromiseviaDiameter;• VulnerabilitiesinVoLTE;• AnalysisofGenericLTENetworkelementandvulnerabilities:• DiametersecurityandcomparisontoSIGTRANandRadiusprotocols;• Diameterfuzzingandscanning;• Diameterinaroamingcontext;• NASsecurity,protocolreviewandknownattacks;• SCTPprotocolbasics,scanningandattackscenarios;• SGW–PGWinfrastructureanddesignandGTPv2scanningandfuzzing;• S1APinterfaceprotocolstudyandknownvulnerabilities;• AttackscenariosovertheS1APinterface;• AttackingO&M(OAM&Management)ofnetworkelements;• CrackingRADIUSprotocol;• GRX/IPXcompromisecasestudies,architectureanddesignandknownvulnerabilities;• ScenariosofattackofLTEnetwork:
o Radio-based,subscriberrole;o Infrastructure-based,transmissionorRANvector;o Internal-basedattack;o Interconnectbasedattackscenarios.