TS-250 IMS Security and Attacking Telecom Infrastructure

TS-250 IMS Security and attacking telecom infrastructure

Security Training Contact: Course Reference: TS-250 Philippe Langlois [email protected] +33 98045 0447

TS-250 IMS Security and attacking telecom infrastructure

LTE and 4G security and vulnerabilities

Description of Training Class Learn about modern telecom and mobile system and networks in the context of IMS and NGN core networks. The trainee will learn also about the core evolutions of the legacy telecom networks into IMS networks and the reuse of IETF-based protocols in the context of IMS along with its main benefits. Duration • Unique version: 2 days

Attendees will receive • Evaluation access to P1 Security’s vulnerability scanner for Telecom infrastructure (PTA - P1 Telecom Auditor) • Training material: Slides copy of the presenter.

Pre-requisites of training class • Basic knowledge of telecom & network principles; o What is 2G, 3G, 4G; o OSI network layers; o Basic knowledge of telecom technologies; o VoIP and its usage • Laptop with Linux installed either in a VM or native, Backtrack or Ubuntu with reverse engineering and hacking tools recommended; • Good knowledge and usage of Wireshark; • Basic skills and usage of Linux for reverse engineering (strings, knowledge of tools in a Backtrack for reverse engineering); • Legal IDA Pro license optional, but recommended.

Covered in this training • IMS Introduction • IMS Benefits • IMS Technologies • Root of the technology of IMS • IMS Security Architecture • IMS-specific Protocols study o SIP IETF

o SIP-I o SIP-T o Diameter • Overview of other protocols still used in IMS o GTP-C o GTP-U o GTP v2 o GTP’ • IMS Network Elements overview and security roles, functions o HSS o CSCFs: I-CSCF, P-CSCF, S-CSCF o BG / BGCF o MGCF o SGW • Specific Network Elements in recent version of IMS core networks o SDP / SDR o PCRF • Security of the different IMS planes o Access o Transport o Control o Application • IMS Communication security • Open Source IMS tools • IMS network element fingerprinting • Typical attacks on IMS infrastructure • Role of legacy in IMS security o interconnection with SS7 signaling network element o H248 • Vulnerabilities of some Voice over IP protocols: o SIP-I o SIP-T o H323 • Analysis of Network Element and vulnerabilities o Generic IMS Network Element vulnerabilities • Diameter security • Scenario of attack of IMS network o Radio-based, subscriber role o Infrastructure-based, Transmission or RAN vector o Internal-based, attack o Next steps to become an IMS network auditor

About P1 Security Inc. P1 Security is a vendor independent, technology pioneer and leader in Telecom Security Audit products with patent pending technology and top research and development recognized by the GSM Association.

Experts from P1 Security give conferences and training on SIGTRAN and SS7 security worldwide.

Visit our website at www.p1sec.com or contact us for further information.

Contact Email: [email protected] Web: http://www.p1security.com Address: P1 Security, 231 rue Saint Honoré, 75001 Paris, France