5G Protocol Stack

Protocol Stack is a group of protocols that all work together to allow software or hardware to perform a function. TCP/IP protocol stack is a good example.

5G Protocol Stack =>

     Layer-1 (L1)   -   PHYSICAL Layer

     Layer-2 (L2)   -   MAC, RLC and PDCP layers

     Layer-3 (L3)   -   RRC layer

The Figure below depicts 5G Protocol Stack consisting of both User Plane and Control Plane protocol layers.

ref:

5G NR Architecture -  

• https://red-colmena.com/f/JyY1ajY1JmhhZSFpdC91JGcmIyEsYGU/18/08/cw_5g_training_v3_slides.pdf
• https://5g-ppp.eu/wp-content/uploads/2018/01/5G-PPP-5G-Architecture-White-Paper-Jan-2018-v2.0.pdf

5G Protocol Stack - http://www.rfwireless-world.com/Terminology/5G-Protocol-Stack-Layer-1-Layer-2-and-Layer-3.html

5G Protocol Stack (User Plane and Control Plane) - 

• https://www.netmanias.com/en/post/oneshot/14103/5g/5g-protocol-stack-user-plane-control-plane
• http://www.techplayon.com/5g-nr-radio-protocol-stack-layer-2-layer-3/

5G network architecture - http://www.rfwireless-world.com/Tutorials/5G-network-architecture.html

Misc -

• https://5g-ppp.eu/wp-content/uploads/2018/01/5G-PPP-5G-Architecture-White-Paper-Jan-2018-v2.0.pdf
• http://std-share.itri.org.tw/Content/Files/Event/Files/2.%205G%20core%20network%20standardization(%20%E7%9A%87%E7%94%AB%E5%BB%BA%E5%90%9B).pdf
• https://www.sdxcentral.com/5g/definitions/5g-architecture/

5G Quality of Service(QoS)

5G promises a range of capabilities from downloading a movie fast(example: under 5 seconds) to supporting real-time low-latency of Industrial IoT(Internet of Things), factory automation or self-driving cars. This range of capabilities requires that the Quality of Service (QoS) characteristics, such as delay, error rate, and priority be specified and enforced. 5G enhances the QoS options compared to 4G LTE.

The concept of QoS in 5G is flow based. Packets are classified and marked using QFI (QoS Flow Identifier). The 5G QoS flows are mapped in the AN (Access Network) to DRBs (Data Radio Bearers) unlike 4G LTE where mapping is one to one between EPC and radio bearers. It supports following QoS flow types. 

QoS flow is identified by QFI within PDU session. This QFI is carried in an encapsulation header over NG-U. For each UE, 5GC establishes one or more PDU sessions and NG-RAN establishes at least one DRB together with PDU session. Additional DRBs are configured for QoS flows of that PDU session consecutively.
 
• GBR(Guaranteed Bit Rate) QoS flow, requires guaranteed flow bit rate   
• Non-GBR QoS flow, does not require guaranteed flow bit rate    

Following are the benefits or advantages of 5G QoS in NR =>

• It delivers critical communication services for mission critical users/organizations.   
• It provides different prioritization levels for different applications as per users preset requirements with the operators.   
• It provides help to people during disasters and emergency situations such as floods, earthquake etc.
• The service is always available for emergency callers

ref:

Quality of Service (QoS) for 5G Networks -   

• http://www.ijfcc.org/vol6/483-GS0004.pdf
• https://www.awardsolutions.com/portal/shareables/what-is-5G/5G-Training-Online/quality-service-model-5g-prasad-govindarajan

5G NR QoS - http://www.rfwireless-world.com/5G/5G-NR-QoS.html

5G NR User Plane Protocol - http://www.techplayon.com/5g-nr-radio-protocol-user-plane-whats-new-lte-5g-nr/ 

Quality of Service (QoS) concept and architecture (Specification #: 23.107) -

• https://www.etsi.org/deliver/etsi_ts/123100_123199/123107/10.01.00_60/ts_123107v100100p.pdf
• https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=783

AT command set for User Equipment (UE): Specification #: 27.007 -

• https://www.etsi.org/deliver/etsi_ts/127000_127099/127007/10.03.00_60/ts_127007v100300p.pdf
• https://portal.3gpp.org/desktopmodules/Specification/SpecificationDetails.aspx?specificationId=1515

5G Session Management Spec - https://www.etsi.org/deliver/etsi_ts/129500_129599/129512/15.00.00_60/ts_129512v150000p.pdf

Enabling ICN in 3GPP's 5G NextGen Core Architecture  - https://tools.ietf.org/id/draft-ravi-icnrg-5gc-icn-03.html

Misc - 
https://www.researchgate.net/figure/5G-NG-RAN-Protocol-Stack-and-5G-QoS-Architecture_fig6_323184543

Threat Modelling

Threat Models are a systematic and structured way to identify and mitigate security risks in our software.

When we deep drive - Threat modeling is a process by which potential threats, such as structural vulnerabilities can be identified, enumerated, and prioritized - all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker. Threat modeling answers questions like “Where are the high-value assets?”, “Where am I most vulnerable to attack?”, “What are the most relevant threats?”, and “Is there an attack vector that might go unnoticed?”. It is a procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system. In this context, a threat is a potential or actual adverse event that may be malicious (such as a denial-of-service attack) or incidental (such as the failure of a storage device), and that can compromise the assets of an enterprise.
 
Threat modeling is asking and answering questions about the thing you are working to protect. It requires that you step out of the day-to-day whirlwind of data security and imagine the future. It’s important to not only create threat models as part of an implementation plan for new systems but also to set aside time to create or update threat models for older systems as well.

A threat profile includes information about critical assets, threat actors, and threat scenarios. A threat scenario is an illustration in which one or more threat actors can mount one or more threat actions in an attempt to compromise an identified critical asset by exploiting both vulnerabilities and inadequate safeguards (Dziadyk, 2011). A threat scenario campaign is a series of related threat scenarios that are used together as part of an APT for a common objective. An organization’s threat profile includes all of this threat information and presents a clear and detailed illustration of how each of these components are used together

An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element. Attack vectors include viruses, e-mail attachments, Web pages, pop-up windows, instant messages, chat rooms, and deception. All of these methods involve programming (or, in a few cases, hardware), except deception, in which a human operator is fooled into removing or weakening system defenses.
 
STRIDE is a model of threats developed by Praerit Garg and Loren Kohnfelder at Microsoft for identifying computer security threats.It provides a mnemonic for security threats in six categories.The threats are:
 
   Spoofing of user identity - A spoofing attack occurs when an attacker pretends to be someone they're not.

   Tampering - Tampering attacks occur when the attacker modifies data in transit.

   Repudiation - Repudiation occurs when someone performs an action and then claims that they didn't actually do it.

   Information disclosure (privacy breach or data leak) - Usually quite straightforward - can the attacker view data that they're not supposed to view?

   Denial of service (D.o.S) - Denial of service threats occur when an attacker can degrade or deny service to users.

   Elevation of privilege - An elevation of privilege threat occurs when an attacker has the ability to gain privileges that they'd not normally have.


ref:

Threat Modelling -

• https://en.wikipedia.org/wiki/Threat_model
• https://searchsecurity.techtarget.com/ 
• https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
• https://docs.microsoft.com/en-us/azure/security/azure-security-threat-modeling-tool-getting-started#building-a-model
• https://searchsecurity.techtarget.com/definition/threat-modeling 

Application Threat modelling - https://www.owasp.org/index.php/Application_Threat_Modeling

Threat Modeling: 12 Available Methods -  https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html 

Creating a Threat Profile for Your Organization - https://www.sans.org/reading-room/whitepapers/threats/creating-threat-profile-organization-35492

Attack Vector - 

• https://www.sagedatasecurity.com/blog/threat-hunting-common-attack-vectors-and-delivery-channels
• https://www.sans.org/reading-room/whitepapers/riskmanagement/securing-common-vectors-cyber-attacks-37995

STRIDE security -

• https://blogs.msdn.microsoft.com/larryosterman/2007/09/04/threat-modeling-again-stride/
• https://www.microsoft.com/security/blog/2007/09/11/stride-chart/
• https://en.wikipedia.org/wiki/STRIDE_(security) 
• https://blog.securityinnovation.com/stride