ISN 3110

Wireless and Mobile Networks

Overview of network evolution from 1G to 6G

Professor Emmanuel TONYE et Engineer Rholy

NKUH
[email protected] et
[email protected]
https
://www.researchgate.net/profile/Emmanuel_Tonye
Radiocommunication_mobile_P9_Pr Tonye 1
Plan
1. Overview of network evolution from 1G to 6G
2. Operation of each electronic communications interceptor and preventive actions
3. QoS and QoE formulation and QoS optimization tools
4. Five (05) non-terrestrial network architectures
5. Types of handover from 2G to 5G networks
6. Advantages and disadvantages of network monitoring systems (supervision and
metrology)
7. Optical fibers in Cameroon's mobile telecommunications networks
8. TP1: LTE/WIFI Offloading
9. TP2: Virtualisation of the 4G Evolved Packet Network (EPC) Core using NFV
technology
10. Exercices and corrections
Radiocommunication_mobile_P9_Pr Tonye 2
 3rd Generation Partnership
Projectbetween
Cooperation (3GPP)
telecommunications
standardization organizations that produces and
publishes technical specifications for 2nd (2G), 3rd (3G),
4th (4G), and 5th (5G) and 6th (6G) generations.
These are organizations such as:
• the ITU (International Telecommunications Union),
• ETSI (Europe), the European Telecommunications
Standard Institute (the European Institute of
Telecommunications Standards) is the European
standardization organization in the telecommunications
field.
• ARIB/TTC (Japan),
• The CCSA (China),
• ATIS (North America)
• and the TTA (South Korea).
Wireless_Mobile_VoIP_security_Pr Tonye 3
 3rd Generation Partnership
Project
3GPP (3GPP)
also ensures the maintenance and development of
technical specifications for mobile standards of the GSM
family, notably for GPRS, EDGE, UMTS, LTE and LTE
Advanced.

3GPP PSS (Packet Switched Streaming) is the part of the

standard (from version 5) which deals with audio/video
services, including television, on mobile network.

3GPP Imb (Integrated Mobile Broadcast) is the part of

the standard (from version 8) which deals with the
broadcast of television on the radio cells of 3G mobile
services. Wireless_Mobile_VoIP_security_Pr Tonye 4
3GPP publication calendar

Wireless_Mobile_VoIP_security_Pr Tonye 5
Global roadmap for the development of 6G

Source -
https://5g-ppp.eu/wp-content/uploads/2021/06/WhitePaper-6G-Europe.pdf#:~:text=The%206G%20architecture%2
0should%20be%20sufficiently%20flexible%20and,as%20well%20as%20local%20and%20distributed%20compute%
20capabilities

Wireless_Mobile_VoIP_security_Pr Tonye 6
 Simplified architectures of 1G to
6G networks

6G

1. Mobile terminal : Mobile Station, User Equipment

2. Air Interface :
3. Radio Access Network : Base station, Interfaces, Common name for each technologie
4. Core Network : Equipments, Common name for each technology
Source 1: Ms. Lopa, J Vora, Evolution of Mobile Generation Technology, 1G to 5G and review of upcoming wireless technology 5G (
https://ijmter.com/papers/volume-2/issue-10/evolution-of-mobile-generation-technology-1g-to-5g-and-review-of-5g.pdf (consulté le 23 octobre
2020)) Adaptation du professeur Tonye
Source 2: https://www.slideshare.net/mobile/3G4GLtd/intermediate-security-in-mobile-cellular-networks (consulté le 23 octobre 2020) Adaptation du
professeur
Source 3: -Tonye
https://www.researchgate.net/publication/332726164_The_Roadmap_to_6G_--_AI_Empowered_Wireless_Networks (consulté le 14 janvier 2022)
Adaptation du professeur Tonye

Wireless_Mobile_VoIP_security_Pr Tonye 7
Architectures of mobile telecommunications systems from 1G to 6G

1G 2G et 2.5G 3G

4G 5G 6G

Wireless_Mobile_VoIP_security_Pr Tonye 8
 Comparison of mobile telecommunications systems from 0G to 6G:
equipment, common names
0G 1G 2G 3G 4G 5G 6G
Mobile MS MS MS, SIM, UE, USIM, UE, USIM,
UE, eUSIM, M-UE, sCell-
terminal IUCC IUCC IUCC
IUCC, UE, sCell-AP
eIUCC
Base Station AP BS BTS Node B / NB eNodeB /eNB gNodeB/ sCell-RAN,
gNB UM-MIMO
BS
Radio BSS BSS BSS UTRAN eUTRAN, C- NR, C- CR, SDR, IR
Subsystem RAN RAN

Radio access BS BS BTS, BSC, Node B et eNB gNB M-UE, sCell-

network TCU, PCU RNC UE, sCell-AP,
Equipment (s) sCell-RAN,
UM-MIMO
BS
Core network MSC, MSC, MSC, VLR, MSC, VLR, SGW, PGW, UPF; AMF, Nuagique
Equipments VLR VLR GMSC, SGSN, GMSC, SGSN, MME, HSS SMF, AUSF,
GGSN, HLR, GGSN, HLR, UDM
AuC, EIR, AuC, EIR
OMC
Core NSS NSS NSS, OSS CS, GPRS PS EPC 5GC Nuagique
network
subsystem Wireless_Mobile_VoIP_security_Pr Tonye 9
Interface Air Air Um, Abis Uu, Iub, IuCS, Uu, S1-C, S1- Uu, S1-U, Nuagique
 Evolution of mobile networks to the future 6G-IoT: Characteristics

FDMA TDMA/CDMA FTDMA/CDMA WCDMA/CDMA/OFDMA NOMA/Tout IP

ACCESS MODE (Very Low Spectral (digital voice) (Data packets) (Multimedia)
Spectral Efficiency)
Analog voice

2G 3G/3G+ 4G /5G/6G/IoT
1G •Digital
•Turbo code • Smart Antennas
NORMS ANALOGICAL modulation 2.5G/2.75G •WALHS code • Fractal antennas
•Convolution •Detailed cell • MIMO
• Higher order
codes structures • Adaptive systems
•Power modulation
•Turbo coding •Power control • OFDM modulation
control

AMPS PDC 9.6Kbps

TACS GSM 9.6Kbps EV DO
Bit GPRS 115kbps REV.0 2.48Mbps
NMT HSCSD
transmission CDMA2000 153.6kbps REV.A 3.1Mbps UMB 280Mbps
C-450 IS-54/136/95/95A/95B EDGE 384kbps LTE 300Mbps
capacity (Bas débits) 14.4Kbps WCDMA/UMTS 3.8MBPS
1XEVDV (B:15Mbps) 5G 10Gps
PHS 64Kbps 6G >1Tbps
WIMAX 18Mbps

1984- 1996+ 1992 - 2000+ 2001+ 2003+ 2005 2010 à 2030

NORMS ACCESS MODES BIT TRANSMISSION CAPACITY10

Wireless_Mobile_VoIP_security_Pr Tonye
 Different generations of mobile telecommunication standards 3rd Generation Partnership Project (3GPP))
3GPP Indicative data rate (download) in
 paysage
Generation de sécurité Description
Acronym standards bit/s
version (theoretical / practical / usual)
Radiocom
1G Analog
2000
2G GSM Voice-only exchanges 9,05 kbit/s
2.5G GPRS Data exchange excluding voice 97 171,2 kbit/s / 50 kbit/s / 17,9 kbit/s
EDGE
2.75G GPRS evolution 98 384 kbit/s / 64 kbit/s / -

144 kbit/s rurale, 384 kbit/s

3G UMTS Voice + data 99
urbaine, 1,9 Mbit/s point fixe / -
14,4 Mbit/s / 7,2 Mbit/s / 3,6
3.5G ou 3G+ HSPA UMTS evolution 5 et 6
Mbit/s
3.75G ou 3G+
HSPA+ UMTS evolution 7 21 Mbit/s / 10 Mbit/s / 5 Mbit/s
+ ou H+
3.75G ou H+
DC-HSPA+ UMTS evolution 8 42 Mbit/s / 20 Mbit/s / 10 Mbit/s
Dual Carrier
4G (3.9G) LTE Data 8 et 9 150 Mbit/s / 60 Mbit/s / 30 Mbit/s
1 Gbit/s à l'arrêt, > 100 Mbit/s en
4G / 4G+ LTE Advanced Data + voice (VoLTE) 10
mouvement / - / -
3 Gbit/s à l'arrêt (
4,5G LTE - A Data + voice (VoLTE) 11 et 12
terminaux cat.8 et 14) / - / -
quency spectrum for the main wireless and mobile telecommunications networks
Agence nationale de radiofréquences (ANRF)

Wireless_Mobile_VoIP_security_Pr Tonye 12
 2G, 2.5G,
2.75G

Distribution of frequency
spectrum in Cameroon
Camtel, MTN, Nextel, 3
Orange, Easylink, Space200,
4G Africa are concession G
operators with frequency 4
bands under license
G
Blue license bands
Bands without license (no license) in green
Orange satellite strip
Military band/wireless camera in orange
Wireless_Mobile_VoIP_security_Pr Tonye 13
Complete the table of Distribution of the frequency
spectrum in Cameroon

2G 3G 4G 5G
CAMTEL
MTN
Orange
NEXTEL
EasyLink
Space200
4G Africa
Military/
Wireless
cameras
Satellite
Wifi

Wireless_Mobile_VoIP_security_Pr Tonye 14
 Table showing the frequency bands of 2G to 4G networks of telecommunications
operators in Cameroon

Telco(MHz) Bandes 2G Bandes 2G Bandes 3G Bandes 3G Bandes 4G Bandes 4G

UL DL UL DL UL DL

CAMTEL 880-915 925-960 1920-1935 2110-2170 800 2600

1732-1757 1832-1852 1929-1935 2110-2125 1800 /

ORANGE 880-915 925-960 1950-1965 2140-2155 2635-2666 2636-2666

1710-1722 1805-1817 2500-2570 2620-2690

MTN 880-915 925-960 1920-1980 2110-2170 2534-2564 2534-2564

1760-1780 1855-1875 1965-1980 2155-2170 2534-2564 2620-2690

NEXTTEL 880-910 925-960 1935-1950 2125-2140 800 2600

1722-1732 1817-1832 1935-1950 2125-2140 2500-2570 2620-2690

Wireless_Mobile_VoIP_security_Pr Tonye 15
 Description des
architectures 2G, 3G,
4G, 5G et 6G

Wireless_Mobile_VoIP_security_Pr Tonye 16
Complete the table by giving the meaning of the acronym and the role of the
component of the 2G architecture (GSM - Global System for Mobile
Communications )

Meaning of acronym Role

BTS
BSC
MS
TCU

MSC
VLR
HLR
EIR
AUC
OMC
NSS
BSS
NMC

GMSC
RTCP
SGSN

Wireless_Mobile_VoIP_security_Pr Tonye 17
Table giving the meaning of the acronym and the role of the component of
the 2G architecture (GSM - Global System for Mobile Communications )

BTS Base Transceiver Station établit le lien radio entre l'abonné et le réseau
BSC Base Station Controller attribue les canaux de communication et gère la mobilité des données
MS Mobile Station permet aux abonnés d'accéder aux services offerts par l'opérateur
Trans-Coder-Units. Ces unités permettent aux utilisateurs de réduire le nombre, et donc le coût, des
TCU
liaisons PCM (Pulse CodeModulation) nécessaires entre BSS et NSS
MSC Mobile Switching Center relie le réseau courant aux autres réseaux qui lui sont raccordés
VLR Visitor Location Register est le serveur d'informations des abonnés en mobilité
HLR Home Location Register est la base de données regorgeant les informations des abonnés
Equipment Identify Register contient l’Identifiant destiné à permettre de désactiver un téléphone
EIR
mobile (GSM) qui aurait été volé.
AUC Authentificate Center est la base de données des algorithmes d'authentification et de chiffrement
Operation and Maintenance Center est le sous-système d’exploitation et de maintenance, qui
OMC
intègre les outils d’administration et de supervision du système.
Network Station Subsystem est le sous-système réseau ou NSS, qui est garant de la gestion des
NSS appels (commutation) et de la mobilité. OMC-R pour le sous-système BSS et OMC-S pour le sous-
système NSS.
Base Station Subsystem est le sous-système radio, qui assure l’accès au réseau à travers l’interface
BSS
air
Network Management Center utilise des logiciels et du matériel pour collecter et analyser en
NMC permanence des données et imposer des modifications de configuration afin d’améliorer les
performances, la fiabilité et la sécurité
GMSC Gateway Mobile Switching Center est utilisé pour acheminer les appels en dehors du réseau mobile.
RTCP Réseau téléphonique commutéTonye
Wireless_Mobile_VoIP_security_Pr publique ou réseau de téléphonie fixe 18
Serving GPRS Support Node est une entité réseau qui fournit la capacité de commutation de
Complete the table by giving for each of the GSM connection types: Position, role, Protocol and
transmission medium
Type of Position Role Protocole Support
interface
Um or
Radio

Abis

Ater

PSTN

Wireless_Mobile_VoIP_security_Pr Tonye 19
Table giving for each of the GSM connection types: Position, role, Protocol and transmission medium

Type de Position Role Protocole Support

liaison
Um or MS – BTS Transport de : LAPDm Ondes Electromagnétiques
Radio - Voix à 13 Kbits/s pour chaque communication et codée à 22.8Kbit/s
- Signalisation pour la gestion du trafic et des mobiles
Abis BTS–BSC Transport de : LAPD Faisceau hertzien
- Voix à 16 Kbits/s pour chaque communication. Liaison fibre optique
- Signalisation pour la gestion. Liaisons de 2 Mbits/s et
- Signalisation pour la maintenance et la gestion des BTS. plus
Ater BSC – TCU Transport de : (SS7 basic) + Liaison fibre optique
- Voix à 16 Kbits/s pour chaque communication. BSSAP Liaisons de 2 Mbits/s et
- Signalisation pour la gestion. (BSSAP = plus
- Pour certains équipements de signalisation pour la gestion du TRAU BSSMAP+DTAP)
(adapte les débits)
A TCU – MSC Transport de : (SS7 basic) + Liaison fibre optique
- la Voix à 64 Kbits/s utilisé pour la communication. BSSAP Liaisons de 2 Mbits/s et
- signalisation pour la gestion du trafic. plus
B MSC – VLR Signalisation pour Mobile Application Part (MAP) (SS7 basic) + Liaison fibre optique
MAP Liaisons de 2 Mbits/s et
plus
C MSC – HLR Signalisation pour Mobile Application Part (MAP) (SS7 basic) + Liaison fibre optique
MAP Liaisons de 2 Mbits/s et
plus
D VLR – HLR Signalisation pour Mobile Application Part (MAP) (SS7 basic) + Liaison fibre optique
MAP Liaisons de 2 Mbits/s et
plus
E MSC-MSC Transport de : (SS7 basic) + Liaison fibre optique
- Signalisation pour MAP. MAP Liaisons de 2 Mbits/s et
- Voix à 16 Kbits/s utilisé pour la communication plus
F MSC – EIR Signalisation pour Mobile Application Part (MAP) (SS7 basic) + Liaison fibre optique
MAP Liaisons de 2 Mbits/s et
plus
G VLR – VLR Signalisation pour Mobile Application Part (MAP) (SS7 basic) + Liaison fibre optique
MAP Liaisons de 2 Mbits/s et
Wireless_Mobile_VoIP_security_Pr Tonye plus 20
PSTN MSC – PSTN Signalisation pour Mobile Application Part (MAP) (SS7 basic) + Liaison fibre optique
 Complete the table by giving for each type of GSM channel:
Meaning of the acronym, Function, multiplexing method, Signaling or Traffic
Type of channel Meaning of Function Multiplexing Signaling or data Possible slot Multiframe
acronym method traffic
FCCH

SCH

BCCH

PCH

RACH

AGCH

CBCH

SDCCH

SACCH

FACCH

TCH/FS
TCH/HS

Wireless_Mobile_VoIP_security_Pr Tonye 21
Table by giving for each type of GSM channel: Meaning of the acronym, Function, multiplexing
method, Beacon or Traffic

Wireless_Mobile_VoIP_security_Pr Tonye 22
Complete the table by indicating the meaning of the acronym and the
function of the GPRS (General Packet Radio Service) network
equipment.
Meaning of
Function
acronym

PCU

SGS
N

GGS
N

Wireless_Mobile_VoIP_security_Pr Tonye 23
Table indicating the meaning of the acronym and the function of the
GPRS (General Packet Radio Service) network equipment
Meaning of the
Function
acronym
Responsable de la formation et de la transmission
Packet Control des trames contenant les paquets GPRS. C'est la
PCU
Unit carte qu'on ajoute à la BSC 2G pour passer à la
2.5G.

Routeur permettant de gérer les coordonnées des

SGS Serving GPRS
terminaux de la zone et de réaliser l'interface de
N Support Node
transit des paquets avec la passerelle GGSN.

Passerelle s'interfaçant avec les autres réseaux de

GGS Gateway GPRS données (internet). Le GGSN est notamment chargé
N Support Node de fournir une adresse IP aux terminaux mobiles
pendant toute la durée de la connexion.

Wireless_Mobile_VoIP_security_Pr Tonye 24
 Complete the table by giving the characteristics of the GSM and DCS-
1800 networks.
GSM DCS-1800
Bande de fréquence (liaison
montante)
Bande de fréquence (liaison
descendante)
Nombre d’intervalles de
temps par trame TDMA
Débit total par canal
Débit de la parole
Débit maximum des données
Techniques de multiplexage
Rayon de cellules
Puissance des terminaux
Sensibilité des terminaux
Sensibilité de la station de
base
Signal
Largeur de bande
Algorithme de chiffrement et
d’authentification

Wireless_Mobile_VoIP_security_Pr Tonye 25
 Table giving the characteristics of the GSM and DCS-1800 networks.

Signal Numérique Numérique

Largeur de bande 200KHz 200KHz
Algorithmes de chiffrement et A5/1 et A3 A5/1 et A3
d’authentification
Wireless_Mobile_VoIP_security_Pr Tonye 26
 Description des
architectures 2G, 3G,
4G, 5G et 6G

Wireless_Mobile_VoIP_security_Pr Tonye 27
 Complete the table by indicating the roles of each component of the 3G
network architecture (UMTS - Universal Mobile Telecommunications System)
Component Role

NodeB

RNC

MSC
VLR
GMSC
SGSN
GGSN
HLR
AuC
EIR

Wireless_Mobile_VoIP_security_Pr Tonye 28
 Table indicating the roles of each component of the 3G network
architecture (UMTS - Universal Mobile Telecommunications System)
NodeB Gère une ou plusieurs cellules. Il assure les fonctions de réception et
de transmission radio pour une ou plusieurs cellules du réseau
d’accès de l’UMTS avec un équipement usager.
RNC Possède et contrôle les ressources radio des NodeB auxquels il est
connecté. Le RNC est le point d’accès au service pour tous les
services que l’UTRAN fournit au réseau cœur. Il peut avoir deux
modes de fonctionnement :
(1) Le Serving RNC (SRNC) permet de gérer la signalisation
associée, les connexions radios avec le mobile et sert de point de
rattachement au réseau cœur. Il contrôle, exécute le handover et
gère le contrôle de puissance.
(2) Le Drift RNC (DRNC) gère les ressources radios des NodeB qui
dépendent de lui. Il effectue la recombinaison des liens lorsque
du fait de la macro diversité, plusieurs liens radios sont établis
avec des Node B qui lui sont rattachés. Il route les données
utilisateur vers le Serving RNC dans le sens ascendant et vers les
Node B dans le sens descendant de manière transparente.
MSC Assure la commutation des données
VLR Base de données d’enregistrement des utilisateurs dans une zone
géographique
GMSC Passerelle entre le réseau UMTS et les réseaux extérieurs
SGSN Enregistre les utilisateurs d’une zone géographique dans une zone de
routage
GGSN Passerelle vers les réseaux à commutation de paquets extérieurs
HLR Wireless_Mobile_VoIP_security_Pr Tonye
Base de données des informations sur les utilisateurs
29
the table by indicating the meaning of the acronym, the use, the direction (DL or UP), the function (control or traffic or

Type of channel meaning of the The use Direction (DL or Function (control or traffic or
acronym UP) transport)
BCCH

PCCH

DCCH

CCCH

DTCH

CTCH

BCH

PCH

RACH

Wireless_Mobile_VoIP_security_Pr Tonye 30
ndicating the meaning of the acronym, the use, the direction (DL or UP), the function (control or traffic or transport)

Wireless_Mobile_VoIP_security_Pr Tonye 31
Table indicating the meaning of the acronym, the use, the direction (DL or UP), the
function (control or traffic or transport)
Type of channel meaning of the acronym The use Direction (DL or UP) Function (control or traffic or transport)

BCCH Broadcast Control Channel Diffusion du message du système DL Contrôle

d’information qui contient les
sequences de code, l’identifiant de la
cellule et les minuteries.
PCCH Paging Control Channel Les appels entrants ou DL Contrôle
d’autres messages doivent être
annoncés aux utilisateurs dans
la zone de localisation
DCCH Dedicated Control Channel Il envoie des rapports de DL ou UL Contrôle
mesureainsi que des messages
de contrôle RRC
CCCH Common Control Channel Etablissement de la connexion, Dl et UL Contrôle
assignation des canaux et
reselection de cellules
DTCH Dedicated Traffic Channel Les informations relatives au DL et UL Trafic
service spécifique d’un seul
utilisateur sont transférées.
Plusieurs services peuvent être
fournis à un seul utilisateur sur
plusieurs DTCH co-existant en
même temps.
CTCH Common Traffic Channel Le message de diffusion DL Trafic
céllulaire SMS par exemple,
est un canal point à multipoint
qui transmet des informations
à un groupe d’utilisateurs
BCH Broadcast Channel Ce dernier assure le transport DL Transport
du trafic BCCH

PCH Paging Channel Ce dernier assure le transport DL Transport

du traffic PCCH
RACH Random Access Channel Wireless_Mobile_VoIP_security_Pr
Assure les échanges de Tonye
UL Transport 32
certaines informations de
 Description des
architectures 2G, 3G,
4G, 5G et 6G

Wireless_Mobile_VoIP_security_Pr Tonye 33
Complete the table by giving the meaning of the acronym and the role of each element of the
LTE (Long Term Evolution) network architecture.

Meaning of the Rule

acronym
UE
SCeNod
eB
RRH
BBU
Uu
Ir
X2
S1-MME

S1-U

MME

S-GW

P-GW

EPC

E-
UTRAN

Wireless_Mobile_VoIP_security_Pr Tonye 34
UE User Equipment - Terminal mobile
SCeNodeB eNodeB évolutive
RRH Radio Remote Head - tête de radio distante
BBU BaseBand Unit - unité de bande de base
Uu Interface Air
Ir Interface entre les RRH et les BBU: Fronthaul ou réseau de transport
X2 Liaisons IP reliant les eNodeB entre eux
S1-MME C'est le point de référence pour le protocole de plan de contrôle (S1AP) entre l'E-UTRAN et le MME.

S1-U Ce point de référence est utilisé pour le per-bearer user-plane tunneling, c'est-à-dire le transport des paquets de
données utilisateur entre l'E-UTRAN et le SGW
MME Mobility Management Entity gèrent la signalisation (plan de contrôle) et donnent l’accès aux bases de données
(HSS / HLR) contenant les identifiants et les droits des abonnés. Un (ou plusieurs)
S-GW Serving Gateways qui transportent le trafic de données (plan utilisateur) et concentrent le trafic de plusieurs
eNodeB.
P-GW Packet Data Network Gateway ou Packet Gateway, constitue une porte d'entrée unique entre le réseau IP de
l'opérateur et Internet. Il achemine donc les données internet vers le terminal et réciproquement les données du
terminal vers Internet. Il assure également quelques fonctions de sécurité. Il est connecté aux terminaux mobiles
à travers un ENodeB et via un SGW qui constitue en quelque sorte une passerelle régionale.
EPC Evolved Packet Core est le cœur de réseau qui utilise des technologies « full IP », c'est-à-dire basées sur les
protocoles Internet pour la signalisation, le transport de la voix et des données. Ce cœur de réseau permet
l’interconnexion via des routeurs avec les eNodeB distants, les réseaux des autres opérateurs mobiles, les réseaux
de téléphonie fixe et le réseau Internet.
E-UTRAN La partie radio du réseau est simplifiée par l’intégration dans les stations de base eNodeB des fonctions de
contrôle qui étaient auparavant localisées dans les RNC (Radio Network Controller) des réseaux 3G UMTS.
La partie radio d’un réseau LTE se compose donc des eNodeB, d’antennes locales ou distantes, de liaisons en
fibres optiques vers les antennes distantes (liens CPRI - Common Public Radio Interface) et des liaisons IP reliant
les eNodeB entre eux (liens X2) et avec le cœur de réseau (liens S1) via un réseau de backhaul.

Wireless_Mobile_VoIP_security_Pr Tonye 35
Complete the table by giving the location and role of each interface of the LTE network
architecture
Interface
Location Role
s
S1-MME

S1-U

S2a

S3

S4

S5 / S8
S6d
S6a

S10

S11

S12

SGi
Wireless_Mobile_VoIP_security_Pr Tonye 36
 Table giving the location and role of each interface of the LTE network architecture
Interfaces Rôles
S1-MME (entre l'E-UTRAN et le C'est le point de référence pour le protocole de plan de contrôle (S1AP) entre
MME). l'E-UTRAN et le MME.
Ce point de référence est utilisé pour le per-bearer user-plane tunnelling,
S1-U (entre l'eNB et le SGW). c'est-à-dire le transport des paquets de données utilisateur entre l'E-UTRAN et
le SGW
S2a (entre PDN-GW et un réseau fournit au plan de l'utilisateur un contrôle relatif et un support de mobilité
de confiance non 3GPP). entre l'accès IP non 3GPP de confiance et la passerelle.
permet l'échange d'informations utilisateur et porteuse pour la mobilité du
S3 (entre le MME et le SGSN).
réseau d'accès inter-3GPP dans un état inactif et / ou actif.
fournit un contrôle et un support de mobilité entre le réseau central GPRS et
S4 (entre le SGW et le SGSN).
la fonction d'ancrage 3GPP du SGW.
S5 / S8 (entre le SGW et PDN- prennent en charge les fonctions de service de données par paquets pour les
GW). utilisateurs itinérants et non itinérants.
S6d (entre le MME et le SGSN). Identique à celle de l'interface S6a.
utilisé pour échanger des données liées à la localisation de l'UE et à la gestion
S6a (entre le MME et le HSS).
des abonnés.
Le point de référence S10 est utilisé pour prendre en charge le transfert
S10 (entre MME et MME).
d'informations utilisateur et le support de réinstallation entre les MME.
Le point de référence S11 prend en charge la mobilité et la gestion du porteur
S11 (entre MME et SGW).
entre MME et SGW.
destiné au tunnelling du plan utilisateur lorsque le tunnel direct a été établi. Il
S12 (entre le SGW et l'UTRAN). est basé sur le point de référence Iu-u / Gn-u en utilisant GTP-U (GPRS
Tunneling Protocol - User plane).
Le point de référence SGi se situe entre le PDN-GW et un réseau de données
SGi (entre le PDN-GW et un PDN
par paquets, comme le réseau externe de données par paquets d'un opérateur
externe).
ou un réseau de données par paquets intra-opérateur.
Wireless_Mobile_VoIP_security_Pr Tonye 37
Interfaces Localisation Rôle
C'est le point de référence pour le protocole de plan de contrôle (S1AP) entre l'E-UTRAN
entre l'E-UTRAN et le
S1-MME et le MME.
MME
Ce point de référence est utilisé pour le per-bearer user-plane tunnelling, c'est-à-dire le
S1-U entre l'eNB et le SGW transport des paquets de données utilisateur entre l'E-UTRAN et le SGW

entre PDN-GW et un fournit au plan de l'utilisateur un contrôle relatif et un support de mobilité entre l'accès
S2a réseau de confiance IP non 3GPP de confiance et la passerelle.
non 3GPP
permet l'échange d'informations utilisateur et porteuse pour la mobilité du réseau
entre le MME et le
S3 d'accès inter-3GPP dans un état inactif et / ou actif.
SGSN
fournit un contrôle et un support de mobilité entre le réseau central GPRS et la fonction
entre le SGW et le
S4 d'ancrage 3GPP du SGW.
SGSN
prennent en charge les fonctions de service de données par paquets pour les utilisateurs
entre le SGW et PDN-
S5 / S8 itinérants et non itinérants.
GW
entre le MME et le Identique à celle de l'interface S6a.
S6d
SGSN
utilisé pour échanger des données liées à la localisation de l'UE et à la gestion des
S6a entre le MME et le HSS abonnés.

Le point de référence S10 est utilisé pour prendre en charge le transfert d'informations
S10 entre MME et MME utilisateur et le support de réinstallation entre les MME.

Le point de référence S11 prend en charge la mobilité et la gestion du porteur entre

S11 entre MME et SGW MME et SGW.

destiné au tunnelling du plan utilisateur

Wireless_Mobile_VoIP_security_Pr lorsque le tunnel direct a été établi. Il est
Tonye 38 basé
entre le SGW et sur le point de référence Iu-u / Gn-u en utilisant GTP-U (GPRS Tunneling Protocol - User
Complete the table by giving the type of script and the role of each element of the virtualized
LTE network architecture.

Script type Role

(signaling,
data)
S1AP/SCTP
(S1-MME)
GTP-U/UDP
(S1-U)
GPT-C/UDP
(S11)
GPT-C/UDP
(S5-U)
GPT-U/UDP
(S5-C)
DIAMETER/
SCTP (S11)
UDP (SGi)

Wireless_Mobile_VoIP_security_Pr Tonye 39
 Table giving the type of script and the role of each element of the virtualized LTE network
architecture

Élément Protocole(s) Type de script Rôle principal

S1AP/SCTP (S1-MME) S1AP/SCTP Contrôle Gestion des connexions utilisateur,

mobilité, authentification, autorisation, comptabilisation.

GTP-U/UDP (S1-U) GTP-U/UDP Utilisateur Transport des données utilisateur entre l'UE (User Equipment) et le
réseau de cœur.

GPT-C/UDP (S11) GTP-C/UDP, Contrôle Signalisation entre le

DIAMETER/SCTP MME et le SGW
(Serving Gateway) pour la gestion des sessions de données.

GPT-U/UDP (S5-C) GTP-C/UDP Utilisateur Transport des données utilisateur entre le SGW et le P-GW (Packet
Data Network Gateway).

DIAMETER/SCTP (S11) GTP-C/UDP Contrôle Signalisation entre le

SGW et le P-GW pour
la gestion des sessions de données.

UDP (SGi) UDP Utilisateur Interface entre le réseau LTE et d'autres réseaux (ex : Internet).

Wireless_Mobile_VoIP_security_Pr Tonye 40
 Complete the table by giving the specifications of the LTE, LTE-Advanced and
LTE-M networks.

Spécifications LTE LTE-Advanced LTE-M

Standard
Largeur spectrale

Débit de données

Débit réel

Nombre maximum de
couches

Nombre maximum de
communications par
terminal

Wireless_Mobile_VoIP_security_Pr Tonye 41
 Table by giving the specifications of the LTE, LTE-Advanced and LTE-M networks.

Spécifications LTE LTE-Advanced LTE-M

Standard 3GPP release 8 et 9 3GPP Release 10

Largeur spectrale 1.4 MHz, 3 MHz, 5 MHz, 10  70MHz Downlink (DL),
MHz, 15 MHz, 20 MHz  40MHz Uplink (UL)
Débit de données  300 Mbps Downlink (DL)  1Gbps Downlink (DL),
4x4MIMO  500 Mbps Uplink (UL)
 20MHz, 75 Mbps Uplink
(UL)
Débit réel Environ 100 Mbps pour une Environ 300 Mbps pour
seule chaîne (20 MHz, 100RB, une seule chaîne (20 MHz,
64QAM), 400 Mbps pour 4x4 100RB, 64QAM), 400 Mbps
MIMO. pour 4x4 MIMO.
Nombre maximum de  2 (catégorie 3) et 4  8 dans la liaison
couches (catégorie 4,5) dans la descendante
liaison descendante  4 dans la liaison
 Wireless_Mobile_VoIP_security_Pr
1 dans la liaison montante Tonye
montante 42
 Table giving specifications of LTE, LTE-Advanced and LTE-M networks

Specifications LTE LTE-Advanced LTE-M

3GPP Release 10 et 3GPP Release 13 et
Standard 3GPP Release 8
au-delà au-delà
1.4, 3, 5, 10, 15, 20 Jusqu'à 100 MHz (via
Spectral Width 1.4, 3, 5 MHz
MHz CA)
Data Rate Up to 300 Mbps (DL) Up to 1 Gbps (DL) Up to 1 Mbps (DL)
5-100 Mbps 10-150 Mbps 20-250 Kbps
Actual Flow Rate
depending on load depending on load depending on load
Maximum Number of 1 to 2 layers
Up to 8 layers 1 layer (PDSCH)
Layers (PDSCH)
Maximum Number of
200 assets (users) 50 000 assets per
Communications per 200 assets per cell
per cell cell
Terminal

Wireless_Mobile_VoIP_security_Pr Tonye 43
 Complete the table by giving for the transport channels: the characteristics, the
uses and the examples of information transmitted

Canal Acro Se caractéristiques usager Exemple

transpo nyme ns d’information
rt transmise
Broadca
st
Channel
Downlin
k
Shared
Channel
Paging
Channel
Random
Access
Channel
Uplink
Shared
Channel

Wireless_Mobile_VoIP_security_Pr Tonye 44
 Complete the table by giving for the transport channels: the characteristics, the
uses and the examples of information transmitted

Canal Acro Se caractéristiques usager Exemple

transpo nyme ns d’information
rt transmise
Broadca BCH DL Ressources, périodicité et Pour la diffusion d’informations sur la MIB(BCCH):
st format de transport fixes cellule le BCH porte exclusivement le largeur de
Channel et prédéfinis Doit être BCCH, et en particulier le Master
bande DL sur la
transmis sur toute la zone Information Block (MIB, voir remarque)
cellule,
de couverture de la
cellule numéro de trame
système (SFN,
System
Frame Number)
Downlin DL- DL Permet l’HAAO et Pour la transmission de données dédiées Canaux DCCH,
k SCH l'adaptation de lien, de contrôle et du plan usager Utilisé DTCH,
Shared l'allocation dynamique ou également pour transmettre les
CCCH
Channel semi-persistante de informations de cellule non portées per le
BCH Canal BCCH :
ressources et utilisation
diffusion
de la réception
Wireless_Mobile_VoIP_security_Pr Tonye 45
discontinue par l’UE des informations
 Complete the table by giving for the transport channels: the characteristics, the
uses and the examples of information transmitted

Paging Channel PCH DL Doit être transmis sur toute la Pour diffuser les Canal PCCH
informations de paging sur
zone de couverture de la
l'ensemble de la cellule
cellule

Partage 1es mêmes ressources

physiques que le DL-SCH
Random Access RACH UL Basé sur l’accès partagé Pour l'établissement d'une Préambule Choisi
Channel aléatoire (« à contention ») qui connexion RRC avec la de
implique un risque de collision station de base, son
façon aléatoire
entre plusieurs UE lors de la rétablissement, lors d’un
par rue
procédure d'accès au réseau handover ou pour
transmettre des données dans un jeu de
(ex. Buffer Status Report)
préambules
ou
prédéfinis
encore sur ordre de la

station de base si la

synchronisation en voie
montante a été perdue
Uplink Shared UL.SCH UL Permet l’HARQ et l'adaptation
Wireless_Mobile_VoIP_security_Pr Pour la transmission de Canaux 46
Tonye DCCH,
Channel de lien, l'allocation dynamique données dédiées de contrôle DTCH,
 Complete the table by giving for the physical channels: the meaning of the acronym,
the characteristics and the uses

Physique Meaning of the Caractéristics Use

Channel acronym
PUSCH
PUCCH
PRACH

PDSCH
PBCH

PCFICH

PDCCH

PHICH

Wireless_Mobile_VoIP_security_Pr Tonye 47
 Complete the table by giving for the physical channels: the meaning of the acronym,
the characteristics and the uses

Canal Signification de caractéristiques Usage

physique l’acronyme
PUSCH Physical Uplink Ses paramètres de Pour la transmission du UL-SCH : porte
Shared Channel transmission sont également les informations de contrôle
déterminés du PUCCH en cas de collision de ces
dynamiquement par deux canaux sur le même intervalle de
l’adaptation de lien temps

PUCCH Physeal Uplink N'est jamais transmis Pour la transmission d'informations de

Control Channel simultanément au contrôle nécessaires à l'HARQ
PUSCH d'un même UE (acquittements) et à l’allocation de
(en Release 8) ressources

PRACH Physical Random Est formé d’un Porte le RACH

Access Channel préambule spécifique
Wireless_Mobile_VoIP_security_Pr Tonye 48
à l’UE
Complete the table by giving for the physical channels: the meaning of the acronym,
the characteristics and the uses

PDSC Physical Downlink Ses paramètres de transmission Pour la transmission du DL-SCH et du PCH
H Shared chan²nel sont déterminés dynamiquement
par l'adaptation de lien.

PBCH Physical Broadcast Pour la transmission du BCH

channel
PCFIC Physical Control Le PCFICH est placé dans le indique le nombre de symboles OFDM utilisés pour la
H Format lndicator premier symbole OFDM de transmission du
channel Chaque sous-trame
POOCH dans une sous-trame

PDCC Physical Downlink Le PDCCH est placé dans les Pour ta transmission d'informations de contrôle:
H Control channel premiers symboles OFDM de
schéma de modulation et codage et
Chaque sous-trame.
allocation de ressources du DL-SCH

et PCH, informations d’HARQ pour le DL-SCH

Schéma de modulation et codage, allocation de
ressources et informations d'HARO pour le UL-SCH
Ordre de déclenchement d'une procédure d'accès
aléatoire
PHICH Physical Hybrid Le PHICH est placé dans les Porte les acquittements d'HARO
ARQ lndicator premiers symboles OFDM de
Wireless_Mobile_VoIP_security_Pr Tonye 49
OlanneJ chaque sous-trame
 Communication channels
2G (GSM) 3G (UMTS)

G (LTE)
ogical channels. A logical channel is associated with one or more data (or signaling)
ows that have common characteristics: type of data transported
ser plane or control plane), flow priority,
ominal throughput (guaranteed or not).
logical channel is therefore characterized by
hat it transports, and not by the way in which the data is conveyed.

CCH: DL channel, used for broadcasting control information on the cell.

CCH: DL channel used for call notification.
CCH: channel used for communication between the terminal and the E-UTRAN.
CCH: carries signaling dedicated to a user (RRC and NAS).
TCH: carries traffic information dedicated to a user.
Wireless_Mobile_VoIP_security_Pr Tonye 50
 Description des
architectures 2G, 3G,
4G, 5G et 6G

Wireless_Mobile_VoIP_security_Pr Tonye 51
Source -
https://www.researchgate.net/publication/378952961_Security_Analysis_of_Critical_5
Wireless_Mobile_VoIP_security_Pr Tonye 52
G_Interfaces
• UE: The UE comprises not only different mobile devices that offer users standard data or voice
services but also the Subscriber Identification Module (SIM) (Universal Integrated Circuit Card
(UICC)) that holds the subscribers’ details and long-term keys used in the initial registration. UEs
enable mobile subscribers to use the services provided by the Mobile Network Operators (MNOs).
Different types of UEs could have various characteristics and features in terms of data rates,
latency, throughput, power supply, and Quality of Service (QoS) required for different
communications such as Internet of Things (IoT) networks and Machine to Machine (M2M)
communications.
• gNodeB (gNB): Provides wireless connectivity for UE to access the DN via 5GC. The Next
Generation (NG)-Radio Access Network (RAN) specification enables the division of the gNB into
two distinct components: the gNB-Distributed Unit (DU) and the gNB-Central Unit (CU) . Both of
them function as logical nodes and are interconnected through the F1 interface.
• The following are the entities in the gNB connected by the critical interfaces studied:
• Radio Unit (RU): Also known as a remote radio, it serves the purpose of converting radio signals
transmitted to and received from the antenna into a digital baseband signal. This digital baseband
signal can then be connected to DU through the fronthaul interface.
• DU: The DU are the result of the functional splitting of the gNB. The DU serves layers 1 and 2 (i.e.,
the lower layers) of the 5G-New Radio (NR) protocol stack such as media access control,
Radio Link Control (RLC), and the Physical Layer (PHY) to support the real-time scheduling
function.

Wireless_Mobile_VoIP_security_Pr Tonye 53
• CU: The CUs are also the result of the gNB function splitting and are
responsible for layers three and four (i.e. the upper layers) of the 5G-
NR protocols stack, such as
Packet Data Convergence Protocol (PDCP) and
Radio Resource Control (RRC) to support non-real-time scheduling
functions.
• Access and Mobility Function (AMF): It is the first entity accessed
by the UE in the 5GC during registration and authentication
procedures before granting access to the home network through
SEcurity Anchor Function (SEAF) located in the AMF. Although there
are many interfaces connecting the AMF with 5G entities, this study
focuses only on the N1 and N2 interfaces connecting the AMF to the
UE and the 5G-AN (i.e gNBs), respectively.

Wireless_Mobile_VoIP_security_Pr Tonye 54
• Session Management Function (SMF): It is responsible for session management, proper coordination, and
selection of the UPF serving the UE. The SMF assigns Internet Protocol (IP) addresses during the
establishment of the Protocol Data Unit (PDU) session to UEs. It also provides the UPF with the parameters of
the required QoS and manages and supervises the interface connecting the CP and the UP. The SMF connects
to multiple interfaces, but we will focus on the N4 interface that connects the SMF with the UPF.
• UPF: It is the only NF in the UP level of the 5GC. It is responsible for connecting UE to the DN (e.g. Internet,
voice, and other services). The UPF has four distinct connection interfaces, N3, N4, N9, and N6, to connect to
RAN, SMF, another UPF, and DN, respectively.
• Security Edge Protection Proxy (SEPP): It is involved in roaming scenarios to establish a secure End-to-End
(E2E) connection between the Home Public Land Mobile Network (PLMN) (H-PLMN) and Visited PLMN
(V-PLMN) for confidentiality and integrity protection. The SEPPs are connected via the N32 interface.
• Other SBANFs: All CP NFs are connected by Application Programming Interface (API)-based interface [10].
They communicate directly or indirectly through direct communication or the Service Communication
Proxy (SCP), respectively. Examples of these NFs are defined in the next few lines. The Unified
Data Management (UDM) provides user details during authentication, roaming, and network access. The
Policy Control Function (PCF) provides the framework that guides user behavior in network access. The
Network Exposure Function (NEF) facilitates the connection of 5G networks with the third party or external NF
and decides on the level of capabilities that can be exposed to trusted services outside the 5GC. The Application
Function (AF) provides application services to the user. Finally, the Network Slicing Selection Function (NSSF)
assigns an appropriate network slice supported by the 5GS to the user request. Figure 2 depicts the most
common NFs in the Service Based Architecture (SBA). These NFs communicate through
Service Based Interface (SBI).

Wireless_Mobile_VoIP_security_Pr Tonye 55
• Uu: It is the radio interface that carries the RRC signaling to control the communication
between the UE and the 5G-AN or gNBs. It is worth noting that in this paper, the security
recommendations and threats related to the Uu interface have been explained within the
section dedicated to N1.
• Xn: It is the interface between two NG-RAN nodes (i.e. gNBs) at the 5G-AN side. It is
represented in the CP as Xn-C and in the UP as Xn-U [11]. It is involved in handover
procedures, data forwarding and flow control in 5G-AN [11]. Therefore, the Xn interface is
a critical interface in 5GS that needs appropriate security measures against attacks. The
XnAP protocol conveys the signaling transmitted through the Xn-C interface.
• F1: It is an open interface that transmits signaling information and user traffic between
gNB-DU and gNB-CU elements. The F1 interface is assigned to both CP and UP as F1-C
and F1-U, respectively. This separation provides interoperability between gNB-CU and
gNB-DU from different vendors.
• The connectivity between DU and CU of the 5G-RAN using the F1 interface. The F1AP
protocol provides the signaling service over the F1-C and the
General Packet Radio Services Tunneling Protocol (GTP)-U protocol carries UP data over
the F1-U interface.

Wireless_Mobile_VoIP_security_Pr Tonye 56
• We will briefly explain the critical interfaces that
connect them and are considered in this study. These
interfaces are denoted by lines with red legends in
previous Figure.
• N1: It is represented as a direct logical interface
between the UE and the AMF. It is a concatenation of
the radio interface Uu (i.e., the air interface between
the UE and gNB) and the N2 interface. It is used to
transmit UE information during registration, session
management, mobility management, and short
message service (SMS). The protocol used on this
interface is the Non-Access Stratum
Wireless_Mobile_VoIP_security_Pr Tonye (NAS). 57
• N2: It connects the 5G-ANand the AMF in the 5GS. It is involved in
signaling during the registration procedure of the UE with the Core
Network (CN). The N2 interface is critical due to the registration
procedure and other CP signaling that pass through it. The NGAP
protocol is used to provide CP signaling through the N2 interface.
• N3: It connects the 5G-AN to the UPF at the UP level of the 5GS. It
is a crucial interface due to its participation in all PDU session
establishments. On the N3 interface, the GTP-U protocol is used to
carry UP traffic and bundle all QoS of the UE.
• N4: It connects the SMF and the UPF. It is an internal interface in
the 5GC that transmits both signaling and sensitive information,
including subscriber information, making the N4 a critical interface.
The Packet Forwarding
Wireless_Mobile_VoIP_security_Pr Tonye 58
• Control Protocol (PFCP) is used on the N4 interface for data communication.
• SBI: It is based on an API connection between NFs within 5GC. An NF producer
uses an SBI interface to offer service to authorized NF consumers [19]. At the
application layer, all CP communications over SBI are via RESTful APIs using
Hypertext Transfer Protocol version 2 (HTTP/2) with
JavaScript Object Notation (JSON) methods [20].
• N9: It connects UPFs and it is crucial during roaming between H-PLMN and
V-PLMN at the UP level. In addition, the N9 interface is involved in mobility
management in 5GS .
• N6: It connects the UPF and the DN. The N6 interface transmits UE traffic to or
from the outside network via UPF to access the requested services or
applications [3].
• N32: It connects NF consumers and producers in different PLMNs. The security
policies on the N32 interface are enforced by the SEPP in the H-PLMN and the
V-PLMN to establish roaming.
Wireless_Mobile_VoIP_security_Pr Tonye 59
Complete the table by giving the meaning of the acronym and the role of each component of
the 5G network architecture.

Componen Meaning of Rule

t acronym
UE

gNB
NR-RAN
CU
DU

PCF
NSSF
AF
NEF
NRF
UDR
SCP

AUSF
AMF
SMF
SEPP
UPF
CP
UP

Wireless_Mobile_VoIP_security_Pr Tonye 60
Table giving the meaning of the acronym and the role of each component in the 5G network
architecture
Component Meaning of Rule
acronym

UE User Equipment The UE comprises not only the various mobile devices that offer users standard data or voice services,
but also the Subscriber Identity Module (SIM) (Universal Integrated Circuit Card (UICC)), which
contains subscriber details and the long-term keys used during initial registration. UEs enable mobile
subscribers to use the services provided by mobile network operators (MNOs). Different types of UE can
have different characteristics and functionalities in terms of data rates, latency, throughput, power
supply and quality of service (QoS) required for different communications such as Internet of Things
(IoT) networks and Machine to Machine (M2M) communications..
gNB gNODEB Provides wireless connectivity for the UE to access the DN via 5GC. The Next Generation (NG) Radio
Access Network (RAN) specification allows the gNB to be divided into two distinct components: the gNB
Distributed Unit (DU) and the gNB Core Unit (CU). Both function as logical nodes and are
interconnected via the F1 interface..
NR-RAN New radio – Radio Access Technology (RAT) designed to be the global standard for the air interface of 5G networks.
Radio access It is based on Orthogonal Frequency Division Multiplexing (OFDM), just like the 4G Long Term Evolution
network (LTE) standard.
Global standard for a unified, higher-performance wireless radio interface, enabling faster data rates,
lower latency and enhanced connectivity for a wide range of devices and use cases. 5G core technology,
designed to accommodate a diverse set of applications - from mobile broadband to the Internet of Things
(IoT) - in a single framework.
NG-RAN New generation – The NG-RAN access network provides both an LTE radio interface and a 5G-NR radio interface.
Radio access An NG-RAN node is :
network a 5G base station (gNB) providing control plane services and user plane data transmission over the 5G-
NR radio interface;
an advanced 4G base station (ng-eNB) providing control plane services and transmission of user plane
data to mobiles via the LTE radio interface.
A single architecture to accommodate centralized, distributed and monolithic deployments - a
cornerstone of 5G, supporting the deployment of certain functions in the Cloud where beneficial; In
conjunction with this point, the ability to completely separate the control plane (CP) from the user plane
(UP) of a centralized unit, for maximum deployment flexibility - another cornerstone of 5G, as CP and UP
evolve differently. This enables the Radio Access Network (RAN) to keep pace with the evolution (and
“Cloudification”)Wireless_Mobile_VoIP_security_Pr Tonye in recent years..
that has occurred in the core network 61
 Table giving the meaning of the acronym and the role of each component in the 5G network
architecture
Compone Meaning of acronym Rule
nt

RU Radio unit Radio unit (RU): also known as a remote radio, it converts the radio signals transmitted
and received by the antenna into a digital baseband signal. This digital baseband signal
can then be connected to DU via the fronthaul interface..
CU Central unit CUs are also the result of the separation of gNB functions and are responsible for layers
three and four (i.e. the top layers) of the 5G-NR protocol stack, such as Packet Data
Convergence Protocol (PDCP) and Radio Resource Control (RRC) to support non-real-
time scheduling functions..
DU Distributed unit DUs are the result of the functional division of the gNB. The DU serves layers 1 and 2
(i.e. the lower layers) of the 5G-New Radio (NR) protocol stack, such as medium access
control, radio link control (RLC) and the physical layer (PHY), to support the real-time
scheduling function..
UDM User identification Unified Data Management (UDM) provides user details for authentication, roaming and
and subscription network access.
management
PCF Policy and Charging The Policy Control Function (PCF) provides the framework that guides user behavior
Function when accessing the network.
NSSF Network Slice The network slicing selection function (NSSF) assigns an appropriate network slice
Selection Function. supported by the 5GS at the user's request..
Slice management.
AF Application function The application function (AF) provides application services to the user.
NEF Network explosure The Network Exposure Function (NEF) facilitates the connection of 5G networks with
function third-party or external NF, and decides the level of capacity that can be exposed to
trusted services outside 5GC. Manages network openness with complete security for
third parties.
Wireless_Mobile_VoIP_security_Pr Tonye 62
SBI Service based These NFs communicate via the service-based interface (SBI). All CP NFs are connected
Table giving the meaning of the acronym and the role of each component in the 5G network
architecture
Component Meaning of Rule
acronym

NRF Repository Repository function. Directory management

Function.
UDR Unified Data Unified data repository
Repository
SCP
Authenticates users Authenticates users and authorizes network access
and authorizes their
AUSF
access to the
network
Access Access and Mobility Function (AMF): this is the first entity accessed by the UE in the 5GC during registration and
authentication and authentication procedures before granting access to the home network via the Security Anchor Function (SEAF)
access located in the AMF. Although there are many interfaces linking the AMF to 5G entities, this study focuses only on
authorization, the N1 and N2 interfaces linking the AMF to the UE and to the 5G-AN (i.e. the gNBs), respectively.
AMF Signaling exchange
with the EU,
mobility and
connection
management
Session Session Management Function (SMF): responsible for session management, appropriate coordination and
management, selection of the PDU serving the UE. The SMF assigns Internet Protocol (IP) addresses to UEs when the PDU
allocation of IP (Protocol Data Unit) session is established. It also provides the UPF with the required Quality of Service
SMF
addresses to UEs, parameters and manages and supervises the interface between the CP and the UP. The SMF connects to several
ensures QoS interfaces, but we'll concentrate on the N4 interface that connects the SMF to the UPF..

Security Edge Protection Proxy (SEPP): used in roaming scenarios to establish a secure end-to-end (E2E)
Security Edge
SEPP connection between the home Public Land Mobile Network (PLMN) (H-PLMN) and the visited PLMN (V-PLMN)
Protection Proxy
for confidentiality and integrity protection. SEPPs are connected via the N32 interface.
UPF: this is the only NF at the UP level of the 5GC. It is responsible for connecting the UE to the DN (e.g.
UPF User plane function Internet, voice and other services). The UPF has four distinct connection interfaces, N3, N4, N9 and N6, to
connect to the RAN, the SMF, another UPF and the DN respectively..
CP Core packet Wireless_Mobile_VoIP_security_Pr Tonye 63
Complete the table by giving the location of the interface and its transmission role (signaling
and/or data traffic) in the 5G network architecture.

Interface Localisation Signalling and/or data traffic

Uu
Nx
F1
F1-C
F1-U
N1

N2
N3
N4
N6
N9
SBI
N32

Wireless_Mobile_VoIP_security_Pr Tonye 64
Table by giving the location of the interface and its transmission role (signaling and/or data
traffic) in the 5G network architecture

Interface Localisation Signalling and/or data traffic

Uu EU and Radio interface that carries RRC signaling to control communication between the UE and
5G-AN or the 5G-AN or gNBs. It should be noted that in this article, security recommendations and
gNBs threats related to the Uu interface have been explained in the section dedicated to N1.
Nx two NG- Interface between two NG-RAN nodes (i.e. gNBs) on the 5G-AN side. It is represented in
RAN the CP by Xn-C and in the UP by Xn-U. It is involved in handover procedures, data
nodes (i.e. transmission and flow control in 5G-AN. Consequently, the Xn interface is a critical
gNBs) interface in 5GS, requiring appropriate security measures against attacks. The XnAP
protocol transmits the signaling sent via the Xn-C interface..
F1 gNB-DU An open interface that transmits signaling information and user traffic between the gNB-
F1-C and gNB- DU and gNB-CU elements. The F1 interface is assigned to both the CP and the UP under
CU the names F1-C and F1-U, respectively. This separation ensures interoperability between
F1-U
elements. gNB-CU and gNB-DU from different suppliers.
Connectivity between DU and CU in the 5G-RAN uses the F1 interface. The F1AP protocol
provides the signaling service on F1-C, and the General Packet Radio Services Tunneling
Protocol (GTP)-U transports UP data on the F1-U interface..
N1 UE and Direct logical interface between UE and AMF. This is a concatenation of the Uu radio
AMF interface (i.e. the air interface between the UE and the gNB) and the N2 interface. It is
used to transmit information about the UE during registration, session management,
mobility management and short message service (SMS). The protocol used on this
interface is Non-Access Stratum (NAS).

Wireless_Mobile_VoIP_security_Pr Tonye 65
Table by giving the location of the interface and its transmission role (signaling and/or data
traffic) in the 5G network architecture

Interfac Localisation Signalling and/or data traffic

e

N2 Between 5G-AN
and Connects the 5G-AN and AMF in the 5GS. It is involved in signaling during the UE
AMF registration procedure with the Core Network (CN). The N2 interface is critical because of
the registration procedure and other CP signaling that passes through it. The NGAP
protocol is used to provide CP signaling over the N2 interface.
N3 Between 5G-AN and Connects the 5G-AN to the UPF at the UP level of the 5GS. This is a crucial interface
UPF because of its participation in all PDU session establishments. On the N3 interface, the
GTP-U protocol is used to transport UP traffic and aggregate all UE QoS
N4 Between SMF and UPF Connects the SMF and UPF. This is an internal interface to the 5GC that carries both
signaling and sensitive information, including subscriber information, making the N4 a
critical interface. Packet forwarding. Control Protocol (PFCP) is used on the N4 interface
for data communication.
N6 Between UPF and DN Connects the UPF and DN. The N6 interface forwards UE traffic to or from the outside
network via UPF to access the requested services or applications
N9 Between UPF Connects UPFs and is crucial when roaming between H-PLMN and V-PLMN at UP level.
Additionally, N9 interface is involved in mobility management in 5GS.
SBI API connection It is based on an API connection between NFs within 5GC. An NF producer uses an SBI
between NFs within interface to offer a service to authorized NF consumers. At the application layer, all CP
5GC communications over SBI are done via RESTful APIs using Hypertext Transfer Protocol
version 2 (HTTP/2) with JavaScript Object Notation (JSON) methods..
N32 Connects NF Security policies on the N32 interface are enforced by the SEPP in the H-PLMN and V-
consumers and PLMN to establish roaming
producers in different
PLMNs Wireless_Mobile_VoIP_security_Pr Tonye 66
UWB (Ultra Wide Band)
• Use of a very wide spectral band, with low power consumption

Smart Antennas
• Antennas capable of operating with multiple coding techniques and in virtually any frequency

Smart cells
• Cells that help exponentially increase data throughput through the reuse of available
frequencies.

Software Approach
• Software Defined Radio
• Software Defined networking
• seamless combination of broadband networks
Full virtualization
• HLR, VLR, eNodeB, RAN
• Cloud-RAN

D2D (Device To Device) and mesh networks

• Which represent simplified access techniques.
• Reduce energy consumption
• Reduce connection costs

Polar Codes
• They ensure the allocation of information to highly reliable data locations

MU-MIMO( Multi User MIMO)

• Developed by the company Huawei, it could support up to 24 users and 24 parallel
transmission layers on a single frequency time resource.
 New non-standalone 5G radio waveform and subcarrier spacing

Generation Transmit Modulation Channel Spacing of

waveform UE bandwidth suboperators
(MHz)
QPSK, 16QAM,
SC-FDMA 64QAM,
4G single-carrier 256QAM 5 à 20 15 kHz
frequency division
multiple access
π/2 BPSK, QPSK,
DFT-S- OFDM 16QAM,
Discrete Fourier 64QAM, 256QAM
Transform-Spread- 5 à 50 15 kHz
Orthogonal
5G1 (FR1) Frequency Division
Multiplexing
π/2 BPSK, QPSK,
DFT-S- OFDM 16QAM, 5 à 100 30 kHz, 60 kHz
64QAM, 256QAM optionnel
π/2 BPSK, QPSK,
CP-OFDM 16QAM, 5 à 50 15 kHz
64QAM, 256QAM
5G2 (FR2) π/2 BPSK, QPSK,
CP-OFDM 16QAM, 5 à 100 30 kHz, 60 kHz
Cyclic Prefix Orthogonal 64QAM, 256QAM optionnel
OFDM is a multicarrier modulation scheme that divides a high data rate stream into multiple lower data rate subcarriers.
Frequency Division
OFDM relies on the fast Fourier transform (FFT) to convert data between the time and frequency domains.
Multiplexing

CP-OFDM is a variant of OFDM that solves the ISI problem. It adds a cyclic prefix to each OFDM symbol. The cyclic prefix
is ​a copy of the final part of the symbol, which is added at the beginning.

Wireless_Mobile_VoIP_security_Pr Tonye 69
Homework 1a. Complete the comparison table of mobile telecommunications systems from 0G
to 6G: equipment, common names
0G 1G 2G 3G 4G 5G 6G
Mobile
terminal
Base Station
Radio
Subsystem
Radio access
network
Equipment (s)

Core network
Equipments

Core
network
subsystem
Interface

Wireless_Mobile_VoIP_security_Pr Tonye 70
Comparison of mobile telecommunications systems from 0G to 6G: equipment, standards
0G 1G
and security
2G
mechanism
3G 4G 5G 6G
Mobile terminal MS MS MS, SIM, IUCC UE, USIM, IUCC UE, USIM, IUCC UE, eUSIM, M-UE, sCell-UE,
IUCC, eIUCC sCell-AP
Base Station AP BS BTS Node B / NB eNodeB /eNB gNodeB/gNB sCell-RAN, UM-
MIMO BS
Radio Subsystem BSS BSS BSS UTRAN eUTRAN, C-RAN NR, C-RAN CR, SDR, IR

Radio access BS BS BTS, BSC, TCU, PCU Node B et RNC eNB gNB M-UE, sCell-UE,
network Equipment sCell-AP, sCell-RAN,
(s) UM-MIMO BS
Core network MSC, VLR MSC, VLR MSC, VLR, GMSC, MSC, VLR, GMSC, SGW, PGW, MME, UPF; AMF, SMF, Cloudly
Equipments SGSN, GGSN, HLR, SGSN, GGSN, HLR, HSS AUSF, UDM
AuC, EIR, OMC AuC, EIR
Core network NSS NSS NSS, OSS CS, GPRS PS EPC 5GC Cloudly
subsystem
Interface Air Air Um, Abis Uu, Iub, IuCS, IuPS Uu, S1-C, S1-U, X2Uu, S1-U, N1, Cloudly
NG, Xn
Type of cell Micro Macro Macro Macro, Micro Macro, Micro, pico Macro, micro, Macro, micro, pico,
pico, femto, femto, RRH, LAA,
RRH, LAA, Relay, Relay, NR-U, BAN
NR-U
Norms AMPS AMPS, D-AMPS, CDMA2000/EV-DO, LTE, LTE Advanced NR, SDN, NFV, AI/ML, DLT, VLC,
NMT, TACS GSM/GPRS/EDGE/cd WCDMA/HSPA+, NS THz, Quantum
maOne TD-SCDMA, UMTS computing
Security mechanism No No Mobile terminal Mutual Mutual Decentralized Decentralized and
authentication, authentication of authentication of security (any globally managed
Encryption (AN CP, mobile terminal and mobile terminal unsecured area security.
UP) network, Encryption and network, could
(RRC/AN CP, UP), Encryption compromise
Signaling integrity (RRC/AN CP, UP), other parts of
(RRC) Signaling integrity the network),
(RRC), Encryption securing all
(NAS), Signaling connected
integrity (NAS) devices through
Wireless_Mobile_VoIP_security_Pr Tonye software updates 71
Comparison table of characteristics of mobile communication systems
0G 1G from 0G 2Gto 6G 3H 4G 5G 6G
Year 1970 1980 1990 2000 2010 2020 2030
Architecture of Single antenna Single antenna Single antenna Single MIMO Massive MIMO Ultra Massive MIMO
antenna antenna
Maximum frequency 400 Hz 1 MHz 2 MHz 3 MHz 6 GHz 90 GHz 10 THz
Multiplexing FDMA FDMA FDMA/TDMA/CDMA CDMA CDMA OFDMA NOMA
SC-FDMA
NOMA
Level of service voice voice Voice, SMS Voice, Data Video Virtual reality, Touch
Augmented reality
Communication in THz No No No No No Very weak widely

Haptic communication No No No No No Partial Completely

(generates physical
exchange)
Extended Reality No No No No No Partial Completely
Voiture autonome No No No No No Partiel Completely
Artificial intelligence No Non No No N Partial Completely

Satellite integration No No No No Non Partial Completely

Mobility support Until 10 km/h Until 50 km/h Until 100 km/h Until 250 Until 350 km/h Until 500 km/h Until 1000 km/h
km/h
Maximum spectral 0 bps/Hz 8 bps/Hz 8 bps/Hz 8 bps/Hz 15 bps/Hz 30 bps/Hz 100 bps/Hz
efficiency
End-to-end latency Impossible Impossible Impossible 1000 ms 100 ms 10 ms 1 ms

Peak transmission rate 2 kbps 64 kbps 144 kbps 2 Mpbs 1 Gbps 10 Gbps 1 Tbps

Proactive cache No No No No Weak Widely

Mobile edge No No No No weak Widely
computing
Applications Limited wireless Analog Digital communications Mobile Enhanced eMBB, uRLLC, FeMBB, umMTC,
communication communications networks added support broadband, Mobile MMTC, Network eRLLC/eURLLC,
networks for voice for SMS MMS, mobile Broadband, software, VR, AR, ELPC, LDHMC, High
calls TV, video All-IP MR, autonomous Spectral Efficiency,
calls Networks, HD vehicles High Area Traffic
Video autonomous, IoT, Capacity, MBBBL,
Streaming, industry 4.0 mLLMT, AEC
Wireless_Mobile_VoIP_security_Pr Tonye Mobile Gaming 72
G-5G antennas, multiple access technologies, services

Source -
https://www.researchgate.net/publication/368868997_On_the_Road_to_6G_Visions_Requirements_Key_Technolog
ies_and_Testbeds Wireless_Mobile_VoIP_security_Pr Tonye 73
 Evolution of key benchmarks of 0G to 6G communication systems
6G requirements:
Peak data rate > 1 Tbps, end-to-end delay < 0.1
ms, processing delay < 10 ns, reliability > 99.99999%, availability >
99.99999%, connection > 0.1%, connection density > 107 devices/km²,
energy efficiency > 100x. compared to 5G, Spectrum efficiency > 5x
compared to 5G, Mobility > 1000 km/h

6G vision:
FeMBB, umMTC, eRLLC/eURLLC, ELPC, LDHMC, High Spectral Efficiency,
High Area Traffic Capacity, MBBBL, mLLMT, AEC

6G enabling factors: THz spectrum, machine and federated learning,

compressive sensing, blockchain/DLT, swarm networking, contactless
network and service management, efficient energy transfer and
harvesting, smart surfaces, NTN to 3D
VLC, quantum communication.
Limited
wireless
communicati
6G applications: Drones, holographic telepresence, Extended Reality,
on collaborative autonomous driving, Internet of Everything, Smart Grid
1970 Evolution of Mobile 2.0. Industry 5.0., hyper-intelligent IoT, Collaborative robots,
personalized body networks, smart healthcare smart healthcare, space
Networks and deep sea tourism.
From 0G to 6G

Source https://www.researchgate.net/publication/350625142_Survey_on_6G_Frontiers_Trends_Applications_Requirements_Technologies_and_Future_Research
Wireless_Mobile_VoIP_security_Pr Tonye 74
Evolution of wireless networks towards the future 6G-IoT

6G technologies will revolutionize IoT Future 6G-IoT

applications in various fields and have an applications
immense impact on citizens, consumers and
Internet of Health
businesses towards a future society of fully
Care
intelligent and autonomous systems.

Internet of Vehicles
and Autonomous
Driving
Unmanned aerial
vehicles
All features mentioned, Full
coverage, Massive IoT, AI-
All features Internet of Things via
powered mobile applications,
mentioned, Satellite
Ultra HD, Video,
Satellite communications,
Text, SMS, Video Smart IoT Autonomous systems
Internet Access, devices Internet of Things
Text, basic Text, SMS, Mobile Broadband Industryl
Lignes fixes
SMS Internet access

Temps
Source -
https://www.researchgate.net/publication/353792480_6G_Internet_of_Things_A_Comprehensive_Survey
Wireless_Mobile_VoIP_security_Pr Tonye 75
Service provision (Terminal, Access network, Core network,
Service level)Session regarding user request Service composition based on user needs = SE4+SE6+SE8
Session after deterioration SE4 Dynamic provisioning by equivalent QoS = SE2+SE6+SE8
Post-mobility session Dynamic supply after mobility = SE3+SE6+SE8

]
SE12 SE10
SE7 SE8
SE8 SE1 SE9 PROVISION OF
SE2 SE3
SE12
SE4
SE11 SERVICES
SE6

]
SE5
Serviceware

Core network
IMS
PROVISION OF
Infoware
MEDIA

Access network
Access network

Remarque : Qos equivalente ≠ QoS égale

76
Service request Wireless_Mobile_VoIP_security_Pr Tonye 76
Uses of mobile
telecommunications
networks (at work, in
transport and at home)

Wireless_Mobile_VoIP_security_Pr Tonye 77
User-centric and AI The user forces the entire digital
ecosystem to provide him with services

enrichment

answer

base de connaissances
utilisateur

co e nt
user-centric nt IA
ch
m
ex ri
tu e n
ali
lea

ing
za arn
rn

tio le
in
g

Wireless_Mobile_VoIP_security_Pr Tonye 78
User-centric model
In the user-centric model, the user forces the entire digital ecosystem to provide
him with the services he chooses, which he personalizes, according to the
paradigm "anywhere, anytime, anyhow, anydevice, every service, everyone".

Each user is associated with a knowledge base containing all his information:
- his user profiles (private, work)
- his settings and customizations
- his location
- his calendar

With the introduction of artificial intelligence (AI), the information model is

enriched with additional data, collected every day and which will refine the user's
knowledge (for example, data from sensors, connected objects in his environment).
It is this learning that will provide a better understanding of needs and a
contextualization of the composed services.
Wireless_Mobile_VoIP_security_Pr Tonye 79
 User Knowledge Base

Spatial Localization Terminals Networks Services

Internet
- Wi-fi - Wimax
Office PC1 , Printer1 - Ethernet - PSTN
VoD
Videoconference
- LTE Telephony
Mail
Internet
- Wi-fi - VoD
Travel Smartphone - LTE Videoconference
Telephony
Mail
Internet
VoD
- Wi-fi - LTE
Vehicule Smartphone Videoconference
Telephony
Mail l

Internet
- Wi-fi - Wimax VoD
School PC2 , Printer2 - LTE Videoconference
Telephony
Mail
Internet
- Wi-fi - Wimax VoD

Home
PC1 , Printer3 - Ethernet - PSTN
- LTE
Videoconference
Telephony
Mail

Wireless_Mobile_VoIP_security_Pr Tonye 80
 User Context
Instant T
10:00 hrs 19:00 hrs
Time

Localization
Office Home …………
(Spatiale)

Terminals …………
Videoconference Videoconference

- Wi-fi - Wi-fi
- Wimax - ADSL
- Ethernet
Networks - PSTN …………

User-specific Offered by the User-specific Offered by

network the network
Services - Mail - Videoconference - Mail - VoD
- Phone …………

NOAM
User NOAM

Wireless_Mobile_VoIP_security_Pr Tonye 81
User-centric and website
• It is a method that consists of analyzing the feelings of Internet
users regarding a website. To do this, it is necessary to analyze
their different behaviors such as the navigation method, the
downloads made, etc.
• Since it is impossible to study all users, we take a representative
sample and perform the analysis on it in order to draw general
conclusions.
• Indeed, the needs and expectations of end users must be taken
into account in the product development process. This is
therefore a behavioral study with respect to an existing product.
• User-centered design is based on usability and
ergonomics criteria that are used in computer design.
Wireless_Mobile_VoIP_security_Pr Tonye 82
 5G network service-based architecture
components Roles
PCF (5G Policy and Charging Function including
StandAlone) QoS management.
NSSF (5G Network Slice Selection Function. Slice
StandAlone) management.
AF Special management of data flows.
NEF Manages the opening of the network in
complete security to third parties.
NRF (5G Repository Function. Directory
StandAlone) management
UDR (5G Unified Data Repository
StandAlone)
UDM User identification and subscription
management
AUSF Authenticates users and authorizes their
access to the network
AMF Access authentication and access
authorization, Signaling exchange with the
EU, mobility and connection management
SMF Session management, allocation of IP
addresses to UEs, ensures QoS
UPF Routes data packets between users and
the Internet, Enforces QoS in the user
plane -
Source
https://thesis.unipd.it/retrieve/e195fe68-9c5d-4dbe-be6a-6ae93dbaf1a3/GiambartolomeiFilippo_Pentesting5
GCoreNetwork.pdf Wireless_Mobile_VoIP_security_Pr Tonye 83
e the table by giving the role of each component of the 5G network service-based architecture

component Roles
PCF (5G
StandAlone)
NSSF (5G
StandAlone)
AF
NEF

NRF (5G
StandAlone)
UDR (5G
StandAlone)
UDM
AUSF

AMF

SMF

UPF
Wireless_Mobile_VoIP_security_Pr Tonye 84
giving the role of each component of the 5G network service-based architecture

component Roles
PCF (5G Politique et fonction de facturation, y compris
StandAlone) la gestion de la qualité de service
NSSF (5G Fonction de sélection de tranche de réseau.
StandAlone) Gestion des tranches.
AF Gestion spéciale des flux de données
NEF Gère l’ouverture du réseau en toute sécurité
vis-à-vis des tiers
NRF (5G Fonction de référentiel. Gestion des annuaires
StandAlone)
UDR (5G Référentiel de données unifié
StandAlone)
UDM Identification des utilisateurs et gestion des
abonnements
AUSF Authentifie les utilisateurs et autorise leur
accès au réseau
AMF Authentification d’accès et autorisation d’accès,
échange de signalisation avec l’UE, mobilité et
gestion des connexions
SMFWireless_Mobile_VoIP_security_Pr
Gestion des sessions, attribution des adresses
Tonye 85
IP aux UE, garantie de la QoS
Complete the table by giving the location of the interface and its transmission role (signaling
and/or data traffic) in the 5G network service architecture

Interfa Localisation Signalisation et/ou Trafic de données

ce
N1
N2
N3
N4
N5
N6
N7
N8
N10
N11
N12
N13
N15

Wireless_Mobile_VoIP_security_Pr Tonye 86
Complete the table by giving the location of the interface and its transmission role (signaling
and/or data traffic) in the 5G network service architecture

Interfa Localisation Signalisation et/ou Trafic de données

ce
N1 UE - AMF Signalisation et Trafic de données

N2 gNB - AMF Signalisation et Trafic de données

N3 gNB - UPF Trafic de données
N4 SMF - UPF Signalisation et Trafic de données
N5 PCF - AF Signalisation et Trafic de données
N6 UE – gNB et UPF Trafic de données
- DN
N7 PCF - SMF Signalisation et Trafic de données
N8 UDM - AMF Signalisation et Trafic de données
N10 UDM - SMF Signalisation et Trafic de données
N11 AMF - SMF Signalisation et Trafic de données
N12 AUSF - AMF Signalisation et Trafic de données
N13 AUSF - UDM Signalisation et Trafic de données
N15 PCF - AMF Signalisation et Trafic de données

Wireless_Mobile_VoIP_security_Pr Tonye 87
Roles of components or mechanisms of 4G and 5G network technologies (1/4)
4G 5G ROLES
eNB gNB

SGW, UPF
PGW

MME AMF+SMF

HSS AUSF+UDM

NRF (5G
StandAlone)
UDR (5G
StandAlone)
PCF (5G
StandAlone)
NSSF (5G
StandAlone)

Wireless_Mobile_VoIP_security_Pr Tonye 88
Roles of components or mechanisms of 4G and 5G network technologies (2/4)

4G 5G ROLES
PCRF
(4G/5G
NSA)
SGWC
(4G/5G
NSA)
SGWU
(4G/5G
NSA)

Wireless_Mobile_VoIP_security_Pr Tonye 89
Roles of components or mechanisms of 4G and 5G network technologies (3/4)

4G 5G ROLES
Data slicing
Beamformin
g

Antenne Massive
MIMO MIMO

Wireless_Mobile_VoIP_security_Pr Tonye 90
Roles of components or mechanisms of 4G and 5G network technologies (4/4)

components Roles
SPR
OFCS
OCS
AF
NEF

Wireless_Mobile_VoIP_security_Pr Tonye 91
Roles of components or mechanisms of 4G and 5G network technologies (1/4)
4G 5G ROLES
eNB gNB gNB: radio resource management, Handover, Beamforming
eNB: radio resource management, Handover
SGW, UPF UPF: routes data packets between users and the Internet, Enforces QoS
PGW in the user plane
PGW: routes packets between UE and internet, manages data security,
sets QoS policies
SGW: routes packets between UE and LAN, traffic routing, enforces QoS
MME AMF+SMF AMF: Access authentication and access authorization, Signaling
exchange with the EU, mobility and connection management
SMF: session management, allocation of IP addresses to UEs, ensures
QoS
MME: user authentication, download subscriber profiles and manage
mobility
HSS AUSF+UDM AUSF: authenticates users and authorizes their access to the network.
UDM: User identification and subscription management
HSS: stores subscriber information
NRF (5G NRF: Repository Function. Directory management
StandAlone)
UDR (5G UDR: Unified Data Repository
StandAlone)
PCF (5G PCF: Policy and Charging Function including QoS management
StandAlone) Wireless_Mobile_VoIP_security_Pr Tonye 92
NSSF (5G NSSF: Network Slice Selection Function. Slice management
Roles of components or mechanisms of 4G and 5G network technologies (2/4)

4G 5G ROLES
PCRF PCRF: Policy and Charging Rules Function
(4G/5G
NSA)
SGWC SGWC: Serving Gateway Control Plane (Plan de contrôle
(4G/5G de la passerelle de desserte)
NSA)
SGWU SGWU: Serving Gateway User Plane (plan d'utilisateur de
(4G/5G la passerelle de desserte)
NSA)

Wireless_Mobile_VoIP_security_Pr Tonye 93
Roles of components or mechanisms of 4G and 5G network technologies (3/4)

4G 5G ROLES
Data slicing :
The delivered signal is directed in a specific direction.
Data slicing With data slicing, the signal delivered by 5G antennas is targeted and
adapted to the needs of each user.
It allows real-time and à la carte network management.
Beamforming :
Emit a very narrow beam of signals targeting terminals connected to the
5G network.
The 5G signal is only emitted when a device needs to connect to the
Beamformin network or use a service.
g The beam from the 5G antenna is therefore directed and does not
propagate elsewhere.
The energy required to connect a device is reduced.
This makes it possible to improve the stability of the transmitted signal
and its power, particularly in saturated places, such as public places.
Antenne MIMO :
MIMO (Multipe Input Multiple Output) from 4G+, implying higher
speeds and range than 4G.
A dozen connectors (radiating elements or miniature antennas) on
MIMO antennas.
Massive MIMO :
Antenne Massive Massive MIMO (to dynamically and more efficiently direct power to each
MIMO MIMO Wireless_Mobile_VoIP_security_Pr Tonye 94
user).
Roles of components or mechanisms of 4G and 5G network technologies (4/4)

components Roles
SPR Manages session routing and service policy enforcement.

OFCS Stores temporary session and service data.

OCS Takes care of online pricing and billing for mobile

services.

AF Special management of data flows.

NEF Manages the opening of the network in complete security
to third parties.

Wireless_Mobile_VoIP_security_Pr Tonye 95
 Massive Antennas – Smart Surfaces

This is made possible using innovative

hardware and algorithms. Each
antenna is programmed to adjust the
phase of the incoming signal, or radio
wave, that it receives so that all waves
reflected off that surface have the
same phase at the receiver. These
waves then merge to form a single
amplified radio wave.

These antennas are hit by incoming

signals of different phases, so you get
a weaker reflected signal or no signal
at all. It's like adding 1 and -1. But by
changing all phases -1 to +1, we
increase the signal strength. Source - https://www.youtube.com/watch?
v=2ZE9h1_5sQc
Wireless_Mobile_VoIP_security_Pr Tonye 96
 Description des
architectures 2G, 3G,
4G, 5G et 6G

Wireless_Mobile_VoIP_security_Pr Tonye 97
6G architecture overview
• In addition to the user and
control planes, the AI plane
(A-Plane) is added. Adopted
from, networking, storage
and computation have all
become more simplified.
The transport network is
condensed. In addition,
cloud-centric lambda
functions progressively
disaggregate the elements
of the 3GPP logical network. Source - https://www.preprints.org/manuscript/202405.0715/v

Wireless_Mobile_VoIP_security_Pr Tonye 98
6G network Architecture
• The architecture has the basis for
data analysis and advanced
networking which can support the
transfer and storage of large data
quickly and reliable.
• The system supports game theory,
control theory and many other
functions for routine decision -making
and the use of the block chain.
• The Quic (Quic Udp Internet
Connections) protocol reduces the
problems encountered in previous
networks.
• Architecture provides air, spatial and
maritime connectivity.
• This requires intelligence, calculation
power and wireless connectivity.

Wireless_Mobile_VoIP_security_Pr Tonye 99
6G network architecture

Wireless_Mobile_VoIP_security_Pr Tonye 100

Ultra-massive MIMO systems in
terahertz bands
• Terahertz (THz) band communications is a key technology
that could meet the growing demand for wireless data traffic
in the next sixth generation (6G) of wireless communications.
• Many challenges, such as high propagation losses and power
limitations, are faced by this technology.
• Ultra-massive multiple-input multiple-output (UM-MIMO)
antenna systems are practical ways of combating this
distance problem, thereby increasing system capacity.
• Graphene-based nano-antennas are proposed, as they can be
individually tuned and collectively controlled in compact UM-
MIMO sub-array architectures..

Wireless_Mobile_VoIP_security_Pr Tonye 101

Small cell random access network
• Physical Random Access Channel (PRACH) preamble
design suitable for 6G cellular communication systems
operating in 6G sub-therahertz.
• Modern random access avoids additional headers and
significantly improves transmission efficiency for small
packets..

Wireless_Mobile_VoIP_security_Pr Tonye 102

Virtual/Augmented/Mixed reality
• Virtual reality (VR) immerses users in an entirely
artificial digital environment.
• Augmented reality (AR) superimposes virtual objects
on the real environment.
• Mixed reality (MR) not only superimposes, but anchors
virtual objects in the real world..

Wireless_Mobile_VoIP_security_Pr Tonye 103

Macrocell-user equipment
• MUEs are designed to communicate with these base stations, enabling them to connect to the
cellular network and access services such as voice calls, text messaging and mobile data.
• MUEs are typically used by consumers, businesses and organizations requiring mobile
communication services. They are commonly used in smartphones, tablets and other mobile devices.
MUEs can also be used in other applications, such as connected vehicles, remote sensors and
industrial equipment.
• How do MUEs work?
• MUEs communicate with macro base stations using radio frequency (RF) signals. When a user makes
a call or sends a message, the MUE converts the data into a digital signal and transmits it on the RF
channel. The base station receives the signal and transmits it to the cellular network for processing.

• MUEs use a variety of technologies to communicate with macro base stations. The most commonly
used technology today is LTE (Long-Term Evolution), a wireless communication standard used by
most cellular networks worldwide. LTE uses OFDM (orthogonal frequency division multiplexing) to
transmit data on several subcarriers simultaneously, enabling high-speed data transmission.
• In addition to LTE, MUEs can also use other wireless technologies such as 5G, 4G, 3G and 2G. Each
of these technologies has its own set of specifications and capabilities, and the choice of technology
depends on the specific needs of the user and the network operator..

Wireless_Mobile_VoIP_security_Pr Tonye 104

Small cell user equipment
• Small cell base stations (SBS) are deployed
in the coverage of macro base stations (MBS)
to improve system performance. However,
some macro-user equipment (MUE) has
strong interference from neighboring SBSs
and therefore MBS performance decreases.
• Intelligent dynamic power control (DPC) with
cellular range extension (CRE) improves the
downlink performance of small-cell user
equipment (SUE) and CRE user equipment
(CUE) in HetNet.
• Each CUE first collects Received Signal
Strength Indicator (RSSI) measurements
from neighboring SBSs and sends them to
the serving MBS. Then, the MBS finds the
MUEs with strong interference from
neighboring SBSs based on a given CRE
target threshold and transfers a fraction of
the MUEs from the MBSs to the SBSs.
Source - https://www.mdpi.com/2076-3417/14/9/3789
Wireless_Mobile_VoIP_security_Pr Tonye 105
Propagation model

r=d – distance entre l’émetteur et

le récepteur
Alpha et beta sont donnés dans la
source

Source - Eric Michel Deussom Djomadji, Emmanuel Tonye (2018), Algorithmes heuristiques pour l'optimisation de modèles de
propagation - Méthodes d'optimisation des modèles de propagation par des algorithmes génétiques, essaim de particules et recuit
simulé, Editions universitaires européennes
Wireless_Mobile_VoIP_security_Pr Tonye 106
Propagation model – Pathloss model
(2/2)
• is a function of :
• the distance,
• the frequency,
• the obstacles in the propagation medium,
• the height of the base station antenna,
• the height of the mobile antenna,
• the mobile obstacles in the propagation medium,
• mobile speed,
• rain,
• dry mist (brume sèche)

Wireless_Mobile_VoIP_security_Pr Tonye 107

Large-scale and small-scale fading
• Signal fading
is equal to free
space
attenuation
(Large scale)
plus masking
effect (Large
scale) plus
multipath
fading (Small
scale).
Wireless_Mobile_VoIP_security_Pr Tonye 108
 Power Control / Adaptive
 Modulation
Controlling transmission power
is a technical mechanism used in
some networking devices to
avoid too much interference.
 Adaptive modulation is a
technique that allows a base
station to change its speed
(modulation rate) as radio
network conditions change in
order to avoid too much
interference.
 Interference from outside
sources, such as changes in the
environment (temperature, tree
foliage, moving objects) all affect
radio coverage. Wireless_Mobile_VoIP_security_Pr Tonye 109
In order to increase network capacity, more and more
base stations are needed for better coverage.

Wireless_Mobile_VoIP_security_Pr Tonye 110

Coverage planning - site footprint based on number of
sectors

Wireless_Mobile_VoIP_security_Pr Tonye 111

 Multiple access in GSM (2G) :
-a- TDMA (Time division multiple access),
-b- FDMA (Frequency division multiple access).

You can have with different QoS :

- Full rate
- 1/2 rate
- ¼ rate

Wireless_Mobile_VoIP_security_Pr Tonye 112

 Signals transmitted by
modulation

• Amplitude
• ASK : Amplitude shift keying

• Frequency
• FSK : Frequency shift keying

• Phase
• PSK : Phase shift keying

Wireless_Mobile_VoIP_security_Pr Tonye 113

 Types of modulation
• IQ In-phase and Quadrature
• BPSK Binary Phase Shift Keying
• QPSK Quadrature Phase Shift Keying
• QAM Quadrature Amplitude Modulation

Modulatio Bits per

n symbol
BPSK 1
QPSK 2
8 PSK 3
16 QAM 4
32 QAM 5
64 QAM 6
128 QAM 7
256 QAM 8
512 QAM 9
1024 QAM 10
2048 QAM 11
4096 QAM 12

Wireless_Mobile_VoIP_security_Pr Tonye 114

 Access modes
• OFDMA (Orthogonal Frequency Division multiplexing) and its variant SC-FDMA (single carrier frequency
division multiple access) are derived from OFDM coding, but unlike OFDM, OFDMA allows and is
optimized for multiple access, that is to say the sharing of the spectral resource (band frequency)
between many users distant from each other.
• OFDMA (base station – portable terminal link) and its variant SC-FDMA (portable terminal – base station
link) are compatible with the MIMO antenna technique.

Wireless_Mobile_VoIP_security_Pr Tonye 115

Radio access technologies (1/2)

Synoptic
representation

Spatial representation

Wireless_Mobile_VoIP_security_Pr Tonye 116

 Radio access technologies (2/2)

A macro cell has certain inadequacies and to resolve them effectively, densifying the network by
deploying small cells is the most optimal solution.
A “small cell” is a radio access point to a telecommunications network covering a fairly small area
and can be deployed in licensed or unlicensed spectrum.

Micro/pico

Wireless_Mobile_VoIP_security_Pr Tonye 117

Further explanations
 Macro BS (Macro Base Station): Used to provide wide network coverage. Macro
stations are installed high up to maximize their range.
 Pico or micro BS (Pico or micro Base Station): Used to densify the network in areas
with high user concentrations such as stadiums or shopping malls.
 Femto BS (Femto Base Station): Intended for home or small office use to improve
coverage inside buildings.
 RRH (Remote Radio Head): Allows the radio part of a base station to be decentralized to
improve coverage in specific areas.
 Relay: Functions as repeaters to extend network coverage in shadowed or hard-to-reach
areas.
 LAA (LTE Licensed Assisted Access): Uses unlicensed bands to increase LTE network
capacity and speeds in combination with licensed bands.
 NRU (New Radio in Unlicensed): Uses unlicensed bands for 5G, allowing for increased
flexibility and additional capacity in very dense areas.

Wireless_Mobile_VoIP_security_Pr Tonye
Micro/pico 118
 Complete the table with comparative characteristics of cell types

TYPES POWER POSITION NUMBER OF FREQUENCY

TRANSMITTED USERS SPECTRA

Macro BS

Pico ou micro
BS
Femto

RRH (Remote
radio head)
Relay (acts as a
repeater)
LAA (LTE
Licensed
Assisted
Access)
NRU (New
Radio in
Unlicensed)
Wireless_Mobile_VoIP_security_Pr Tonye 119
 Comparative characteristics of cell types

TYPES POWER POSITION NUMBER OF FREQUENCY

TRANSMITTED USERS SPECTRA

Macro BS 46 dBm Outdoor 1000 - 2000 With license

given by the
regulatory agency
Pico ou micro 30 dBm Outdoor 100 - 200 With license
BS /indoor
Femto 20 – 23 dBm Indoor 10 – 30 With license
(4 to 64)
RRH (Remote 30 – 35 dBm Outdoor 100 - 200 With or without
radio head) /indoor license

Relay (acts as a 30 – 35 dBm Outdoor 60 - 100 With or without

repeater) /indoor license

LAA (LTE 20 – 23 dBm Outdoor 10 - 30 Without license,

Licensed /indoor 5GHz, LBT
Assisted (Listen Before
Access) Wireless_Mobile_VoIP_security_Pr Tonye Talk) protocol
120
Visible ligth communication
• Visible light communication (VLC) is a disruptive LED-
based technology that offers free spectrum and high
data throughput, potentially serving as a
complementary technology to current radio frequency
standards.
• Visible light communication (VLC) is the use of visible
light (light with a frequency of 400 to 800 THz /
wavelength of 780 to 375 nm) as a transmission
medium. VLC is a subset of optical wireless
communication technologies.

Wireless_Mobile_VoIP_security_Pr Tonye 121

Small cell access point
• A small cell is a generic term used to describe a
miniature radio access point (AP) or wireless network
base station with low radio frequency (RF) output
power, footprint and range.
• Small cells improve cellular network coverage and
capacity in areas - such as densely populated city
centers - where usage demands are highest.

Wireless_Mobile_VoIP_security_Pr Tonye 122

Unmanned aerial vehicles

• Unmanned aerial vehicles are characterized in

particular by their mobility, flexibility, increased
probability of line-of-sight and ability to access
inaccessible locations.
• Extensive research is now being carried out into the
deployment, performance analysis, resource
management, trajectory optimization and channel
modeling of such networks.

Wireless_Mobile_VoIP_security_Pr Tonye 123

Software Defined Network

• Software Defined Networking (SDN) is a network

concept that enables intelligent, centralized
management and control of individual hardware
components using software.
• The use of open protocols such as OpenFlow enables
access to network devices such as switches, routers or
firewalls that would otherwise be impossible to control
due to proprietary firmware.

Wireless_Mobile_VoIP_security_Pr Tonye 124

Brain computer interface
• Brain-computer interfaces (BCI) aim to directly link the
human brain and the outside world by acquiring and
processing brain signals in real time.

Wireless_Mobile_VoIP_security_Pr Tonye 125

M2M
• The sixth generation of mobile networks (6G) enables
machine-to-machine (M2M) communication in Industry
4.0 and Industry 5.0, while improving coverage in
places previously considered hard-to-reach and/or
digitally excluded, and supporting more devices and
users.

Wireless_Mobile_VoIP_security_Pr Tonye 126

M2H
• Humans can interact directly with machines to perform
tasks with precision
• Control connected objects by thought.
• https://www.youtube.com/watch?v=dj1pmjF9c3y

Wireless_Mobile_VoIP_security_Pr Tonye 127

Comparison between CF massive
MIMO and classic massive MIMO

Source -
https://www.researchgate.net/publication/364946922_A_Survey_of_6G_Mobile_Systems_Enabling_Technologi
es_and_Challenges
Wireless_Mobile_VoIP_security_Pr Tonye 128
Non orthogonal Multiple Access
(NOMA)

Source -
https://www.researchgate.net/publication/364946922_A_Survey_of_6G_Mobile_Systems_Enabling_Technologi
es_and_Challenges

Wireless_Mobile_VoIP_security_Pr Tonye 129

 Shared spectrum for OFDM and Noma
for two users

Source -
https://www.researchgate.net/publication/364946922_A_Survey_of_6G_Mobile_Systems_Enabling_Technologi
es_and_Challenges

Wireless_Mobile_VoIP_security_Pr Tonye 130

Illustration of Noma downlink with SIC

Source -
https://www.researchgate.net/publication/364946922_A_Survey_of_6G_Mobile_Systems_Enabling_Technologi
es_and_Challenges

Wireless_Mobile_VoIP_security_Pr Tonye 131

• Key performance indicators (KPI)
of 6G

Wireless_Mobile_VoIP_security_Pr Tonye 132

 6G architecture network
The architecture of 6G is a combination of cloud,
periphery and complex computer science which
is managed centralized for various
communication and calculation mechanisms.
Architecture is divided into 3 plans as follows:
• Intelligent user plan consists of various user
apps and devices that could be connected to an
IoT system. The user plan is connected to the
EDGE node of the access plan.
• Intelligent access plan transports an IA
periphery cloud for the processing of on -site
data. AI Clouds are distributed clouds that
store, process, analyze and visualize complex
data with intelligible user information.
• Intelligent central plan consists of several
complex servers and network nodes to process
data and ensure a high transfer rate. It
supports Mimo Ultra-Massif and also carries
IoT nodes. This complex but integrated
network of devices makes 6G fully applied.

Wireless_Mobile_VoIP_security_Pr Tonye 133

Give the description of each of the twelve (12) 6G network type of
access
Type of access Description
Ultra-massive MIMO systems in
terahertz bands
Small cell random access network
Virtual/Augmented/Mixed reality

Macrocell-user equipment

Small cell user equipment

Visible ligth communication

Small cell access point

Unmanned aerial vehicles

Software Defined Network

Brain computer interface

M2M

M2H

Wireless_Mobile_VoIP_security_Pr Tonye 134

6G network architecture RB : Radio base
DNN : Deep neural network
DLT : Distributed Ledger
Technologies
Technologies de registre distribué

Source -
https://www.researchgate.net/publication/332726164_The_Roadmap_to_6G_--_AI_Empowered_Wirel
ess_Networks Wireless_Mobile_VoIP_security_Pr Tonye 135
AI-enhanced wireless networks
A. From Network Softwarization to Network
Intelligence
B. A network of sub-networks - Local vs. global
evolution
C. Towards intelligent radio (IR)
D. Planning and operating data-driven networks

Wireless_Mobile_VoIP_security_Pr Tonye 136

A) From Network Softwarization to Network
Intelligence
• 6G will adopt new radio access interfaces such as THz
communications and smart surfaces.
• It will also support more advanced Internet of Things (IoT)
functionality, including sensing, data collection, analysis and
storage.
• The design of the 6G architecture will follow a “native AI”
approach, where intelligentization will enable the network to be
intelligent, agile and capable of learning and adapting to changing
network dynamics. It will evolve into a “network of sub-networks”,
enabling more efficient and flexible upgrades, and a new
framework based on intelligent radio and algorithm-hardware
separation to cope with heterogeneous and evolving hardware
capabilities. Both features will exploit AI techniques.
Wireless_Mobile_VoIP_security_Pr Tonye 137
B) A network of sub-networks -
Local vs. global evolution
Given the ultra-high heterogeneity expected, a key feature of 6G
will be its ability to exploit flexible evolution at the sub-network
level to adapt effectively to local environments and user demands,
creating a “network of sub-networks”. In particular, local sub-
networks in 6G can evolve individually to upgrade themselves.
Local evolution can take place in a few neighboring cells, or even
in a single cell, to flexibly apply cutting-edge developments in new
waveforms, coding and multi-access protocols in sub-networks
without tedious testing. As the entire system does not have to be
rebuilt, the cost of upgrading can be considerably reduced.
To achieve this goal, we need to address the following three
challenges:

Wireless_Mobile_VoIP_security_Pr Tonye 138

Three challenges to be met (1/2)
1) Each subnetwork must collect and analyze its local
data, which may include wireless environments, user
demands, mobility patterns, etc., and then exploit AI
methods to upgrade itself locally and dynamically.
2) When local PHY (e.g. Ethernet) or MAC (e.g. TDMA)
protocols are changed, inter-subnetwork interaction
is expected to maintain new inter-subnetwork
coordination. One possible solution is to adopt play-
and-learn approaches in 6G, which can ensure
convergence of subnetwork upgrades.

Wireless_Mobile_VoIP_security_Pr Tonye 139

Three challenges to be met (2/2)
3) The local evolution of 6G requires a relatively stable
control plane to support evolution at the “network of
sub-networks” level. One possible solution is based on
the “learning from scratch” method developed in
Alpha Zero [*]. The 6G control plane must evaluate
each sub-network upgrade, then implement a
network-level learning process to identify the best
strategy for each sub-network, taking into account its
local environments and user behaviors.
[*] D. Silver, J. Schrittwieser, K. Simonyan, I. Antonoglou, A. Huang, A. Guez, T.
Hubert, L. Baker, M. Lai, A. Bolton, et al., “Mastering the game of go without human
knowledge,” Nature, vol. 550, no. 7676, p. 354, 2017
Wireless_Mobile_VoIP_security_Pr Tonye 140
C) Towards intelligent radio (IR)
Emerging hardware revolutions, for example in RF (radio frequency) and circuit
systems, will lead 6G to follow and fully exploit rapid hardware upgrades at terminal
and base station level. It is envisaged that an algorithm-hardware separation
architecture will become essential in 6G. In particular, a transceiver algorithm will
be able to automatically estimate the capacity of the transceiver hardware on which
the protocol runs, and then configure itself according to the hardware capacity.

This contrasts with 1G to 5G systems, where hardware and transceiver algorithms

are jointly designed. Traditionally, hardware capabilities, such as the number of
antennas, RF chains and phase shifters, the resolution and sampling rates of ADCs
(analog-to-digital converters), the computational capabilities of decoders, etc., have
been the focus of attention. However, recent advances in state-of-the-art circuitry
and antennas are accelerating and significantly improving hardware capabilities,
enabling the 6G base station and mobile terminal to be diversified and scalable
within 6G. In other words, 6G won't work under the conventional common design,
which doesn't allow agile adaptation to diverse and evolving hardware..

Wireless_Mobile_VoIP_security_Pr Tonye 141

Comparaison de SDR (sofware define radio – radio
logicielle), CR (cognitive radio – radio cognitive) et IR
(intelligent radio – radio intelligente)

Wireless_Mobile_VoIP_security_Pr Tonye 142

Cognitive radio
• With the development of science in the fields of electricity, magnetism, electronics,
telecommunications and IT, wireless networks have continued to progress. This is illustrated
by the development of 4G mobile technologies and the arrivals of 5G and 6G. The Internet of
Objects (IoT) represents the next phase of the development of the Internet in which almost
everything will be on the Internet itself evolving towards the information oriented
information (King). This means that radio frequencies are used more and more. Good
management of said frequencies is fundamental to ensuring the development of innovative
services in the telecommunications sector.
• Aware of this problem, the International Telecommunications Union (ITU) has set up a
regulatory framework to define the various frequency bands and authorized
radiocommunications services. It is the regulation of radiocommunications (RR). This
organization continues to carry out research to make the frequency spectrum increasingly
available for the arrival of new technologies.
• Joseph Mitola (1991) advocated the concept of an intelligent reprogrammable and
automatically reconfigable intelligent radio system category in order to optimize the use of
frequency resources thanks to a dynamic allocation of said frequencies. These are cognitive
radiocommunication systems. The ITU through its UIT-R 58-2 resolution adopted in 2019,
recommends that the various States continue studies on the implementation and use of
cognitive radiocommunication systems.
Source: https://www.itu.int/fr/ITU-R/Pages/default.aspx
Wireless_Mobile_VoIP_security_Pr Tonye 143
 SDR – Software design radio (1/2)
It is used to exploit the possibilities offered by
reprogrammable logical circuits and build reconfigurable
hardware systems by software.
In the classic configuration with frozen mobile terminal
architecture, a nomadic user needs in order to use the wide
range of mobile technologies and standards available
currently, to have several devices because of the
incompatibility between the different standards, either of an
expensive device due to the use of several ASICS
(Application -Specific Integrated Circuit -Integrated ASICS
components for specific application for the different
standards). Wireless_Mobile_VoIP_security_Pr Tonye 144
SDR – Software design radio (2/2)
• The practical solution to this problem is the use of a
unique terminal that can adapt to different
technologies at lower cost.
• In conventional radio architecture, the equipment
consists of amplifiers, filters, mixers, oscillators
dedicated to specific roles. The software part is
reduced to functions such as simple exploitation,
interface control with the network, error control, etc.
In short, the hardware is preponderant compared to
the software and as such, the update is laborious.
• The software radio arises as a solution to this problem
in that it allows you to use reprogrammable hardware
components to create a generic hardware platform in
Wireless_Mobile_VoIP_security_Pr Tonye 145
which we embark a flexible software architecture.
Software radio solution: Universal Multi-Service, Multi-Setandard, Multibando, Reconfigurable
Universal Radio Terminal. [*]
UE (User Equipment)-A multi-service, multi-standard, multiband, reconfigable and reprogrammable
universal radio terminal taking into account the evolution of the standards and the targeted applications.
The passage from one standard to another is possible by simple modification in the software. The
reconfiguration is functional and operational.
• D-AMPs (Digital Advanced Mobile Phone System) (1g)

• Global System for Mobile Communications (GSM) of the 2G network

• Standard 95 interim, often abbreviated in IS-95, and often called CDMAONE, uses
the CDMA multiplexing technique (Code Division Multiple Access)

• DECT (Digital Enhanced Cordless Telecommunications "Improved digital wireless

telephone"), formerly Digital European Cordless Telephone

• Enhanced Data GSM Environment (2.75g)

• Universal Mobile Telecommunications System (UMTS) of the 3G network

• LTE (Long Term Evolution) of 4G and 5G networks

• GPS - Global Positioning System (Global Positioning System "or" Satellite geo -
positioning ")

• Galileo is a satellite positioning system (radionavigation) developed by the European

Union - Russian Glonass and Chinese Beidou

• Digital Video Broadcasting (digital video broadcast)

• Digital Audio Broadcasting (digital broadcasting) or digital sound broadcasting

system

• Homerf is a wireless network specification.

• Hyperlan-Pack makes it possible to establish an ethernet connection point with

wireless point between buildings, factories, IP surveillance cameras, offshore
platforms and temporary installations

• IEEE 802.11 is a set of standards concerning local wireless networks (Wi-Fi)

[*] Nagapushpa K.P, Chitra Kiran N. Studying Applicability Feasibility of OFDM in Upcoming 5G Network. (IJACSA)
International Journal of Advanced Computer Science and Applications, Vol. 8, No. 1, 2017
Wireless_Mobile_VoIP_security_Pr Tonye 146
Federated learning in a two -level model
• There are no participating
nodes, divided into a discreet
number of sub-assemblies.
• Each subset communicates
with a local FL aggregation
server. A Master FL server
located at the top of the
corresponding hierarchy can
communicate with all the
Local FL servers.
• The latter combine the
training parameters for
participating nodes to
aggregate the local FL
models, which in turn are
sent to the master server.
Wireless_Mobile_VoIP_security_Pr Tonye 147
Network Data Analytics Function
(NWDAF)
• When combined with advanced
automatic learning techniques (ML),
large -scale network optimization can be
taken care of, according to traffic
requests and service requirements.
• In addition, the data collected from the
NWDAF can be used for the detection of
anomalies and therefore improving
security and confidentiality.
• The NWDAF has a role in data
collection, optimization of resources and
improving security in large generation
wide -band networks.
• A high -level architectural approach
based on NWDAF, for the effective
collection of data and the formation of
the ML model in large -scale
heterogeneous environments.

Wireless_Mobile_VoIP_security_Pr Tonye 148

Live calculation for federated
learning [*] distributed on the
portable terminal

[*] B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient

learning of deep networks from decentralized data,” in Proc. Int. Conf. Artificial Intell. Stat.
(AISTATS), vol. 54, pp. 1273–1282, 2017
Wireless_Mobile_VoIP_security_Pr Tonye 149
Distributed inference [*] on the device via wireless
MapREDuce

MAPREDUCE is a model of computer

development architecture, invented by
Google, in which parallel calculations are
carried out, and often distributed, of
potentially very large data, typically higher
in size to 1 teraoctet.
The terms "MAP" and "Reduce", and the
underlying concepts, are borrowed from the
functional programming languages ​used for
their construction (map and reduction of
functional programming and table
programming languages).
MapREDUCE allows you to handle large
amounts of data by distributing it in a
cluster ofY.machines
[*] K. Yang, to be
Shi, and Z. Ding, processed.
“Low-rank optimization for data shuffling in wireless distributed computing,” in
Proc. IEEE Int. Conf. Acoustics Speech Signal Process. (ICASSP), Calgary, Alberta, Canada, 2018
Wireless_Mobile_VoIP_security_Pr Tonye 150
D) Planning and exploitation of
data -based networks
• The unprecedented transformation of wireless networks will make 6G
considerably different from previous generations, because it will be
characterized by a high degree of heterogeneity in multiple aspects,
such as network infrastructure, radio access technologies, RF
devices , calculation and storage resources, types of applications, etc.
• In addition, the wide range of new applications will require intelligent
use of communication, calculation, control and storage of the
periphery of the network at the heart, and through multiple radio
technologies and network platforms.
• Finally and above all, the volume and variety of data generated in
wireless networks increase considerably. This opens up great
opportunities for the planning and exploitation of data -based
networks in order to obtain real -time additivity to dynamic network
environments.
Wireless_Mobile_VoIP_security_Pr Tonye 151
6G performance
• further enhance Ultra-Mobile Broadband (feUMBB) - améliorer davantage le haut
débit ultra-mobile,
• ultra High Sensing Low Latency Communications (uHSLLC) - Communications à
faible latence à détection ultra élevée,
• ultra-High Density Data (uHDD) services - services de données ultra-haute densité
(uHDD),
• ultra-High Energy Efficiency (uHEE) - efficacité énergétique ultra-élevée,
• ultra-High Reliability and Sensing (uHRS) - ultra-haute fiabilité et détection,
• ultra-High Reliability and User experience (uHRUx) - ultra-haute fiabilité et
expérience utilisateur,
• ultra-Low Latency Reliability and Secure (uLLRS) - fiabilité et sécurité à latence
ultra-faible,
• ultra-High Security (uHS) - ultra-haute sécurité,
• ultra-High Sensing and Localization (uHSLo) - détection et localisation ultra-élevées.

Wireless_Mobile_VoIP_security_Pr Tonye 152

A comparison of 5G and 6G using
vertical support (a) 5G and (b) 6G

Wireless_Mobile_VoIP_security_Pr Tonye 153

Mécanismes de sécurité
des réseaux 2G, 3G, 4G,
5G, 6G et WIFI

Wireless_Mobile_VoIP_security_Pr Tonye 154

Evolution of mobile radio security architecture

Source:
Wireless_Mobile_VoIP_security_Pr Tonye 155
https://www.slideshare.net/mobile/3G4GLtd/intermediate-security-in-mobile-cellular-networks
Authentification
• Authentication is done by AKA
(Authentication and Key Agreement
Procedure)
• In 2G we had only handset authentication
whereas in 3G and 4G we do mutual
authentication to verify the handset as well
as the base station.

Wireless_Mobile_VoIP_security_Pr Tonye 156

Ciphering
• Encryption is
the process of
encrypting and
decrypting
• Example of 2G
encryption

Wireless_Mobile_VoIP_security_Pr Tonye 157

Symmetric vs. asymmetric
encryption

Wireless_Mobile_VoIP_security_Pr Tonye 158

 Symmetrical encryption
Examples of symmetrical encryption algorithms
 DES: Data Encryption Standard
 3DES: extension of DES (three-stage DES),
used by SSH
 RC2/4/5: from RSA Data Security
 IDEA: International Data Encryption
Standard, used by PGP
 AES: Advanced Encryption Standard
 AKA: Authentication and Key Agreement

Examples of asymmetric encryption

algorithms
 RSA: named after its inventors
Rivest, Shamir and Adleman
 ElGamal
 DSA / DSS

https://developer.orange.com/wp-content/uploads/Livre-Blanc-sur-la-sécurité-du-nomadisme.pdf
Wireless_Mobile_VoIP_security_Pr Tonye 159
GSM Safety

 Radio communications vulnerability  Need for

- IMSI confidentiality

- Authentification
- Signalling and traffic data confidentiality

- Integrity !

 GSM networks provide :

- Managing theft of used equipment

- Use of a temporary TMSI identity assigned by the VLR

-- Authentication of each subscriber to the network

- Encryption of communications between MS and BTS

Wireless_Mobile_VoIP_security_Pr Tonye 160

Integrity Protection
• A 32-bit (4-byte) number is added to some signaling messages in 3G
and 4G to authenticate individual messages
• In 3G, integrity protection occurs at the RRC layer
• In 4G, integrity protection occurs at the PDCP and in NAS.

Wireless_Mobile_VoIP_security_Pr Tonye 161

 3GPP 5G Security Standardization Progress

Source:
http://www-file.huawei.com/-/media/CORPORATE/PDF/white%20paper/5g_security_ar
chitecture_white_paper_en-v2.pdf?la=en
Wireless_Mobile_VoIP_security_Pr Tonye 162
Wireless_Mobile_VoIP_security_Pr Tonye 163
Wireless_Mobile_VoIP_security_Pr Tonye 164
Wireless_Mobile_VoIP_security_Pr Tonye 165
Security algorithms
A variety of security
algorithms are used to
provide authentication,
cryptographic key
generation, integrity
and confidentiality of
radio links to users on
mobile networks.
Details of the different
algorithms and how
they can be achieved
are given opposite.

Source: https://www.gsma.com/security/security-algorithms/
Wireless_Mobile_VoIP_security_Pr Tonye 166
Slice Isolation Technique to Mitigate the Impact of DDoS Attacks on 5G Core
Network (1/2)
• Left Figure. Network
configuration C1 with shared
SMF and UPF. Yellow
rectangles represent
dedicated VMs. Network
entities belonging to slice 1
are represented in green,
while purple is used for slice
2. Shared SMF and UPF are
represented by a gradient of
both colors. The rest of the
core VNFs are represented by
white blocks, while gNBs are
blue. The other figures follow
a similar color code.
• Right Figure. Network
configuration C2 with isolated
SMF and UPF. Wireless_Mobile_VoIP_security_Pr Tonye 167
Slice Isolation Technique to Mitigate the Impact of DDoS Attacks on 5G Core
Network (1/2)

• Left Fig. A Downlink Data

Transfer Experiment (Section
VA) and a Ping RTT
Experiment (Section VB)
during a Data Plane Flooding
(ping) Attack (the figure shows
only the C1 configuration but
the same experiment is also
performed on the C2
configuration).
• Right Fig. A UE 2 Procedure
Delay Experiment (Section
VC) during a Control Plane
Flooding Attack (the figure
shows only the C1
configuration but the same
experiment is also performed
on the C2 configuration).
Wireless_Mobile_VoIP_security_Pr Tonye 168
Three open-source 5G network cores: Open5GS, Free5GC and
OpenAirInterface
In the diagrams, the difference is in the IP addresses
 Open5GS 1. Open5GS, Free5GC and OpenAirInterface
(NSA) • Operating System: Ubuntu
• Version: 20.04.4 LTS/ 22.04.4 LTS
• Codename: Focal
• Linux Kernel: 5.15.0-46-generic
2. UERANSIM
OpenAirI • Operating System: Ubuntu
UERAN
SIM
Hacker nterface • Version: 20.04.4 LTS
(NSA) • Codename: Focal
• Linux Kernel: 5.15.0-46-generic
3. KaliLinux
• Operating System: Kali GNU/Linux
Rolling
Free5GC • Release: 2022.1
(SA)
• Codename: Kali-Rolling
• Linux Kernel: 5.15.0-kali3-amd64
To check the robustness of these
network cores, carry out the
following attacks
1. Dictionary attack and brute force attack in order to recover user
credentials (passwords, username)
2. SQL injection and NOSQL injection targeting databases which
consists of injecting malicious code
3. DoS/DDoS, denial of service, targeting web servers
4. Clickjacking: targets web interfaces in order to appropriate a
user's credentials.
5. Leakage of database authorizations and transversal directory,
targeting user and administrator privileges
6. The Robustness of the Json Web Token targeting user
authentications.
To perform these attacks we will use the following tools.
Wireless_Mobile_VoIP_security_Pr Tonye 171
• Open5GS Installation
• https://open5gs.org/open5gs/docs/guide/01-quickstart/

• UERANSIM Installation
• https://github.com/aligungr/UERANSIM/wiki/Installation
• https://free5gc.org/guide/5-install-ueransim/#1-install-ueramsim-vm

• Kali linux Installation

• https://www.kali.org/tools/kali-meta/
Wireless_Mobile_VoIP_security_Pr Tonye 172
• Free5GC Installation
• https://free5gc.org/guide/3-install-free5gc/
• https://free5gc.org/guide/#free5gc-installation-guide
• Free5gc, https://github.com/free5gc/free5gc/wiki, 2022

• OpenAirInterface Installation
• https://gitlab.eurecom.fr/oai/openairinterface5g/-/blob/develop/doc/BUILD.md
• OpenAirInterface
• https://www.youtube.com/watch?v=EZznsW4cmcM
• Openairinterface 5g core network,
https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-fed/-/blob/master/docs/DEPLOY_SA5G
_BASIC_DEPLOYMENT.md
, 2022

Wireless_Mobile_VoIP_security_Pr Tonye 173

In the case of denial of service, we proceed by flooding
Comparaison de niveau de vulnérabilités
Open5GS Free5GC OpenAirInterface

1. Attaque par
dictionnaire
2. Attaque par force
brute
3. Injection SQL

4. DoS et DDoS

5. Fuite des autorisations

de base de données

6. Injection NoSQL

7. Détournement de clics
(Clickjacking)
8. Annuaire transversal

9. Robustesse du jeton
Web Json
Echelle de vulnérabilitéTonye
Wireless_Mobile_VoIP_security_Pr : OUI, NON, // (Pas effectué
175
Représentation des attaques et coeurs affectés par celles-ci (1)

Legend:
• Yes = Exploitable
• No = Not Exploitable
• / = Not applicable
“Free5gc,” https://github.com/free5gc/free5gc/wiki, 2022
Wireless_Mobile_VoIP_security_Pr Tonye 176
Comparaison de niveau de vulnérabilités STRIDE
Open5GS Free5GC OpenAirInterface

1. Spoofing (Usurpation)

2. Tampering
(Falsification)
3. Repudiation
(Répudiation)
4. Information disclosure
(Divulgation
d’information)
5. Denial of service (Déni
de service)

6. Elevation of privilege
(Augmentation des
privilèges)

Echelle de vulnérabilitéTonye
Wireless_Mobile_VoIP_security_Pr : OUI, NON, // (Pas effectué
177
MAPPING OF STRIDE CATEGORIES (I.E. A
THREATS) TO THE SECURITY GOAL THAT
PROTECT AGAINST THEM

Spoofing Tampering Repudiation Information Denial of Elevation of

STRIDE Category
disclosure service privilege
Usurpation Falsificatio Répudiation Divulgation Dénis de service Elévation de
n d’information privilège
Security Property Authenticatio Integrity Non- Confidentiality Availability Authorization
n repudiation

Wireless_Mobile_VoIP_security_Pr Tonye 178

Donner le rôle de chacun des dix (10) outils de test d’intrusion des
coeurs de réseaux 5G
Outil Rôle
Nmap
Network Mapper

WhatWeb

Nikto

Dirbuster et Dirb

Burpsuite

Nessus

Hping3

SlowLoris

Hulk

JohnTheRipper

Wireless_Mobile_VoIP_security_Pr Tonye 179

Rôles de dix (10) outils de test d’intrusion des coeurs de réseaux 5G open source
ROLE
Nmap Network Mapper, cet outil est principalement utilisé pour recueillir des informations sur un réseau ou un hôte spécifique. Nmap permet en effet de scanner
une ou plusieurs cibles simultanément, afin d'obtenir le plus d'informations possible sur les services, les ports, les hôtes mais aussi les vulnérabilités. Donne
la possibilité d'identifier la cible et de mieux comprendre son fonctionnement.
WhatWeb Permet d'essayer d'identifier quelle typologie de site Web est la cible prise en compte. En effet, son but est avant tout de récupérer toutes les informations
disponibles afin d'identifier toutes les technologies et fonctionnalités que le site web présente. Forcer brutalement une page Web spécifique, dans le but de
découvrir des répertoires et des fichiers cachés
Nikto Scanner d'applications Web est principalement utilisé pour obtenir des informations de base, en vérifiant les versions obsolètes du système, les en-têtes
inhabituels et tout ce qui peut être exploité contre la cible. Contrairement à Whatweb et Nmap Nikto, les résultats peuvent être un peu invasifs. Permet
également de vérifier d'éventuelles faiblesses. Forcer brutalement une page Web spécifique, dans le but de découvrir des répertoires et des fichiers cachés

Dirbuster et Dirb Forcer brutalement une page Web spécifique, dans le but de découvrir des répertoires et des fichiers cachés avec l'utilisation d'une interface graphique pour
Dirbuster
Burpsuite l'un des outils le plus utilisé par la communauté. En effet, il fournit une grande variété de techniques implémentables pour plusieurs attaques. Tant le
dictionnaire que l'attaque par force brute ont utilisé une liste de mots : pour le premier cas, elle est composée de mots, tandis que pour le second,
l'ensemble est composé de caractères appropriés.
Nessus Un scanner de vulnérabilités très puissant qui permet d'effectuer une analyse hautement spécialisée sur une cible. En effet, l'idée derrière cela est qu'il
fournit de nombreuses fonctionnalités qui peuvent être modifiées, afin de créer l'analyse la plus efficace. Permet d'inspecter l'objectif d'un point de vue
général mais également d'approfondir ses détails en fournissant des modèles d'analyse spécifiques, en se concentrant uniquement sur des ports, des services
ou une page de connexion spécifiques.
Hping3 Utilisé pour la création de paquets ICMP, TCP et UDP. Cet outil réseau a pour but d'élaborer, selon quelques spécificités, le paquet le plus efficace dans une
situation pour une attaque DoS (Deni de service).
SlowLoris Outil DoS à faible bande passante, il permet d'exploiter un déni de service (DoS) contre un serveur Web cible. L’idée derrière cela est que SlowLoris conserve
autant de connexions ouvertes que possible. De cette façon, la victime se retrouve inondée de requêtes qui ne peuvent pas être fermées, submergeant le
pool de connexions du serveur Web spécifique.
Hulk HTTP Unbearable Load King DDoS est un outil unique, totalement distinct de celui déjà présenté. En effet, HULK est capable de générer chaque requête
différente d'une autre, de cette manière chaque paquet envoyé peut éviter la vérification d'un éventuel IDS. En fait, cela modifie le modèle de chaque
requête à partir de l’en-tête.
JohnTheRipper Cet outil a pour objectif principal de déchiffrer le mot de passe. En analysant la manière dont il a été exécuté, JohnTheRipper a travaillé avec une liste de
mots : principalement utilisée pour vérifier une correspondance. En fouillant dans son emploi, l'attaquant doit l'alimenter avec un fichier de hachage, puis
transmettre la liste de mots à utiliser. Dans certains cas, le format est également important et doit être précisé.
Wireless_Mobile_VoIP_security_Pr Tonye 180
 Les attaques qui se concentrent sur les interfaces réseau en utilisant
les protocoles. Donner un exemple d’attaque, les outils de test
d’intrusion et les piliers de sécurité concernés
Composants Attaque Outils de test Piliers de sécurité
d’intrusion
UE-AMF Attaque par Nmap, Burp suite Confidentialité /
dictionnaire Authentification
AUSF-UDM Attaque par Burp suite, Dirb Confidentialité /
force brute Authentification
UDM Injection SQL Burp suite, Dirb Confidentialité /
autorisation
PCF-UDM Injection WhatWeb Disponibilité
NOSQL
PCF-UDM Fuite des JohnTheRipper Intégrité /
autorisations Confidentialité /
de base de Disponibilité
données
AMF-RAN-UPF DoS/DDos Nikto, Slow Loris, Intégrité /
Hping3, HULK Confidentialité
Serveur Web(web- Annuaire Hping3 Intégrité /
UPF) transversale Confidentialité
Serveur Web Détournemen Slowloris Confidentialité /
t des clics autorisation
AUSF-AMF Robustesse JohnTheRipper, Authentification / non-
du jeton web Slowloris répudiation /
 Les attaques qui se concentrent sur les interfaces réseau en utilisant
les protocoles. Donner un exemple d’attaque, les outils de test
d’intrusion, les piliers de sécurité concernés et les contre- mesures
Composants Attaque Outils de test d’intrusion Piliers de sécurité Contre-mesures aux
attaques
concernés
UE-AMF Attaque par Nmap, Burp suite Confidentialité / Chiffrement des paquets
entrants et sortants du réseau
dictionnaire Authentification
AUSF-UDM Attaque par Burp suite, Dirb Confidentialité / Chiffrement des paquets
entrants et sortants du réseau
force brute Authentification
UDM Injection SQL Burp suite, Dirb Confidentialité / Vérification de privilèges des
utilisateurs qui se connecte à la
autorisation base de données

PCF-UDM Injection WhatWeb Disponibilité Vérification de privilèges des

utilisateurs qui se connecte à la
NOSQL base de données

PCF-UDM Fuite des JohnTheRipper Intégrité / Confidentialité Pare feu, la segmentation du

réseau
autorisations / Disponibilité
de base de
données
AMF-RAN-UPF DoS/DDos Nikto, Slow Loris, Intégrité / Confidentialité Administrateur devrait rendre
l’Authentification obligatoire
Hping3, HULK pour chaque utilisateur

Serveur Web(web- Annuaire Hping3 Intégrité / Confidentialité Utilisation de l’option X-Frame,

utilisation du frame busting
UPF) transversale
Serveur Web Détournement Slowloris Confidentialité / Réduire la durée de vie du jeton
Web JSON
des clics autorisation
AUSF-AMF Robustesse du JohnTheRipper, Slowloris Authentification / non- Limiter les privilèges aux
utilisateurs
Evolving security challenges in mobile telecommunication
networks

Source https://www.researchgate.net/publication/350824205_6G_Security_Challenges_and_Potential_Solutions

Wireless_Mobile_VoIP_security_Pr Tonye 183

Evolution of the mobile technology security landscape from 4G to
6G

Wireless_Mobile_VoIP_security_Pr Tonye 184

Mechanism for securing 0G to 6G networks
0G 1G 2G 3G 4G 5G 6G
Mechanism for No No Mobile terminal Mutual Mutual Decentralized Decentralized
securing authentication, authentication of authentication of security (any and globally
Encryption (AN CP, UP) the mobile terminal mobile terminal unsecured areas managed
and the network, and network, could compromise security.
Encryption Encryption other parts of the
(RRC/AN CP, UP), (RRC/AN CP, UP), network),
Signaling integrity Signaling integrity securing all
(RRC (radio control (RRC), Encryption connected devices
resource)) (NAS), Signaling through software
integrity (NAS updates
(Non Access
Stratum))
Encryption algorithms None None For GSM For UMTS  Encryption: Authentication: Algorithms of
 Authentication: A3,  Authentication: EEA (EPS  EAP-SIM: Deep learning
A5 f1, f2, f3, f4, f5 Encryption Authentication
 Confidentiality: A8  Privacy: f8 Algorithm) via the SIM
 Integrity: f9  Integrity: EIA application of a
For GPRS: GEA (EPS Integrity 2G phone
 EAP-AKA:
Algorithm)
Mutual
authentication
on the
3G/4G/5G
network
 EAP-AKA‘
 5G-AKA: Mobile
authentication
on a WiFi
access network
Wireless_Mobile_VoIP_security_Pr Tonye 185