00_index
📡 Open5GS Telecom Security Lab Guide
A comprehensive hands-on guide to 4G/5G networks, Kubernetes, and threat modeling for security engineers
🎯 Learning Objectives
By completing this lab guide, you will:
- ✅ Understand 4G LTE EPC architecture (MME, HSS, SGWC/U, PGWC/U)
- ✅ Understand 5G NSA (Non-Standalone) dual connectivity
- ✅ Understand 5G SA (Standalone) Service Based Architecture
- ✅ Build working Docker labs for 4G, 5G NSA, and 5G SA using Open5GS + UERANSIM
- ✅ Deploy telecom core networks on Kubernetes with Helm charts
- ✅ Apply STRIDE threat modeling to 4G, 5G, and K8s telecom infrastructure
- ✅ Identify attack surfaces and mitigations for mobile core networks
📚 Guide Structure
Theory Sections
| Part | File | Description |
|---|---|---|
| 1 | 4G/LTE Fundamentals | EPC architecture, CUPS, interfaces (S1, S5, S6a, S11, Gx) |
| 2 | 5G NSA Architecture | EN-DC, dual connectivity, eNB+gNB integration |
| 3 | 5G SA Architecture | SBA, NRF, all NFs, N-series interfaces, slicing |
Hands-On Labs
| Part | File | Description |
|---|---|---|
| 4 | Docker Lab: 4G EPC | Build 4G core with Open5GS + UERANSIM on Docker |
| 5 | Docker Lab: 5G NSA | Configure NSA mode with EN-DC |
| 6 | Docker Lab: 5G SA | Build full 5G SA core with all NFs |
| 7 | Kubernetes Deployment | Deploy Open5GS on K8s with Helm charts |
Threat Modeling
| Part | File | Description |
|---|---|---|
| 8 | 4G Threat Model | STRIDE analysis of 4G EPC attack surface |
| 9 | 5G Threat Model | STRIDE analysis of 5G SA attack surface |
| 10 | K8s + Telecom Threats | Container, orchestration, and supply chain threats |
🛠️ Prerequisites
Hardware
- Mac with Docker Desktop (Apple Silicon or Intel)
- 8GB+ RAM recommended (16GB for K8s labs)
- 20GB+ free disk space
Software
- Docker Desktop for Mac
- Homebrew (for installing tools)
- Wireshark (for packet analysis)
- Basic terminal/shell knowledge
Optional (for K8s labs)
kubectl- Kubernetes CLIkindorminikube- Local K8s clusterhelm- Kubernetes package manager
Important
Docker Image Sources: The labs use per-NF images from borjis131/docker-open5gs (e.g., borieher/open5gs-amf:v2.7.6). There is no single monolithic Open5GS Docker image.
Warning
UERANSIM Limitation: UERANSIM simulates 5G NR only (gNB + 5G UE). It cannot simulate 4G eNBs. Parts 4-5 use UERANSIM connecting to Open5GS in its combined 4G/5G mode. For genuine 4G-only simulation, use srsRAN.
🚀 Recommended Learning Path
Path 1: Theory First (Recommended for Beginners)
- Read Parts 1-3 (Theory)
- Complete Parts 4-6 (Docker Labs)
- Complete Part 7 (Kubernetes)
- Study Parts 8-10 (Threat Modeling)
Path 2: Hands-On First (For Experienced Engineers)
- Skim Part 1 (4G basics)
- Complete Part 4 (4G Docker Lab)
- Read Part 3 (5G SA theory)
- Complete Part 6 (5G SA Docker Lab)
- Jump to Parts 8-10 (Threat Modeling)
Path 3: Security-Focused (For Threat Modelers)
- Skim Parts 1-3 (Architecture overview)
- Read Parts 8-10 (Threat Models)
- Complete Parts 4-6 (Labs to validate threats)
📖 How to Use This Guide
Reading Tips
> [!NOTE]= Important concepts and context> [!TIP]= Helpful hints and best practices> [!WARNING]= Security warnings and known issues> [!CAUTION]= Critical items that can break your lab- 📊 Mermaid diagrams = Visual architecture (render in VS Code with Mermaid extension or GitHub)
Lab Tips
- Each lab is self-contained with full configs
- Copy-paste commands directly into terminal
- Use
docker-compose logs -f <service>to debug - Wireshark/tcpdump snippets provided for packet analysis
Threat Modeling Tips
- STRIDE categories: Spoofing, Tampering, Repudiation, Info Disclosure, DoS, Elevation of Privilege
- Each threat includes attack vector, impact, and mitigation
🔗 External Resources
🤝 Contributing
Found an error or want to improve this guide? Contributions welcome!
Let's build some mobile networks! 🚀
Start with → Part 1: 4G/LTE Fundamentals