The introduction of 5G technology is transforming the telecommunications industry, offering enhanced connectivity and supporting advanced use cases such as IoT, ultra-reliable low-latency communications, and enhanced mobile broadband. 

A key challenge in this ecosystem is enabling seamless 5G roaming between different mobile network operators (MNOs) across borders, which requires reliable interconnection via IP eXchange (IPX) networks.

This research internship aims to explore the feasibility of using Mininet, a network emulation tool, in conjunction with Open5GS, an open-source 5G core network implementation, to simulate basic IPX functionalities for supporting 5G Standalone (SA) roaming use cases. 

The focus will be on setting up the system, adding support for needed protocols and integrating the Mininet-IPX-setup into the current LKN 5G Roaming Testbed.

Prerequisites

5G is the newest generation of mobile networks, allowing for higher data rates, lower latency and many new features like network slicing. Its central element is the 5G Core, which is a network of specialised Network Functions (NFs). One of these NFs is responsible for roaming connections. Roaming allows subscribers to connect to the internet via other network operators’ networks if they have a roaming agreement. Between two Public Land Mobile Networks (PLMNs) there are two standardised roaming modes: Local Break Out and Home Routed Roaming.

A major part of both roaming modes is the Security Edge Protection Proxy (SEPP), a 5G NF designed to establish and maintain a secure control plane connection between two PLMNs. Implementing it, or extending the existing implementation of Open5GS, will be an important part of this work. The SEPP is connected to other NFs in the same PLMN via Service Based Interfaces (SBIs) and to other PLMN’s SEPPs via the N32 interface.

Two SEPPs connections are divided into the N32-c and N32-f interfaces. Via N32-c, the connection is established and the security capabilities of N32-f are negotiated. All control messages between NFs of the visited and the home PLMN are transmitted via N32-f. While N32-c is secured with an end-to-end Transport Layer Security (TLS) connection, N32-f either uses the same security or, alternatively, a new 5G protocol named PRotocol for N32 INterconnect Security (PRINS). PRINS uses end-to-end application layer encryption and additionally hop-to-hop TLS encryption. While one direct TLS connection is more secure, it relies on a direct link between both parties. Considering a roaming scenario with two countries separated by multiple thousand kilometres, direct links are not always feasible. Alternatively, two PLMNs are connected via IP Exchange Networks (IPXs). To be able to route the packets reliably to their respective destinations, the IPX providers have to have access to the packets’ data. PRINS aims to provide security for this option by using the Javascript Object Signing and Encryption (JOSE) framework.

This work aims to implement N32-c and both options for the N32-f interface and investigate their differences regarding security, operability, and performance.

Prerequisites

5G is the newest generation of mobile networks allowing for higher data-rates, lower latency and many new features like network slicing. Its central element is the 5G Core, which is a network of specialised Network Functions (NFs). Roaming allows subscribers to connect to the internet via other network operator’s networks if they have a roaming agreement. We are looking for a student to help implement and maintain a 5G Roaming testbed. At first, that is planned as an open source testbed leveraging Open5GS. Later, the plan is to connect this open source testbed to the LKN campus network.

This working student position may run parallel to Master Theses with more focused implementation and evaluation works. The working student is welcome to follow up on this work with his/ her own research internship or Master’s thesis.

Objectives

The primary objective of this work is to help implement and maintain a 5G Roaming testbed. This testbed shall then be used for investigation of security mechansims and performance measurements. Those are not the main job of the student, but the student is supposed to help.

1. Work into 5G Roaming

2. Implement missing Roaming functionalities into Open5GS

3. Maintain Roaming Testbed

4. Connect open source 5G Roaming testbed with Campus Network (once possible)

5. Aid in security investigations

6. Aid in performance measurements

7. Potentially add other NFs later

Prerequisites

5G is the newest generation of mobile networks, allowing for higher data rates, lower latency and many new features like network slicing. Its central element is the 5G Core, which is a network of specialised Network Functions (NFs). One of these NFs is responsible for roaming connections. Roaming allows subscribers to connect to the internet via other network operators’ networks if they have a roaming agreement. Between two Public Land Mobile Networks (PLMNs), there are two standardised Roaming modes: Local Break Out and Home Routed Roaming. For Local Break Out Roaming, only the home network’s control plane is accessed from the visited network, while the user data is directly transmitted to the Data Network (DN). For Home Routed Roaming, the user data is routed through the home network to the DN. This thesis aims to implement both Roaming versions in an open-source core network and compare them regarding chosen KPIs, e.g., latency or throughput. Open5GS would be the primary choice for the open-source core network, as it already supports Local Break Out Roaming. Home Routed Roaming is not yet supported.

A major part of 5G roaming is the Security Edge Protection Proxy (SEPP), a 5G NF designed to establish and maintain a secure control plane connection between two PLMNs. Implementing it, or extending the existing implementation of Open5GS, will be an important part of this work. The SEPP is connected to other NFs in the same PLMN via Service Based Interfaces (SBIs) and to other PLMN’s SEPPs via the N32 interface.

The biggest difference between the two roaming scenarios lies in the data plane routing, so implementing the connection between two User Plane Functions (UPFs), the N9 interface, is necessary to connect two PLMNs. The newly introduced Inter PLMN User Plane Security (IPUPS) used for additional security on this connection is initially considered out-of-scope for this work but may be added later.

A security analysis regarding control and user plane for both roaming modes finishes this work’s contributions. Potential focal points are the control capabilities of the home PLMN operator in Local Break Out Roaming.

Prerequisites