Mobile roaming enables users to seamlessly access internet and communication services across the globe. These services are facilitated by Mobile Network Operators (MNOs) through extensive roaming agreements with numerous international counterparts. As a result, roaming interfaces have evolved into highly complex interconnection points, supporting a wide array of protocols and multiple generations of mobile network technologies. Large-scale MNOs, serving millions of inbound and outbound roaming users, must efficiently manage high volumes of network traffic — often processing thousands of packets per second. Even when focusing solely on control plane messages, this traffic generates substantial data, all of which passes through firewalls and contributes to extensive logging activity. Beyond firewall logs, several other data sources — such as diameter routing agents, DNS servers, and passive monitoring systems — offer valuable insights and can be integrated into a comprehensive analysis.

The aim of this research internship is to explore selected data sources within a controlled environment to identify correlations, uncover trends, and propose innovative approaches for leveraging this data in operational network management. The investigation will focus on a 4G roaming scenario, analyzing and comparing two distinct one-hour timeframes: A high-traffic hour during an international event, characterized by elevated roaming activity, and a regular hour on a typical day with no special events. Through this comparative analysis, the student will gain hands-on experience in data interpretation, network behavior analysis, and the development of actionable insights for real-world mobile network operations.

Objectives

1. Work into different data sources.
a) Firewall logs.
b) Diameter Routing Agent logs.
c) DNS server logs.
d) Logs from passive monitoring.
2. Investigate trends and correlations between the data sources.
3. Investigate the possible detection special events.
4. Investigate differences between the two distinct data sets.
5. Evaluate results and draw conclusions on the applicability of the collected information.
6. What can be done in future work?

Prerequisites

Mobile networks have evolved significantly over the years—from older generations like 2G, 3G, and 4G to the latest 5G technology. Each generation brings new features and changes in how data is handled and secured.

In older networks (2.5G to 4G), a special type of firewall called a GTP-Firewall was used to protect both the control signals (which manage the connection) and the actual user data (like videos or messages). These firewalls could see and filter all the traffic because it was sent in a readable format. 

With 5G, things are changing. The control signals now use a different protocol (HTTP/2), and the user data might be encrypted using IPSec. This makes it harder for traditional firewalls to inspect and secure the traffic in the same way.

To address this, a new function called IPUPS was introduced in the 5G standard. It helps secure user data but works differently—it doesnot allow the same kind of visibility as the old firewalls. This is fine in a pure 5G network, but it becomes tricky when 4G and 5G are combined in one system, especially when users move between the two (a process called handover). 

This research internship will explore how to combine the old and new approaches to security in a way that works smoothly in a mixed 4G/5G network. The goal is to understand the challenges and propose solutions that ensure both security and performance.

Objectives

1. Analyze the architectural and security differences between legacy GTP-Firewalls and the 5G IPUPS function.

2. Investigate the implications of HTTP/2-based CP and IPSec-protected UP on traffic inspection and security enforcement.

3. Design a hybrid model that enables secure and efficient CP and UP handling in a 4G/5G Combo Core.

4. Evaluate the model in terms of:
• Handover performance (4G <-> 5G)
• Security (visibility, integrity, confidentiality)
• Operability and maintainability

5. Compare the hybrid modes with standalone 5G and legacy 4G implementations.

Prerequisites

5G is the latest generation of mobile networks, offering high data rates, ultra-low latency, and support for a wide range of applications. A key component of the 5G Core is the Security Edge Protection Proxy (SEPP), which ensures secure communication between Public Land Mobile Networks (PLMNs) in roaming scenarios.

To secure the control plane traffic between SEPPs, 3GPP defines the N32 interface, which is split into two parts: N32-c (for capability negotiation) and N32-f (for control message forwarding). While N32-c is secured using end-to-end Transport Layer Security (TLS), N32-f can either use TLS or a new protocol called PRotocol for N32 INterconnect Security (PRINS).

PRINS is designed to provide application-layer security using the Javascript Object Signing and Encryption (JOSE) framework, while still allowing intermediate IP Exchange Network (IPX) providers to route messages. This hybrid approach introduces new security challenges, especially in the presence of potentially untrusted intermediaries.

This thesis aims to conduct a formal security analysis of the PRINS protocol using the Tamarin Prover, a state-of-the-art tool for symbolic protocol verification. The goal is to model PRINS, define its security goals (e.g., confidentiality, integrity, authentication), and verify whether these goals are met under realistic threat models.

Objectives:

1. Study the PRINS protocol as defined in 3GPP specifications (e.g.,TS 29.573 and TS 33.501).
2. Model the protocol in Tamarin, including key exchange, message protection, and verification steps.
3. Define formal security properties, such as secrecy, authentication, and replay protection.
4. Analyze the protocol under different attacker models (e.g., compromised IPX, key leakage).
5. Compare PRINS with TLS-based N32-f in terms of formal guarantees.
6. Optionally, extend the model to include protocol variants or optimizations.

Prerequisites

With the rise of Industry 4.0, industrial networks require not only low-latency and deterministic communication but also robust and integrated security solutions. Time-Sensitive Networking (TSN) provides a suite of standards that enable precise timing and predictable communication over Ethernet, which is critical for real-time industrial protocols like PROFINET and OPC UA Pub/Sub. However, integrating advanced security features into these protocols while maintaining real-time performance presents a significant challenge.

This thesis aims to investigate and optimize secure communication for these industrial protocols over TSN-enabled Linux systems. The evaluation will be conducted using the open-source Real-Time Communication (RTC) testbench, allowing reproducible measurements of key performance metrics under different system and hardware configurations.

Objectives:

• Implement secure communication features (e.g., encryption and authentication) for PROFINET and OPC UA Pub/Sub protocols with TSN support on a Linux platform.
• Evaluate the performance metrics such as jitter, cycle times, throughput, and latency, alongside security measures, using an RTC testbench.
• Test and optimize these metrics across different hardware configurations, including NICs and CPUs.
• Identify best practices and configurations for achieving optimal network performance and security. 

Testing and Evaluation:

• Utilize the RTC testbench to simulate network conditions and measure performance metrics, including security overhead.
• Conduct experiments with and without encryption to assess the impact on jitter, latency, cycle times, and throughput.
• Perform tests across different hardware setups, varying NICs, TPM and CPUs to evaluate their impact on network performance and security.
• Analyze data collected from the RTC testbench to validate the effectiveness of the implemented solutions.

The deployment of User Plane Function (UPF) at the network edge—commonly referred to as Edge-UPF—is gaining attention in the context of 5G networks, particularly for its potential to reduce latency and improve data handling efficiency. This thesis focuses on evaluating the performance and security aspects of Edge-UPF solutions, specifically within a roaming use case where user traffic traverses between different network operators.

A key aspect of the investigation is the trade-off between user plane latency, which affects data throughput and responsiveness, and control plane latency, which influences session setup and mobility management. Understanding this balance is especially relevant in roaming scenarios, where control signaling may remain centralized while user data is offloaded closer to the edge.

The practical part of the thesis is based on a testbed setup using Open5GS as the core network implementation and UERANSIM as the simulated radio access network. These tools enable controlled experiments to measure performance metrics such as latency, throughput, and resource usage under different deployment configurations. Basic security considerations related to edge deployment are also discussed.

The goal of this work is to provide a clear and structured evaluation of Edge-UPF behavior in a roaming context, contributing to a better understanding of its practical implications and limitations.

The introduction of 5G technology is transforming the telecommunications industry, offering enhanced connectivity and supporting advanced use cases such as IoT, ultra-reliable low-latency communications, and enhanced mobile broadband. 

A key challenge in this ecosystem is enabling seamless 5G roaming between different mobile network operators (MNOs) across borders, which requires reliable interconnection via IP eXchange (IPX) networks.

This research internship aims to explore the feasibility of using Mininet, a network emulation tool, in conjunction with Open5GS, an open-source 5G core network implementation, to simulate basic IPX functionalities for supporting 5G Standalone (SA) roaming use cases. 

The focus will be on setting up the system, adding support for needed protocols and integrating the Mininet-IPX-setup into the current LKN 5G Roaming Testbed.

Prerequisites

5G is the newest generation of mobile networks allowing for higher data-rates, lower latency and many new features like network slicing. Its central element is the 5G Core, which is a network of specialised Network Functions (NFs). Roaming allows subscribers to connect to the internet via other network operator’s networks if they have a roaming agreement. We are looking for a student to help implement and maintain a 5G Roaming testbed. At first, that is planned as an open source testbed leveraging Open5GS. Later, the plan is to connect this open source testbed to the LKN campus network.

This working student position may run parallel to Master Theses with more focused implementation and evaluation works. The working student is welcome to follow up on this work with his/ her own research internship or Master’s thesis.

Objectives

The primary objective of this work is to help implement and maintain a 5G Roaming testbed. This testbed shall then be used for investigation of security mechansims and performance measurements. Those are not the main job of the student, but the student is supposed to help.

1. Work into 5G Roaming

2. Implement missing Roaming functionalities into Open5GS

3. Maintain Roaming Testbed

4. Connect open source 5G Roaming testbed with Campus Network (once possible)

5. Aid in security investigations

6. Aid in performance measurements

7. Potentially add other NFs later

Prerequisites