Workshops Telecommunications PQC Migration for 5G Signalling...
Telecommunications Full Day Workshop

PQC Migration for 5G Signalling and Authentication Protocols

This workshop maps the quantum cryptographic exposure across the 5G protocol stack and builds a network function-specific migration plan for your SA or NSA deployment.

Full day (6 hours + Q&A)
In person or online
Max 30 delegates
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

For 5G core network architects, RAN security engineers, and 3GPP SA3 participants. This session works through the cryptographic primitives embedded in the 5G signalling and authentication stack, identifies which are vulnerable to quantum attack, and builds a prioritised migration plan for each affected network function.

5G-AKA relies on ECIES for SUPI concealment (Profile A uses Curve25519, Profile B uses secp256r1). Both are broken by a sufficiently capable quantum computer running Shor's algorithm. The N32 interface between SEPPs uses TLS 1.3 with ECDHE key exchange. The SBA service mesh authenticates NF-to-NF communication with TLS mutual authentication. GTP-U tunnels on N3/N9 interfaces may use IPsec with DH key exchange. Every one of these cryptographic dependencies requires a migration path. 3GPP SA3 is studying this in TR 33.875, GSMA has published FS.40 on PQC migration for telecom, and NIST finalised ML-KEM (FIPS 203) and ML-DSA (FIPS 204) in August 2024. This workshop connects those standards to the specific network functions in your deployment and produces an actionable migration sequence.

What participants cover

  • 5G-AKA authentication chain analysis: trace the cryptographic primitives from UE through SEAF, AUSF, and UDM and identify quantum-vulnerable steps
  • SUPI/SUCI exposure: evaluate ECIES Profile A and B under quantum threat and assess ML-KEM as a replacement with backward compatibility constraints
  • N32 and SBA interface mapping: catalogue TLS profiles, cipher suites, and certificate chains across inter-PLMN and intra-PLMN signalling
  • Standards alignment: map 3GPP TR 33.875, GSMA FS.40, and NIST FIPS 203/204/205 requirements to your network architecture
  • Network function migration sequencing: determine upgrade order (UDM/AUSF, SEPP, UPF) based on cryptographic criticality and vendor readiness
  • Hybrid deployment: design composite certificate strategies (ML-DSA + ECDSA) that maintain interoperability with non-upgraded roaming partners and legacy UEs

Preliminary Agenda

Full day workshop structure with scheduled breaks. Content is configurable to your network architecture (SA, NSA, or private 5G), vendor environment, and regulatory jurisdiction.

# Session Topics
1 5G Security Architecture and Quantum Exposure Where cryptography sits in the 5G protocol stack
  • 5G-AKA authentication flow: UE, SEAF, AUSF, UDM and the cryptographic primitives at each step
  • SUPI concealment via SUCI: ECIES on Profile A (Curve25519) and Profile B (secp256r1) as quantum-vulnerable targets
  • NAS and RRC layer encryption and integrity (NEA/NIA algorithms) and their post-quantum exposure
2 5G Interface Cryptographic Dependencies Protocol-level exposure mapping across the 5G core and RAN
  • N32 interface: PRINS and TLS profiles between SEPPs for inter-PLMN signalling
  • SBA service mesh: TLS 1.3 mutual authentication across NFs (AMF, SMF, PCF, UPF)
  • N3/N9 user plane: GTP-U with IPsec and the implications of quantum key compromise for data in transit
Break, after 50 min
3 Standards Landscape: 3GPP, GSMA, ETSI, and NIST Current and forthcoming requirements for quantum-safe 5G
  • 3GPP SA3 TR 33.875: Study on post-quantum cryptography for 5G and implications for Release 19/20
  • GSMA FS.40 (PQC migration guidelines) and FS.49 (quantum-safe GBA) applicability to MNO networks
  • NIST FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA), and draft FIPS 206 (FN-DSA): algorithm properties and selection criteria for telecom use cases
4 Interactive Demonstration Facilitator-led analysis of a reference 5G core architecture
  • Cryptographic inventory scan: mapping algorithm usage across a reference 5G SA deployment (AUSF, UDM, SEPP, UPF)
  • SUCI encryption migration impact analysis: ML-KEM substitution for ECIES and backward compatibility with Release 15/16 UEs
  • Hybrid certificate design for N32 SEPP-to-SEPP authentication using composite ML-DSA + ECDSA
Break, after 90 min
5 Migration Sequencing for 5G Network Functions Which functions migrate first and why
  • Priority sequencing: UDM/AUSF (authentication chain) before SEPP (roaming) before UPF (user plane)
  • Backward compatibility: supporting pre-quantum UEs during hybrid transition periods
  • Roaming partner interoperability: coordinating PQC adoption across interconnect boundaries with non-upgraded PLMNs
6 Operator Case Studies and Vendor Readiness Early movers and lessons from 5G PQC trials
  • Vodafone/IBM quantum-safe IPsec trial on 5G transport and lessons for production deployment
  • SK Telecom quantum key distribution integration with 5G core and the QKD versus PQC trade-off
  • Vendor readiness: Ericsson, Nokia, Huawei, Samsung RAN and core product roadmaps for PQC support
7 Q&A and Migration Roadmap Planning Building your organisation-specific PQC timeline

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and telecommunications systems.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

TE

Telecommunications Partners

5G security architecture and operational validation

5G workshops are co-delivered with sector specialists who bring direct operational experience in mobile network security, 3GPP standards development, and 5G core network deployment. This ensures content is grounded in the protocol-level realities of production 5G networks.

Commission This Workshop

Sessions are configured around your 5G network architecture (SA, NSA, or private), vendor environment, deployed releases, and roaming partner landscape. Get in touch to discuss requirements and schedule a date.

Contact Us
Telecommunications Workshops All Consulting Services All Workshops