In today’s 5G/6G systems, there are several use cases that require more robust security demands than prior generations. Some of the use cases are:
- To offer efficient roaming and multiple Mobile Virtual Network Operator (MVNO) integrations sharing the same physical network, operators routinely run 3rd party applications to support roaming, billing and for other local govt. compliance reasons.
- Base stations (BSs) periodically broadcast information about the network in System Information (SI) messages, and in 5G these messages are not secure. This allows an attacker to spoof or tamper with SI messages by a rogue BS emitting high strength signals causing devices to connect via them and enabling various types of attacks, including DNS-redirection, denial-of-service (DoS), location tracking and activity monitoring.
- 5G/6G adds connectivity for billions of IoT devices. but device behavior is different from well-established human behavior causing many existing threat models to become irrelevant. In addition, the security of IoT devices is still poor with rare firmware updates, unmodified factory passwords and vast number of vulnerabilities making these devices easy targets for massive malware distribution potentially followed by DoS/DDoS/other attacks from compromised IoT devices; the service oriented SDN/NFV based 5G/6G network might not be able to survive such attacks.
All of the above security issues call for hardware-based security both for BSs and control plane entities deployed in the cloud. Such security must include Hardware Root-of-Trust (HROT), DICE-driven secure boot, Platform Firmware Resiliency (PFR), monitoring/filtering/enforcement of access to external flash(es) holding encrypted and verifiable boot images and system configurations, secure Board Management Controller (BMC), networking interfaces with integrated inline crypto and hardware firewalls for traffic filtering, Trusted Platform Module, edge/distributed Hardware Security Modules to ensure correct decisions even when connection to the cloud is limited.
Axiado TCU is well-positioned to respond to these challenges by integrating all required functions in a single System-on-Chip (SoC). TCU also has AI/ML engines that help operators derive behavior anomalies at a platform and/or cyber level. As there are 4 AI/ML engines, multiple models can be running on TCU simultaneously.