Manualshelf

User's Manual

ManualsBrandsAirspan Networks ManualsElectronicsLTE Mobile Digital Station
11121314151617181920
AirUnity 545 eNB 2.5GHz (B41) User Guide
UGD-D01127 Airspan Commercial and Internal Use 16
3 Hardware Security
3.1 Factory Generation of Device Key
Each device has a private key and associated certificate which is used to authenticate itself when
initiating communications. This private key is generated in the factory, and so is the corresponding
vendor certificate. This capability necessary in order to support large scale plug and play
deployments.
This device key is stored on the AirUnity 545 to allow it to authenticate to the network. If the private
key is compromised, then the device can be masqueraded by an attacker towards the operator’s core
network. Therefore, it is stored in an encrypted form.
In later releases a device-specific key will be introduced, this is a random number blown into on-SoC
eFuses during manufacture. This offers two points of additional protection namely: the key is not
discoverable by decompiling the code (an attacker will need to run code on the device in order to read
the eFuses); and the key can only be used to obtain the private key of a single device (because each
encryption key is unique).
3.2 Protected SIMs
The design of the systems provides the option to solder an embedded SIM to the board instead of
using a removable SIM; this removes the temptation to steal the SIM. Additionally, the operator can
ensure that these SIMs can only be used with the Relay APN, which would make them unusable with
an ordinary mobile phone (because relay traffic uses nested GTP-U tunnels).
3.3 Unused Port Security
Unused interfaces on the SoCs within AirUnity 545 are protected against attack by ensuring that the
corresponding pins are not connected to tracks on the circuit board. In addition to this hardware
protection the device drivers within the SoCs which service these ports are disabled.
3.4 Tamper Detection
Simple tamper detection is provided in AirUnity 545 by the use of tamper-evident labels.
Hardware Ready for Secure Boot
The SoCs within the AirUnity 545 unit supports secure boot. This is to be enabled by a software
download in a later release. Enabling secure boot ensures that only trusted software will run on the
SoCs internal to AirUnity 545.