Learn about the primary challenges in securing cloud data centers and 5G networks against cyberattacks, including the targeting of BMCs by cybercriminals.
Introduction:
As President and CEO at Axiado, please share your background in AI-enabled hardware security.
As the President and CEO of Axiado, my journey in AI-enabled hardware security has been both challenging and exhilarating. Over the past four years, I’ve leveraged my extensive experience from IDT, Marvell and Qualcomm to drive innovation in this field. My background in the wired and wireless networking industry has been crucial in understanding and advancing these technologies.
I’m often referred to as a ‘thrill-seeking CEO,’ a title that reflects my love for extreme sports like skydiving and bungee jumping, as well as other active sports like basketball and cricket. These activities are more than hobbies for me; they symbolize my approach to business—taking calculated risks, embracing challenges, pushing my limits and constantly striving for excellence.
One of the most exciting technology developments I’ve witnessed in my career is the advent of generative AI. I believe it’s the most significant innovation since the smartphone, with the potential to revolutionize various sectors.
What inspired you to lead Axiado in addressing security challenges in cloud data centres and 5G networks?
In this rapidly evolving threat landscape, Axiado saw an opportunity to provide a new approach to cybersecurity and embarked on a mission to conceive a solution that would fortify existing security frameworks. This solution is designed to be reliable, self-learning, self-defending, AI-driven, and fundamentally anchored within hardware. This ambitious vision ultimately gave birth to the concept of trusted compute/control units (TCUs), a meticulously crafted solution designed from inception to deliver comprehensive security for data center control and management ports.
Overview:
Can you provide an overview of AI-enabled hardware security against ransomware, supply chain, side-channel attacks, and other threats in cloud data centres and 5G networks?
According to IBM Security’s most recent annual Cost of a Data Breach Report, the average cost of a data breach reached a record high of $4.45 million in 2023. The report concluded that AI technology had the greatest impact on accelerating the speed of breach identification and containment. In fact, organizations that fully deployed AI cybersecurity approaches typically experienced 108-day shorter data breach lifecycles and significantly lower incident costs (on average, nearly $1.8 million lower) compared to organizations without AI these technologies.
The ability of a hardware-anchored, AI-driven security platform to continuously monitor and perform run-time attestation of cloud containers, platform operating systems, and firmware creates efficiencies that help reduce time spent investigating potential threats. A hardware solution that integrates AI into a chip can analyze behaviors and CPU usage. This enables it to immediately investigate anomalies in user activity. With this approach, networks can no longer be infiltrated because of software vulnerabilities or porous firmware. AI technology enables heterogeneous platforms that include root-of-trust (RoT) and baseboard management controllers (BMCs) to offer hierarchy and security manageability. By deterring cybercrime at the hardware level, the industry can finally address the long-standing shortfalls of online security.
How does Axiado contribute to AI-driven hardware security in these environments?
Axiado TCUs harness the power of intelligent, on-chip AI to thoroughly scrutinize access sessions, detect anomalies, and monitor the boot process for potential side-channel attacks. These side-channel attacks encompass subtleties like voltage glitches and thermal anomalies. TCUs respond promptly to identify and neutralize these insidious threats. Furthermore, TCUs have been trained to recognize behavior patterns that are emblematic of known ransomware attacks, a capability honed through the analysis of hardware traces. This pattern recognition enables TCUs to promptly detect and thwart ransomware attacks in real-time, mitigating the potential damage.
Challenges:
What are the primary challenges in securing cloud data centers and 5G networks against cyberattacks?
Cybercriminals often target BMCs to execute their schemes to steal data for ransom, implant malicious code that can cause users to reveal passwords and other sensitive data, or bring down an entire network to cause chaotic service disruptions. These vulnerabilities usually emerge when a third-party program or firmware is installed in a device that allows arbitrary read and write access to a BMC’s physical address. The BMC is a key target for cybercriminals because it is the first processor to run on a server, even before a main processor like the CPU and GPU. As such, hacking the BMC’s firmware can affect every other firmware or software application that runs after it.
In some instances, cybercriminals resort to physical breaches to execute inside-out assaults, further compounding the complexity of the security landscape. In all these scenarios, the adversary gains ingress into the system through some form of credential compromise, whether it is through the act of clicking on malicious links or the loss of credentials.
Can you explain the challenges of side-channel attacks and how AI hardware security solutions address them?
Next-generation networks, particularly in the case of dispersed 5G cellular base stations, often lack the physical security that servers enjoy, making them vulnerable to side-channel attacks aimed at extracting cryptographic keys and protecting sensitive user data. By implementing an on-board TCU solution, specifically tailored for 5G base stations, the network gains enhanced protection against power analysis, voltage glitching, and clock manipulation attacks. Axiado offers the advantages of a security offload card while allowing for additional customization beyond module interface standards.
Innovation:
What innovative solutions has Axiado developed for AI-enabled hardware security in these networks?
Our TCUs introduce a new category of forensic-enabled cybersecurity processors, providing real-time and proactive AI-based threat detection. Multiple cores of AI engines inside the TCUs are specifically trained for each functional model, including sensor/telematics data analysis and reported ransomware attacks. This enables continuous monitoring, detection, prediction, and interception of attacks in real-time. The TCUs offer runtime protection, automation, and advanced mitigation capabilities using AI algorithms. Additionally, the TCUs feature distributed hardware security managers with anti-tamper and anti-counterfeit measures, control/management plane SmartNIC network interfaces, and safeguards against side-channel attacks.
By integrating AI-driven real-time threat mitigation, hardware fingerprints, platform monitoring, and optimization through AI and machine learning, Axiado’s TCUs contribute to creating a safer and more secure digital infrastructure.
How is the intersection of AI and hardware security evolving to counter emerging cyber threats?
Hardware-based detection involves specialized hardware devices that monitor system behavior and detect signs of an attack by monitoring CPU usage, disk activity, and network traffic. Network packet behavior anomaly detection involves monitoring network traffic and analyzing packets to identify unusual patterns or behaviors that may indicate an attack. Hardware-based anomaly detection enables system administrators to detect and prevent ransomware attacks before they cause significant damage.
CPU performance monitor counters detect attacks by identifying unusual CPU usage and identify unusual patterns so system administrators can forestall damage. AI engines significantly enhance detection by identifying advanced attack patterns that traditional techniques may not detect. Analyzing large amounts of data and identifying subtle patterns are an integral attribute of AI-based hardware security.
Individual perspective
Gopi, can you share your perspective on the direction and lasting impact of AI-enabled hardware security in the cybersecurity landscape.?
Enterprises still face downtime, productivity loss, and the need to rebuild systems, albeit at a reduced cost. To combat these limitations, I believe the industry must augment hardware itself with intelligence and forensics capabilities.
By incorporating monitoring software and AI-driven attack prevention directly into the hardware, we can reimagine the solution to complement and enhance software-based ransomware detection. This approach can extend to various security functions assigned to the motherboard, such as the baseboard management controller, hardware RoT, trusted platform module, programmable FPGA/CPLD, and management LAN. By tailoring the solution to different server types, we can better align with the unique needs and security requirements of cloud data centers and 5G networks.
Final Thoughts:
As we wrap up this interview, what’s your final message on the future of AI-enabled hardware security for cloud data centres and 5G networks?
The threat of ransomware attacks continues to loom, and relying solely on traditional methods is no longer sufficient. We have the opportunity to take a significant step forward by embracing modular security solutions and integrating hardware-anchored, AI-driven security with software intelligence and forensics. This approach can limit the impact of ransomware attacks and reduce the costs associated with system replacement.
Through innovation and collaborations with industry stakeholders, engineers can proactively protect data centers and 5G networks against the latest cyber threats. By doing so, we ensure the security and integrity of critical information.
Gopi Sirineni
President and CEO of Axiado
Gopi Sirineni is President and CEO of Axiado, a semiconductor company deploying a novel, AI-driven approach to platform security against ransomware, supply chain, side-channel and other cyberattacks. He is a Silicon Valley veteran with more than 25 years of experience in the semiconductor, software and systems industries. Priorto Axiado, Gopi was a vice president of Qualcomm’s Wired/Wireless Infrastructure, creating a market-dominating Wi-Fi and Wi-Fi SON technologies. His career highlights include executive positions at Marvell, AppliedMicro, Cloud Grapes, and Ubicom (acq. by Qualcomm). Gopi’s pioneering foresight into distributed mesh technology created the connected, AI-based home market segment.