Shen Changxiang: How does network security respond to new challenges?

Recently, at the 5G Security and Development Forum launched by the 8th Internet Security Conference, Shen Changxiang, an academician of the Chinese Academy of Engineering, delivered a speech, discussing the essence of network security in the new infrastructure era and how to build a strong network security defense line.

As a national economic development strategy, new infrastructure is showing strong momentum, but it also poses more severe challenges to network security. We must actively respond to the hegemonic threat of monopolizing cyberspace and build a strong cybersecurity defense line.


Establish a safe and credible network security concept

Cyberspace has become the fifth largest sovereign space after land, sea, and air. “Without cybersecurity, there is no national security.” Building a cybersecurity defense is our historical mission.

On May 12, 2017, the EternalBlue ransomware took one day to paralyze the education and health systems of more than 150 countries around the world.

In 2018, the world’s largest integrated circuit manufacturer TSMC’s three bases in Taipei, Taitung, and Tainan were invaded by the ransomware virus and shut down, losing more than one billion US dollars a day.

We must promote safe and credible network products and services, and accelerate the promotion and application of safe and credible products in accordance with the national cybersecurity space strategy. According to the network security level protection system 2.0 standard, comprehensively promote safe and reliable products to ensure the security of critical infrastructure.


Recognize the essence of network security and resolve network security risks

At present, some hostile forces are disrupting society and undermining national stability through cyber violence. We have some vulnerabilities in these areas. We must reduce the threat of cyberspace in order to improve security.

It is impossible for all the security systems in the world to contain all the logic, so there is still the defect of incomplete logic. Attackers use logic flaws to seize loopholes for profit, so security is an eternal proposition.

We need to build a new protection system of active immunity, complete the computing goals in the active field, and ensure that the logical combination of computing tasks is not tampered with or destroyed, so as to achieve correct computing.

The new protection system of active immunity has the following characteristics:

(1) A new mode of computing simultaneous security protection

Active immune trusted computing is a new computing mode that performs security protection while computing. Using passwords as gene antibodies to realize functions such as identity recognition, state measurement, and confidential storage, and to identify “self” and “non-self” components in a timely manner, is equivalent to cultivating immunity for network information systems.

(2) Dual architecture composed of computing components + protective components

This structure breaks von Neumann’s single-architecture, adds a trusted cryptographic module, a trusted control platform TPCM, etc., forming a typical immune system.

(3) Active immune triple protection architecture supported by the Trusted Security Management Center

The triple protection architecture is the same as the protection against the new coronary pneumonia virus. First of all, we must ensure human safety and office security. Office security is equivalent to the security of the computing environment. Secondly, we must ensure the security of the border, which is equivalent to the inspection of the building and the community to control the safety of people’s movements and prevent the virus from spreading everywhere.

In addition, the security department of a unit is equivalent to the resource management center of the system, which is used to ensure that information is not leaked. Therefore, in the trusted network communication, the security management center is very important, and it is necessary to build a triple protection architecture of computing environment, regional boundary and communication network under the support of the security management center.

(4) Four elements of human-computer trusted interaction

In the network security environment, the trustworthiness of human-computer interaction is the source and prerequisite for the development of new infrastructure such as 5G and data centers. Correct the traditional access control policy model to only operate based on the authorization identity attribute.

(5) Credible facilities composed of five links

To strengthen the security management and control of the entire infrastructure, it is necessary to use technologies such as trusted passwords, and measures such as detection, early warning, and recovery to ensure that the five links in the facility, including architecture, operational behavior, data storage, policy management, and resource allocation, are secure and credible.

Based on the credible management and control of the above five links, it can finally be achieved that unauthorized persons cannot obtain important information, the system and information cannot be changed, the attack behavior cannot be destroyed, the attacker cannot enter, the stealing confidential information cannot be understood, and the system work is paralyzed. The protective effect of the “six nos” that cannot be achieved.


Implement the hierarchical protection system to build a strong network security line of defense

The new standard of hierarchical protection is to add cloud computing, mobile Internet, Internet of Things, and public systems to it, and use trusted computing as the core technology for security protection.

The first-level protection is that the basic software operating system BUS firmware cannot be tampered with;

Secondary protection is that the application cannot be tampered with;

The third-level protection is real-time measurement and real-time monitoring. During the implementation process, important points must be credibly verified, not tampered with, and no abnormal situation should occur, and timely alerts should be sent to the management center in time;

The four-level protection is intelligent control. All the main computing nodes must be verified, and dynamic correlation perception will be performed to form a real-time situation. It is very important to solve the problem that situational awareness is now an afterthought.

At present, the world is very concerned about the development of 5G. The United States uses 5G security as an excuse to curb Huawei’s development.

We do pay attention to 5G security, and it must be tied to the level of protection 2.0. Cloudization, virtualization, software-based slicing, and edge computing of network functions are all technological applications of new computing, which will make the network more flexible and secure.

We need to build credible 5G in accordance with the level protection 2.0 standard. We must use a “trusted” method to solve the problem of base stations, so as to solve the security problem of 5G development. In addition, we must work hard to withstand the pressure from the international blockade, develop 5G healthily, and build a cyberspace security system.


Author: Yoyokuo