机构地区:[1]上海交通大学电子信息与电气工程学院,上海200240 [2]中国信息安全测评中心,北京100085
出 处:《网络与信息安全学报》2023年第6期1-19,共19页Chinese Journal of Network and Information Security
基 金:国家自然科学基金(62202303,U20B2048);上海市扬帆计划项目(21YF1421700);国防基础科研项目(JCKY2020604B004)。
摘 要:随着5G/6G、人工智能、区块链等新型技术在各领域的深度融合发展,以高速率全时段信号覆盖、智能化精细化城市管理以及深空深海科学创新实验场为代表的新型关键基础设施建设迈进新阶段。作为保障国家信息、融合、创新基础设施安全的关键技术资源,密码应用安全性评估亟须深入数据生命周期内构建全方位、细粒度、自演进的密码安全性评估体系。结合近年来能源、医疗、交通等行业新型关键基础设施面临的典型APT攻击、勒索病毒攻击等,重点分析了在防范内生数据安全风险、实现差异化隐私保护、支撑可认证攻击溯源等新业态需求下日益增长的密码应用安全性评估需求。分析了新型信息基础设施(包括大数据、5G通信、基础软件等)、融合基础设施(包括智能网联汽车、智能网联工业控制系统等)、创新基础设施(包括大数据、人工智能、区块链等)给密码应用安全性评估带来的新挑战,阐述了部署在高性能计算芯片、超高速通信模组、大容量存储介质上的国产密码算法与协议对密码应用安全性评估技术的新要求。对发展自动化、智能化密码应用安全性评估技术进行了展望。The construction of new critical infrastructure,represented by high-speed full-time signal coverage,intelligent and fine-grained urban management,and deep space and deep sea scientific innovation experimental fields,has entered a new stage with the deep integration and development of new technologies such as 5G/6G,artificial intelligence,and blockchain in various fields.The security evaluation of cryptography applications,as a key technological resource for ensuring the security of national information,integration,and innovation infrastructure,has risen to the level of international law and national development strategy.It is urgent to construct a comprehensive,fine-grained,and self-evolving cryptography security evaluation system throughout the data lifecycle.The typical APT attacks and ransomware attacks faced by new critical infrastructure in industries such as energy,medicine,and transportation in recent years were considered.And then the growing demand for security evaluation of cryptography applications was analyzed in the face of new business requirements such as preventing endogenous data security risks,achieving differentiated privacy protection,and supporting authenticated attack traceability.The new challenges were also examined,which were brought by new information infrastructure(including big data,5G communication,fundamental software,etc.),integration infrastructure(including intelligent connected vehicles,intelligent connected industrial control systems,etc.),and innovation infrastructure(including big data,artificial intelligence,blockchain,etc.)to the security evaluation of cryptography applications.Furthermore,the new requirements were revealed about domestically produced cryptography algorithms and protocols deployed on high-performance computing chips,ultra-high-speed communication modules,and large-capacity storage media for cryptography application security evaluation technology.Finally,the development of automated and intelligent cryptography application security evaluation technology was e
关 键 词:新型关键基础设施 APT攻击 密码应用 安全性评估 国产化 智能化
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
