面向6G网络的内生安全架构和关键技术思考  被引量：1

作　　者：吴建军[1] 孙黎 王东晖[1] 严学强 刘斐[1] 赵明宇 俱莹 路献辉[3] 任婧 吴越[5] 沈军[6] 吴桦 汪广超 Jianjun WU;Li SUN;Donghui WANG;Xueqiang YAN;Fei LIU;Mingyu ZHAO;Ying JU;Xianhui LU;Jing REN;Yue WU;Jun SHEN;Ye WU;Guangchao WANG(Huawei Technologies Co.,Ltd.,Shenzhen 518129,China;Institute of Information Engineering,Xidian University,Xi’an 710126,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100085,China;Peng Cheng Laboratory,Shenzhen 518055,China;School of Electronic Information and Electrical Engineering,Shanghai Jiao Tong University,Shanghai 200240,China;Guangdong Research Institute of China Telecom Corporation Ltd.,Guangzhou 510660,China;School of Cyber Science and Engineering,Southeast University,Nanjing 210096,China;China Academy of Information and Communications Technology(CAICT),Beijing 100191,China)

机构地区：[1]华为技术有限公司,深圳518129 [2]西安电子科技大学信息工程学院,西安710126 [3]中国科学院信息工程研究所,北京100085 [4]鹏城实验室,深圳518055 [5]上海交通大学电子信息与电气工程学院,上海200240 [6]中国电信股份有限公司广东研究院,广州510660 [7]东南大学网络空间安全学院,南京210096 [8]中国信息通信研究院,北京100191

出　　处：《中国科学:信息科学》2024年第12期2881-2904,共24页Scientia Sinica(Informationis)

基　　金：国家重点研发计划(批准号:2020YFB1807500)资助项目。

摘　　要：强安全性是业界对6G网络发展的重要期望之一.本文首先分析了6G网络可能面临的安全问题,并将其归纳为内生安全问题和非内生安全问题两类.前者为6G新特性(例如:以智能服务和数据服务为代表的6G新业务场景,以开放协作、法律法规遵从为代表的6G新商业生态)引入的安全问题,后者主要包括6G之外的其他领域的技术进步(例如:人工智能、量子计算)带来的安全问题.其次,本文提出6G网络内生安全架构,通过定义可信引擎和安全能力单元两类安全组件承载6G网络所需的安全技术,支持安全的可持续演进和可灵活编排,实现安全架构和网络架构的灵活融合,力求统一解决内生和非内生的安全问题.基于所提架构,进而详细介绍6G网络安全技术.安全技术同样分为内生和非内生两类.前者主要指安全机制和通信网络不可解耦的物理层安全技术,对于这一类技术,本文在分析现有物理层安全机制局限性的基础上提出了“逼近一次一密”的概念,并从指标体系、实现架构、关键技术等方面做了系统阐述;后者主要指安全机制叠加于通信网络之上的安全技术,具体包括多种模式共存的信任体系及基于该信任体系的数字身份机制、应对未知威胁的主动安全防御技术、全局安全评估技术等.这些技术相互支撑,构成自感知、自运转、自演进的6G网络内生安全体系.Strong security is one of the industry's important expectations for the development of sixth-generation wireless(6G)networks.This study first analyzes the security problems that 6G networks may suffer and classifies them into two types:endogenous and nonendogenous security problems.The former are security issues introduced by new 6G features(such as 6G new service scenarios represented by intelligent services and data services,and 6G new business ecosystems represented by openness,collaboration,and compliance with laws and regulations).The latter mainly includes security issues caused by technological advances in other fields(such as artificial intelligence and quantum computing)except 6G.Next,this study proposes an inherent security architecture for 6G networks.Two types of security components are defined to carry the security technologies required by 6G networks,namely the“trusted engine”and“security capability”units,to support sustainable evolution and flexible orchestration of security and flexibly integrate the security architecture and network architecture.We strive to solve both endogenous and nonendogenous security problems in a unified manner.Based on the architecture proposed,we further detail the 6G network security technology.Security technologies are also classified as endogenous and nonendogenous.The former mainly refers to the physical layer security technology in which security mechanisms and communication networks cannot be decoupled.For this type of technology,we propose the concept of“approaching one-time pad”upon analyzing the limitations of the existing physical layer security mechanism.In addition,we systematically elaborate on aspects such as the index system,implementation architecture,and key technology.The latter mainly refers to the security technology in which the security mechanism is superimposed on the communication network,including trust systems with multiple modes,digital identity mechanisms based on trust systems,active security defense technologies against unknown t

关 键 词：6G 网络安全 内生安全架构 逼近一次一密 6G区块链 数字身份 多模信任 主动安全防御 安全评估 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]