Academician of the Chinese Academy of Engineering Shen Changxiang: Trusted computing helps build the most secure line of cyber security
In 2016, the U.S. East Coast suffered the largest paralyzed area in the world with a distributed denial of service (DDoS) attack for more than 6 hours; the outbreak of the "WannaCry" ransomware virus that swept nearly 150 countries in 2017. Education, transportation , Medical, and energy networks have become the hardest hit in this round of attacks. In August 2018, TSMC was invaded by ransomware. Within a few hours, TSMC's three important production bases in Taiwan, China were shut down, causing an operating loss of about one billion US dollars ... This series of facts show that Cyber security has become a national security priority and is closely related to the interests of the public.
How to construct a solid network security defense line, Shen Changxiang, an academician of the Chinese Academy of Engineering, gave an explanation at the "2019 Network Security Trustworthy Summit". He said that cyberspace has become "ubiquitous, all-time, all-encompassing", and it is critical to establish active security-based trusted policy management and control based on trusted computing.
Cyberspace threats escalate in China
Cyberspace is not only a virtual world with computers as its main terminal, it is rapidly merging with physical space and real space, and is closely related to all the interests of the public. Cyberspace symbolizes property wealth, is our country's infrastructure, and is inseparable from our national sovereignty. The cyberspace security may face great threats at any time, it is profitable, and there is a risk of being attacked in all directions. On the one hand, because cyberspace itself is relatively fragile, and weak offensive and defensive concepts lead to computational science problems in cyberspace; the lack of protective components makes the cyberspace architecture have certain defects; on the other hand, it is due to the lack of active, effective, and innovative upgrades Security protection services, the computing model itself is vulnerable to attack.
Shen Changxiang said that because designing an IT system cannot exhaust all logical combinations, there must be defects in logic, and hackers can easily use defect mining to attack. Therefore, we must implement active immunity to build a network security space to ensure that the logical combination of computing tasks is not tampered with and destroyed, and implement correct calculations.
In Shen Changxiang's view, the traditional "blocking and killing" is outdated. Anti-virus, firewall, and intrusion detection are basically incapable of coping with man-made attacks.
At the national level, a series of policies and regulations have been issued to cope with cyberspace that is difficult to manage and dimensionally upgraded. The Cyber Security Law, which has been implemented since 2017, stipulates that the people's governments of the State Council, provinces, autonomous regions, and municipalities directly under the Central Government should coordinate planning, increase investment, support key cyber security technology industries and projects, and support research and development and application of cyber security technology. Promote safe and trusted network products and services, protect the intellectual property rights of network technology, and support enterprises, research institutions and colleges and universities to participate in national network security technology innovation projects. "National Cyberspace Security Strategy" also puts forward the strategic task of "consolidating the foundation of cybersecurity", once again emphasizing the need to make breakthroughs in core technologies as soon as possible and accelerate the promotion and application of secure and trusted products.
Building Cyber Security with Active Immune Trusted Computing
Active immune trusted computing refers to security protection while computing operations, using passwords as genes for identity identification, status measurement, storage and other functions to identify "self" and "non-self" components in a timely manner, thereby destroying and rejecting entry into the system Harmful substances, which is equivalent to fostering immunity for network information systems.
Shen Changxiang said that the dual-architecture of secure and trusted computing nodes is based on a trusted cryptographic module, which connects computing components and protective components, and establishes a three-layer protection architecture of active immunity to achieve "guard rooms", "secure rooms" and "monitoring The "room" cooperates with security management, making it impossible for attackers to get in, unauthorized people not to get it, people who steal the confidential information can't read it, people who tamper with the system information can't change it, and the attack behavior cannot be depended on. Based on this, attacking viruses such as "WannaCry, Mirai, Dark Force, Zhennet, and Heart Blood" extinguished themselves without killing.
Shen Changxiang said: "In 2017, the day before the Belt and Road Summit was held in China, the 'Eternal Blue' ransomware swept 150 countries and regions around the world in one day. The time of crisis is our own initiative and credibility. The computer has withstood. The 42 channel programs broadcast by CCTV provide Chinese, English, Spanish, French, Russian, Arabic and other language TV programs to the world. In a environment that cannot be physically isolated from the Internet, it has established credible, accessible A controlled and manageable network production and broadcasting environment has withstood the attack of viruses and successfully completed the safeguard mission of the Belt and Road World Summit. "
Network trusted authentication also needs legal compliance
As the core content of the network credibility system and the primary player in ensuring network security, credible verification and management can ensure the authenticity of the identity of network activity personnel, and is also the prerequisite and support for network security certification. There are both strong legal support and Thanks to the promotion of emerging information technologies. From a legal perspective, Article 24 of the National Security Law stipulates that the state implements a network trusted identity strategy, supports research and development of secure and convenient electronic identity authentication technologies, and promotes mutual recognition between different electronic identity authentications. From the perspective of technical support, artificial intelligence-based face recognition and fingerprint voiceprint identification biometric verification technologies have effectively solved the problem of identity information confirmation. "However, if the ethics of artificial intelligence is not properly grasped, new security problems will easily arise. San Francisco in the United States has legislated to ban the use of face recognition technology in 53 departments in the city." Shen Changxiang said.
Based on this, Shen Changxiang said that the credible verification of network identity should adhere to the principle of "three data and four nos", that is, the basis for law enforcement, the basis for authentication, the evidence for tracking, and the identity privacy of the entity does not threaten and does not change the existing authentication The agreement process does not affect the security of the national legal certificate system, and does not rebuild the basic information platform of the national legal certificate authentication system. The technology has been applied in pilot applications in more than 140 units in nine major industries, including government affairs, transportation, medical care, and justice, and has achieved significant results.
"I believe that China's trusted computing innovation in the future will certainly be able to move with the times." Shen Changxiang said excitedly.
Editor-in-chief: Qi Xu