CHAPTER FIVE
CPK Self-Assured Security

The emergence of network and database gave birth to the security policy. There are only two forms of information: that in flow and in storage. Network and database have the common characteristic, this is sharing. Therefore, security policy is to study the policy of protecting information under the condition of sharing.

There are two different forms of sharing: private and public. Different forms of sharing can have different security policies, such as: private database and private network belongs to administrative one to enforce mandatory control; public database and public network belongs to public one to enforce assurance control.

5.1 Formation of Assurance

Data sharing DB was born in 1970s, and Denning proposed security policy for access control: discretionary and mandatory. In U.S. Presidential Directive PDD63, the assurance policy is put forward the first time to replace the policy of discretionary. How to express in one word the meaning of “one's security is grasped and mastered by oneself” is not so easy. The policy was accurately translated into Chinese. Because control is nothing more than two kinds: “controlled by me or controlled by him”. But in China, the “assurance” is mistranslated as “guarantee”, which blured the originally clear concept, because the security can be guaranteed by others. In fact, one's security is decided by administrator for a long time. Consequently, the national security policy still stays in the era of LAN.

Self-assurance is proposed as security policy, but people have different understanding. They confuse the difference among self-assurance, China-made, sovereignty and right of speech. First, the self-assurance policy and China-made is no coherent two questions. We can't say that domestic car is safe while foreign car is unsafe. Second, the relation between self-assurance and sovereignty, also belongs to different category. Sovereignty is a territorial concept, refers to the power of ownership and jurisdiction, the characteristic is a boundary. So far, the sovereignty issue only has stayed in a political slogan, there has been no definition to Cyber space, no proof to the existence of sovereignty. But there is a consensus: Internet is boundless, and Internet is taken as a community of the human destiny. Sovereignty claim is equal to delimit the boundary. Is this progress or retrogression? Third, refers to the question of the right of voice. In the process of technology development, we have met the right of voice problem. In early 2000s, it was not difficult for us to develop the source address authentication system on the existing Internet router. In fact, we have successfully developed a real-name address with source address authentication, named IPv9. But it can not compatible with the current IPv4 and IPv6 without modification of the IP agreement. It would refer to the right of international discourse. The right is depended on the majority or share. The only shortcut to avoid this embarrassing situation is the independent and self assured virtual link. Virtual link which is constructed on the base of identity authentication is not only independent of communication, but also can make up for the security vulnerabilities of the Internet. For example, once an illegal intrusion happened in Internet, it can be found on the virtual link, and can be stopped. Thus, in 2012, we put forward a suggestion to construct a self-assured network system (Published in People's Daily for internal reference). In the commercial mechanism, we must comply with “the rules of the game”. If we want to master the right of speech, we have nothing to do but to increase the capital share or the technology stocks, and the basic way to increase the technology stocks lies in innovation.

The second explanation is a security control mechanism from technical sence. There's a saying: “My security is decided by me, my account should be managed by myself”, it generally depicts the meaning of self-assured control. So far, there has been two kinds of controlling form: one is the controlled by one's own will, the other is to execute the rules which are made by others. The former is called “discretionary” or “assurance”, the latter is called “mandatory”.

5.2 Components of Assurance

The cyber space includes communication systems, computer systems, trading systems, signal systems, etc. Different businesses have different security requirements and different assurance requirements.

Communication area: the main threat to security is illegal access. The receiver must first prove the sender's legitimacy, with evidence of the authenticity of the communication link, to prevent illegal access.

Software area: the main threat to security is the intrusion of various malicious software, and takes over system rights. All downloaded (uploaded) installed (executed) software codes must be certified of legality and verified of authenticity.

Trasaction area: the main threat to security is counterfeiting or replacing accounts. Both the payer's and the payee's accounts must be certified as legitimate and have authentic evidence.

Signal area: the main threat to security is replication attacks on signals. All incoming and outgoing information needs to be verified by the signal at this moment, with non-duplicating evidence.

Although different areas have different security threats and different means of prevention, they all have the same characteristics, namely, identity authentication. Therefore, identity authentication is the basis and core technology of assurance sicurity. Identity authentication not only provides the basic conditions for the construction of assurance security, but also triggers the research of virtual network system, gradually elevates the research of Cyber security from image logic to abstract logic, and forms the overall solution of cyber security.

5.3 Realization of Assuance

The problem of self-assurance refers to authentication theory and authentication logic. In entity authentication, an entity can be divided into two parts: the identity and its body. Identity is the name of the entity. Identity must meet the requirement of uniqueness, recognition, provability. The body is entity itself, and can be represented by its characteristics (physical, biological, logic). Identity authentication and body authentication are independent. In CPK authentication system, the logic of authentication is based on evidence, and all proving system is composed of evidence showing process and evidence verifying process. The authenticating processes provide discriminant basis for self-assurance control.

Assurance control is the purpose of information security to achieve, to ensure that my system is not controlled or used by others. The realization of assurance control is not easy, and it is also the key difficulty, because assurance control first needs to solve the problem of “friend identification” and implement the policy of “either yes or no”. The basis of “friend identification” is identity authentication.

Assurance policy is a generalized information security principle. The assurance policy should meet following requirments: First, the passive protection security should be changed into active management security, realizing “my security is my responsibility”. Second, the trusted system based on model reasoning should be changed into evidence-based verifiable system. Third, the login mechanism should be changed into spot authentication realizing “one thing one certification” to prevent the transfer of trust. Fourth, the remote password certification should be changed into “Proof-before-Event” to prevent illegal intervention in communications and the illegal implementation of malware.

5.4 Location of Assurance

In order to implement self-assurance policy, the active side must provide the evidences of authenticity first, and allows the passive side to determine on the base of verification how to control. The examples are listed in Table 5.1.

Self-assured control is the basic requirement of Cyber security, and it also represents the developing direction of the secure system. Self-assurance at least meets the independence and provability. The feature of independence ensures that the given event not to be controlled by others; the feature of provability provides the controlling basis for the event. The self-assurance system must realize “the recognition of our own side” in Cyber warfare, “no afraid of espionage” in intelligence warfare and “no afraid of leakage” in banking system.

The concept of assurance is more and more deeply rooted in the hearts of the people, now more and more systems conscientiously implement assurance security mechanism, but there are still a lot of systems that provide “security service” in violation of the principle of assurance, such as forcing users to input password, forcing users to bind with certain parameters, etc. Some systems (i.e. block chain) even put forward “joint management of account”, obviously it is against the principle of assurance. These are immatured products without corresponding technology. Perhaps they can solve some immediate problems, but have a larger hidden danger.