CPK通向赛博安全之路:理论与实践CPK Solution to Cyber Security:Theory and Practice
上QQ阅读APP看本书,新人免费读10天
设备和账号都新为新人

前言

The research object of Cyber security have gone through the big change from closed and collectivized local network to open and individualized public network, and experienced point-to-point data security of line communication, end-to-end data authentication of LAN, user-to-user authentication of Internet, entity authentication of IoT. Now it is experiencing event authentication of Internet-of-Event.

In this book, the information security, network security, transaction security, and security management are analyzed in a new point of public network. The essence of security is discussed and a new theory of entity-authentication-based IoT and event-authentication-based IoE is put forward. The new theory explors a new way to solve the Cyber security and form a new concept raising the research way to abstract thinking from image thinking, raising the strategy policy of security to active management from passive defense, raising the authentication logic to evidence-based truth logic from model-based belief logic. And the security of public network on the authentication technique from encryption is focused on. In CPK system, the policy of “friend identification” is implemented to recognize friend only and stop all illegal accesses; the policy of “identify on the spot” is implemented to stop the trust transfer and right-taken-over.

In 2005, the President Information Technology Advisory Committee (PITAC) released the report of Cyber Security—The Crisis of Prioritization. Henceforth the information technology has entered a new era of Cyber. This is a document of epoch-making significance. In this report, the researchers of PITAC criticized the ten priorities put forward in Clinton's PDD63 and reput forward a new ten priorities denying to give major priority to vulnerability analysis. Instead, the major priority was given to authentication technique to build a trusting system.

In the study of trusted system,I began to touch the core issues of Cyber security, and felt that there were a lot of collisions of new and old technology and a lot of conflicts of new and old concepts. I am not going to discuss fully on Cyber security theory in this book, but I would like to discuss on the development direction and the key to the solution of Cyber security. It is needed to have a clear understanding on several concepts before reading the book.

The first concept is how to comprehend the “trusting system”. In trusting system, a good concept was proposed in PITAC report that a trusting system can be built with untrusted components, for an example, the Internet is not trusted, but a trusting system can be built in the Internet. But the goal is wrong, because “trusting”, after all, is belongs to the category of the trust. In the traditional information security, trust relationship has been the theoretical foundation of information security. For example, the login mechanism based on password and the certification mechanism based on biological characteristics have been regarded as common security measures. Password and biological certification can only be applied to self-certification and face-to-face certification where no trust transfer can be caused, and cannot be applied to remote certification where the trust transfer can be caused. Trusting system is based on the theory of trust transfer. Trust transfer has been the bane of system right to be taken over and the biggest threat to security. In fact, a person goes to shopping, the shop assistant and customer are strangers and have no trust, but the deal made, on condition that the good is true and the money is true. The deal has nothing to do with trust relation. The concept of “zero trust” has recently been proposed, ostensibly in line with the principle of “mutual suspicion” in Cyber security. However, this general concept is meaningless, and trust is still an important concept. Without trust logic based on behavior, the kernel security mechanism of the computer cannot be established. The judgment of authenticity has nothing to do with trust, it is not a denial of trust. What we deny is the transfer of trust that can be taken advantage of. In this book, the aim of “a thing one proof” and “an event one proof” is to block and prevent the transfer of trust. Therefore, our task is not to build trust transfer-based trusting systems, but to build evidence-based proving systems.

A second concept is how to comprehend “assurance”. There are two different concepts on the term of assurance control in China: one is talking about assurance control from the perspective of ownership of property rights, and the other is talking about assurance control from the perspective of security mechanism. There is some connection between the two, but they fall into different categories. Assurance control has always been an important security mechanism. The concept of assurance is not new, it has been a kind of access control mechanism. It is typical character of the era of public network. But chaos is caused by two reasons: one is the term of assurance in English does not exactly expressed, the other one is not correctly translated into Chinese. Data sharing DB was born in 1970s, and Denning proposed security policy for access control: discretionary and mandatory. The policy was accurately translated into Chinese. In U.S. Presidential Directive PDD63, the assurance policy was put forward the first time and replaced the policy of discretionary trying to express the meaning of “one's security is grasped and mastered by oneself”. It looks that no single word can accurately express the above meaning in English like Chinese. But in China, the “assurance” is mistranslated as “guarantee”, which blured the originally clear concept, because the security can be guaranteed by others. In fact, one's security is decided by administrator for a long time. Consequently, the national security policy still stays in the era of LAN.

The third concept is how to comprehend the “identity”. The term of identity can be used as social terms or technical terms. From social sense, identity represents a person's social status, is an abstract noun. Identity can be taken as the personification of an entity. On the sense of information technology, any entity is divided into two parts: one is the name (Identity), the other is the characteristics (Body). Therefore, the authentication of entity includes identity authentication (identity signature) and body authentication (data signature), where the identity authentication can be carried out before the body authentication. So the identity authentication is called “proof-before-event” and the body authentication is called “proof-after-event”. In communication system,it is easy to understand that only the “proof-before-event” can prohibit the illegal intrusion. If one has no enough understanding of “proof-before-event”, it will be hard to grasp the essence of Cyber security, also it is difficult to find out the way of solution.

The fourth concept is how to understand Cyber space. The term Cyber may come from Cybernetics. “Cybernetics is the scientific study of the way in which information is moved about and controlled in machines, the brain and the nervous system (Longman Dictionary).” In this paper, Cyber is interpreted as “moved and controlled information in the network”. Though the term of Cyber has not been translated into Chinese yet, what we want to study is not how to translate, but is to study what is the components of the space, what is the object of our research. Any space consists of entities, and then the concept of “Internet-of-Things” is proposed. IoT space is a static entity space, therefore, the research object, of course, is the static entity authentication. If static entities constitute a space of IoT, then what will be the space of dynamic entities? The interaction of entities produce “event”, form a virtual link, the abstraction of virtual link forms “Internet-of-Event”. In the space of Internet-of-Event, the object of study, of course, is the event authentication. So, it can be said that the main body of Cyber space is composed of “entity space” and “event space”, and the objects of study are entity authentication and event authentication.

The fifth concept is how to understand “friend identification”. Friend-or-Foe identification system has been a common method of military use. The “friend identification” adopts the strategy of “identifies friend only”, while the “foe identification adopts the strategy of identifies foes only”. Two strategies are very effective methods. In the past, under the guidance of passive defense policy, the strategy of “foe identification” was widely used in firewall, anti-virus. It has obtained a great achievement. But it is always passive to follow after the development of the foe. Now it is an era of active management. The base of active management is “friend identification”. The implementation of “friend identification” is very easy, because the initiative is in our own hands, but it put forward a higher technological requirements, namely the need to build a “evidence showing” and “evidence verifying” system. In China, the public security department has issued resident identity card, which brings great convenience for social management. This is a great pioneering work in the world history. On line verification can be realized by identity authentication, The U.S. department of homeland security says: identity management is the core of the social management and information management, and in 2009, the U.S. Government officially took the identity authentication as the national development strategy, unfortunately, they have not found the implementation technology. The “friend identification” is based on identity authentication. CPK has solved the difficult problem of identity authentication, so we have no difficult to build a “friend identification” system. The technique of “friend identification” can be widely used in network access control, software authentication, transaction authentication etc., carrying out self-assured control.

The sixth concept is how to understand “authentication”. In 2005, the President Information Technology Advisory Committee (PITAC) put forward a report of Cyber Security—The Crisis of Prioritization, denying ten priority projects which were put forward in Clinton's PDD63 taking vulnerability analysis as main project, resubmitted ten new priority projects taking “authentication technique” as the first project. The goal is to solve the scaled authentication up to billions to build a trusting world. There are two authentication techniques: one is based on logical features and the other is based on biological features. There are three authentication techniques based on logical features: trust logic based on behavior, belief logic based on model, and truth logic based on evidence. The most typical application of trust logic or belief logic is “password certification”. The basic principles of password and belief logic are “what you have, I have too” “what you know, I know too” and “what you encrypted, I can decrypt” to establish a trust relationship or belief relationship. However, the evidence-based authentication logic is realized by digital signature. The digital signature should meet the asymmetric demand that only one can sign, and can be recognized by all, which can only be solved by mathematical methods. The authentication technology based on physical features and biological features can only be used for the face-to-face authentication and cannot be used for remote authentication. The method of encryption and the method of physics cannot solve the remote authentication. As far as the general task of Cyber security is concerned, the authentication system is the subject system, while the encryption technology can only be a subset, and the relationship cannot be reversed.

The seventh concept is how to understand “encryption”. Data encryption is realized by cryptography to guarantee the secrecy of data, which was originated from military use where the cryptography is defined as the transformation from plain text to ciphered text and from ciphered text to plain text. Cryptography is classified as different levels of encrypted data. There are government cryptography, military cryptography, diplomatic cryptography and commercial cryptography. From the appearance, there are many kinds and varieties, but there is no cryptography for Internet-of-Things and public network which is in urgent need. Although the public key does not have the property of cryptography, it's often called cryptography, because the public key can be used in the key management of encryption, which is easy to confuse two important concepts: data encryption and authentication. Authentication is the main task of Cyber security where the difficulty is, but data encryption is not, because data encryption technology is already saturated. But now, in terms of encryption, an individualized encryption is developed in the public network, to reduce the granularity of closure to two communicating sides, and the classification of the two sides are no longer needed, the protection of private net is no longer needed either. The development of individualized communication has caused a lot of conceptual changes, but the confusion is caused by the unclear concept. There is no clear understanding what must be managed and what must not be managed. Thus, a lot of checkpoints set up artificially hinder the development. In these changes, the difference between military and civilian were no longer exist, so the civilian crypto technology can be used for military, and military crypto technology also can be used in the civilian, civil-military integration is a development of new requirements. In the development of the civilian cryptography, a concept must be corrected. Some people believe that the higher degree of secrecy, the better, so that someone proposed the concept of “theoretically provable security” and pursued a cryptography that never be broken. The PITAC report criticized the wrong tendency of some cryptography researchers that they only pursue security, not to consider efficiency. A famous experts once said, the perfect cryptography is not applicable, practical cryptography in use is flawed. In fact, to meet the requirements is the best cryptography. The users are most clear of the needs knowing what kind of crypto technique can meet the demands, so, the decision should be made by the user. Users also should undertake security responsibility.

The eighth concept is how to understand the quantum exhausting attack. With the development of the industry there are different mechanisms contributed in the crypto system which determines different types of cipher machines. For example, manual work can be substituted by machine. Electronic storage can be used as memory. Microelectronic can be used as computing units. All kinds of cipher devices can be made in different ways, but the basic principles of cryptography are the same. Therefore no mechanism has impact on the nature of cryptography. Thus, quantum computation does not affect the nature of cryptography. Cryptography has two components, one is scheme and the other is the key. The scheme is a fixed factor, and the key is an active factor. The relationship between the two is like a gun and a bullet. If there is no bullet, it is a stick. Only when the bullet is loaded it can become a real weapon. The task of scheme is to prevent key variables from being segmented reducing the amount of exhaustion. There are two key variables: one is symmetric key and the other is asymmetric key. Symmetric key technology has long been saturated and can only be used for data encryption, no urgency. The asymmetric key can only be constructed by mathematical method to solve the digital seal of the network world, so it is the core of network security. There are two kinds of asymmetric keys: active variables and fixed variables. The active variables such as signature code, key encryption code, are relatively easy to solve, that is, the variables are constructed into the combination of independent and dependent variable, so that the exhaustion can not get the correct result. But it does not apply to fixed variables such as public keys. Because the public key cannot be kept secret, it must be made public to the relying party, and the public key will provide the criterion for the exhaustion. In this case, it is also possible to change a fixed key into a key that changes periodically, so that the exhaustion can not keep up with changes. In fact, quantum computing power cannot be blown out of proportion. Let's say that the speed of quantum computation is 10 million trillion per second, which is about 254. The exhaustion of 280 will take 226 seconds, more than two years. It proves that the current public key technology can fully resist quantum exhaustion.

The security of Internet-of-Event is solved through the technology of a virtualized linkage that is from any identity to any identity (I to I model). Such connection can consist a provable logical network. Internet-of-Event is a collective body of virtual link and can be considered as virtual network. The virtual link is focused on thinking way to solve the security of Internet-of-Event, and IoE is to clear security properties compared with IoT. In the process of the research of the concept of virtual link and IoE, the thinking way of information security theory has been advanced from embodied thinking to abstract thinking, and made more clear the essence of Cyber security trying to reach a conclusion that can impact on the development direction of security theory. These effects can be summarized as: the strategy is shifted from passive protection to active management; the proof logic is shifted from Belief Logic to Truth Logic; the main function is shifted from data encryption to identity signature.

The security theory is shifted from the constraints of communication to a completely independent topic. There are many people have the same feeling that the main “battle field” is being shifted from military and government area to banking system.

Internet-of-Event is an individualized public network like a chess board. Each frame can represent an entity such as individuals, stores and banks, etc., and can establish provable connection with any frame. The purpose of public network is to provide with various and convenient services for users. For the security theory of the Internet-of-Event is fully independent, the work is no longer subject to the constraints of the communication system and right of speech, so it will be available to build a self-assured system and ordered world.