At present, digital economy is becoming an important economic growth point, and the construction of new infrastructure represented by 5g network and data center has become a hot word in China’s economic development. On September 17, the 2020 Beijing Internet Conference with the theme of “5g enabling interconnection and lighting up the light of the future” was grandly held in Beijing Kyoto Xinyuan Hotel. The conference focused on 5g, new infrastructure, Internet, digital security and other hot topics, and invited relevant industry leaders and senior industry experts in Beijing to discuss new ideas for the development of the industry and explore new paths for digital economic cooperation.
The new infrastructure has injected new momentum into China’s digital economy and helped the high-quality development of digital economy. The layout and construction of new information infrastructure must be based on network security and data security. Qi Yang, senior engineer of 360 future security research institute, delivered a wonderful speech on 5g network security under the new infrastructure at the “Beijing new infrastructure and 5g Development Forum”. “5g is the most fundamental communication infrastructure of the new infrastructure. It not only provides important support for artificial intelligence, big data and industrial Internet, but also can quickly empower digital industries such as big data and cloud computing. It is an important carrier of digital economy. Therefore, it is extremely important to ensure its security.” Qi Yang said.
5g network security needs to consider multiple levels
With the continuous acceleration of 5g commercial progress, network security risks also follow. According to the statistical report on the development of China’s Internet, as of March 2020, 43.6% of China’s Internet users had encountered network security problems in the past six months, of which the problem of personal information disclosure accounted for as high as 23.3%.
“5g security needs to consider multiple levels, including terminal layer, network layer, edge layer and platform application layer. At the beginning of design, we should fully consider the reliability and security of the network, and the security architecture can be improved day by day.” Qiyang analyzes the relevant risks and corresponding deployment schemes from these four levels.
The first is terminal security. 5g network terminals include individual user terminals and industry or urban public infrastructure terminals. The security requirements also include two aspects. First, the terminal’s own software and hardware need to avoid the damage of external intrusion. Second, as the starting point of 5g network, ensure data security from the source and prevent business information from being eavesdropped and tampered. To ensure the security of the terminal, the terminal needs to support encryption algorithm, integrity protection algorithm, user data integrity protection and anti replay protection, terminal identity authentication, user privacy protection, etc.
The second is network layer security. The normal operation of the data center business of the 5g core network has a vital impact on the security and stability of the 5g network. In addition to ensuring the security of the 5g core network through various security means, it is also necessary to consider the disaster recovery backup of the 5g core network itself to ensure that the 5g core network maintains the normal continuity of business when the key network source or the 5g core network is paralyzed.
The third is 5g network slicing and mec security. 5g network slice security needs to pay attention to Ausf’s unified authentication of nssai and Supi; Perform slice secondary identity authentication for the terminal accessing the special slice; Encrypt and protect network slice service identification, such as nssai; There are four levels of end-to-end physical isolation and logical isolation between slices. MEC edge computing security mainly includes preventing DDoS attacks on MEC containers or virtual machines using host OS; Hardware security and virtualization security; User access security and data security; Platform security and management security; Physical / logical isolation of management, business and storage planes.
The fourth is platform and application layer security. Firstly, 5g network involves the processing of industry data and user privacy. In order to ensure that the data is not tampered with and ensure the confidentiality and integrity of the data, it is necessary to strengthen data encryption storage and interface authentication. Secondly, in the information system security work, the security management, monitoring, response, recovery and other measures are generally implemented through the organization and management of the security center. By building an intelligent application center, the managers and operators of the smart city can perceive the security situation of the city in real time and make timely response and disposal of security events. The third is the detection and repair of network source vulnerabilities, which can detect the network source vulnerabilities and core network source vulnerabilities of wireless base stations, and support the repair of vulnerabilities on this basis. Then is the industry app application management, which has the ability of risk perception, environmental risk perception, account risk perception and behavioral risk perception for the background server, business interface, data transmission and client itself, and has the ability to detect and repair security vulnerabilities through static and dynamic analysis. Finally, the security log approval system should support docking with various mainstream devices. If network attacks are found, they can be blocked and repaired in time.
New infrastructure brings new security challenges
The network operation and maintenance based on big data artificial intelligence reduces human errors. Intelligent monitoring is conducive to improving the security defense level of the network. However, 5g’s virtualization and software definition ability, as well as the Internet and openness of protocols also bring new security risks. In 360’s view, 5g network security is currently facing five challenges.
First, virtualization of network functions. Facing this challenge, we should first strengthen the system security, audit and track the security of the management operating system, and improve the ability of anti attack; The second is to provide end-to-end multi-level isolation measures; Finally, we should strengthen the security management of open source third-party software.
Second, 5g diversified scenarios. Due to the differences in security requirements of vertical industries, fast updating and iteration of networking architecture and different equipment capabilities, it is not possible to simply measure them with unified indicators, but it is necessary to build a scenario based on-demand security capability supply mode.
Third, 5g new business model. 5g includes slicing business and mec business. In the face of slicing business and mec business, cloud and information measures need to be used for protection.
Fourth, open network capacity. Facing this challenge, colleagues who strengthen 5g network data protection and security threat detection and disposal should strengthen network interface capability protection.
Fifth, multi terminal access authentication. In the face of the differences in the security capabilities of diversified Internet of things terminals, it is necessary to deal with multiple authentication and security management of terminals.
360, three strategies and four lines of defense support 5g security
Through more than ten years of accumulation in the field of network security, 360 has formed a large number of security big data, Threat Intelligence System and rich knowledge base samples, as well as the world’s top security expert team. The network security brain has reached the world’s leading level in network vulnerability mining, apt attack discovery and threat intelligence sharing.
According to Qi Yang, 360 has three strategies to support 5g security. First, strengthen the top-level design and overall coordination of 5g safety. It is suggested to strengthen the top-level design of 5g new infrastructure application and industrial development at the national level, adhere to the concept of paying equal attention to development and safety, encouraging and standardizing, build 5g safety application demonstration area and innovation center, and lead more industries to participate in 5g urban construction through typical pilot demonstration forms, We will continue to build the capacity of 5g security, promote cross sectoral and cross sectoral cooperation, break through industry barriers, unblock cooperation channels, form a joint force of support and cooperate to promote the safe development of 5g new infrastructure. Second, speed up the research of security technology and security standards, integrate the current situation of 5g development standardization at home and abroad, suggest to increase the research of key technologies such as 5g construction, security operation and security situational awareness, and speed up the development of general security standards in the field of 5g business application and security guidelines in key vertical industries. Third, accelerate 5g ecological co construction and collaborative development. It is suggested to establish a 5g new infrastructure security cooperation alliance to ease the 5g equipment suppliers, network service providers, vertical industry customers, solution providers and other industrial chain parties. Around 5g new terminals, edge computing, networks, industry platforms and technical platforms, they should cooperate to carry out 5g new infrastructure cross industry security application center.
“Facing the five challenges of 5g network security, we also have four lines of defense. The first is the endogenous security of 5g equipment suppliers; the second is the risk monitoring and handling of network service operators; the third is the management and situation control of vertical industries; and the fourth is the enterprise user self-service platform. In the future, we hope to build a security ecosystem with more partners and promote the rapid development of China’s network security industry Exhibition. ” Qiyang finally concluded.
Responsible editor: GT