网络与信息安全学报 (Dec 2023)

Review of cryptographic application security evaluation techniques for new critical infrastructures

  • Gaolei LI, Jianhua LI, Zhihong ZHOU, Hao ZHANG

DOI
https://doi.org/10.11959/j.issn.2096-109x.2023079
Journal volume & issue
Vol. 9, no. 6
pp. 1 – 19

Abstract

Read online

The construction of new critical infrastructure, represented by high-speed full-time signal coverage, intelligent and fine-grained urban management, and deep space and deep sea scientific innovation experimental fields, has entered a new stage with the deep integration and development of new technologies such as 5G/6G, artificial intelligence, and blockchain in various fields.The security evaluation of cryptography applications, as a key technological resource for ensuring the security of national information, integration, and innovation infrastructure, has risen to the level of international law and national development strategy.It is urgent to construct a comprehensive, fine-grained, and self-evolving cryptography security evaluation system throughout the data lifecycle.The typical APT attacks and ransomware attacks faced by new critical infrastructure in industries such as energy, medicine, and transportation in recent years were considered.And then the growing demand for security evaluation of cryptography applications was analyzed in the face of new business requirements such as preventing endogenous data security risks, achieving differentiated privacy protection, and supporting authenticated attack traceability.The new challenges were also examined, which were brought by new information infrastructure (including big data, 5G communication, fundamental software, etc.), integration infrastructure (including intelligent connected vehicles, intelligent connected industrial control systems, etc.), and innovation infrastructure (including big data, artificial intelligence, blockchain, etc.) to the security evaluation of cryptography applications.Furthermore, the new requirements were revealed about domestically produced cryptography algorithms and protocols deployed on high-performance computing chips, ultra-high-speed communication modules, and large-capacity storage media for cryptography application security evaluation technology.Finally, the development of automated and intelligent cryptography application security evaluation technology was explored.

Keywords