Chinese Journal of Network and Information Security ›› 2023, Vol. 9 ›› Issue (6): 1-19.doi: 10.11959/j.issn.2096-109x.2023079
• Comprehensive Review •
Gaolei LI1, Jianhua LI1, Zhihong ZHOU1, Hao ZHANG2
Revised:
2023-08-05
Online:
2023-12-01
Published:
2023-12-01
Supported by:
CLC Number:
Gaolei LI, Jianhua LI, Zhihong ZHOU, Hao ZHANG. Review of cryptographic application security evaluation techniques for new critical infrastructures[J]. Chinese Journal of Network and Information Security, 2023, 9(6): 1-19.
"
发展阶段 | 时间 | 标志性文件 |
第一阶段: | 2007.11—2016.08 | 《信息安全等级保护商用密码管理办法》 |
制度奠基期 | 《<信息安全等级保护商用密码管理办法>实施意见》 | |
第二阶段: | 2016.09—2017.04 | 《商用密码应用安全性评估管理办法(试行)》 |
再次集结期 | 《关于开展密码应用安全性评估试点工作的通知》 | |
第三阶段: | 《商用密码应用安全性测评机构管理办法(试行)》 | |
体系建设期 | 2017.05—2017.09 | 《商用密码应用安全性测评机构能力评审实施细则(试行)》 |
《信息安全技术 信息系统密码应用基本要求》(GM/T 0054-2018) | ||
《信息安全技术 信息系统密码应用基本要求》(GB/T 39786-2021) | ||
第四阶段: | 《关于规范商用密码应用安全性评估结果备案工作的通知》(国家密码管理局字[2021]392号) | |
密评试点开展期 | 2017.10—至今 | 《信息安全技术 信息系统密码应用测评要求》(GM/T 0115-2021) |
《商用密码应用安全性评估管理办法》(2023.11) | ||
《信息安全技术 信息系统密码应用测评过程指南》(GM/T 0116-2021) |
"
技术类别 | 评估对象 | 参考标准 | 评估内容 |
总体要求 | |||
密评 | 关键信息基础设施、网络安全保护第三级以 | 《商用密码应用安全性评估测评 | 密码功能要求 |
上的系统、国家政务信息系统 | 过程指南》 | 技术应用要求 | |
密钥管理 | |||
安全管理 | |||
安全物理环境 | |||
安全通信网络 | |||
安全区域边界 | |||
《信息安全技术网络安全等级 | 安全计算环境 | ||
等保测评 | 通信网络设施、信息系统、数据资源 | 保护测评过程指南》 | 安全管理中心 |
(GB/T28449-2018) | 安全管理制度 | ||
安全管理机构 | |||
安全管理人员 | |||
安全建设管理 | |||
安全运维管理 | |||
《信息安全技术 关键信息基础 | 合规检查 | ||
关基安全检测评估 | 关键信息基础设施 | 设施安全检查评估指南》 | 安全技术检测 |
分析评估 |
[1] | 唐新华 . 新型基础设施在国家治理现代化建设中的功能研究[J]. 中国科学院院刊, 2021,36(1): 79-85. |
TANG X H . Research on the function of new infrastructure in the modernization of national governance[J]. Bulletin of Chinese Academy of Sciences, 2021,36(1): 79-85. | |
[2] | 邱洁, 韩瑞, 魏志丰 ,等. 网络空间公共基础设施体系及安全策略研究[J]. 网络与信息安全学报, 2021,7(6): 56-67. |
QIU J , HAN R , WEI Z F ,et al. Research of public infrastructure system and security policy in cyberspace[J]. Chinese Journal of Network and Information Security, 2021,7(6): 56-67. | |
[3] | KHAN S , MADNICK S . Cybersafety:a system-theoretic approach to identify cyber-vulnerabilities & mitigation requirements in industrial control systems[J]. IEEE Transactions on Dependable and Secure Computing, 2022,19(5): 3312-3328. |
[4] | STEVENS M . New collision attacks on SHA-1 based on optimal joint local-collision analysis[C]// 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2013: 245-261. |
[5] | STEVENS M , BURSZTEIN E , KARPMAN P ,et al. The first collision for full SHA-1[C]// 37th Annual International Cryptology Conference. 2017: 570-596. |
[6] | CAO H , ZHU P , LU X ,et al. A layered encryption mechanism for networked critical infrastructures[J]. IEEE Network, 2013,27(1): 12-18. |
[7] | National Institute of Standards and Technology,Security Requirements for Cryptographic Modules,FIPS 140-3[S]. 2019. |
[8] | SYLVAIN G , YOUSSEF S , ZHANG F ,et al. Post-quantum cryptography-having it implemented right[J]. Journal of Cryptologic Research, 2023,10(3): 650-666. |
[9] | Global Research & Analysis Team,Kaspersky Lab. Advanced threat predictions for 2022[R]. 2022. |
[10] | GOPINATH M , SIBI C S . A comprehensive survey on deep learning-based malware detection techniques[J]. Computer Science Review, 2023(47): 100529. |
[11] | 王建华, 张岚 . 检测类型缺陷的形式化构造攻击方法[J]. 密码学报, 2021,8(6): 1058-1073. |
WANG J H , ZHANG L . A formal construction attack method for detecting type defects[J]. Journal of Cryptologic Research, 2021,8(6): 1058-1073. | |
[12] | 陈华, 范丽敏 . 密码测评—信息安全领域的核心技术[J]. 中国科学院院刊, 2011,26(3): 297-302. |
CHEN H , FAN L M . Password evaluation:the core technology in the field of information security[J]. Bulletin of Chinese Academy of Sciences, 2011,26(3): 297-302. | |
[13] | HAN S , JAGER T . Authenticated key exchange and signatures with tight security in the standard model[C]// CRYPTO 2021. 2021: 670-700. |
[14] | 董建阔, 刘哲, 陆盛 ,等. 椭圆曲线密码高效软件实现技术研究进展[J]. 计算机学报, 2023,46(5): 909-928. |
DONG J K , LIU Z , LU S ,et al. Research progress on efficient software implementation of elliptic curve cryptography[J]. Chinese Journal of Computers, 2023,46(5): 909-928. | |
[15] | 张跃宇, 徐东, 陈杰 . 白盒SM4的分析与改进[J]. 电子与信息学报, 2022,44(8): 2903-2913. |
ZHANG Y Y , XU D , CHEN J . Analysis and improvement of white Box SM4[J]. Journal of Electronics & Information Technology, 2022,44(8): 2903-2913. | |
[16] | 董玲, 陈克非, 来学嘉 . 密码协议分析的信任多集方法[J]. 软件学报, 2009,20(11): 3060-3076. |
DONG L , CHEN K F , LAI X J . Trust multiset method for cryptographic protocol analysis[J]. Journal of Software, 2009,20(11): 3060-3076. | |
[17] | LI G , ZHAO Y , LI Y . CATFL:certificateless authentication-based trustworthy federated learning for 6g semantic communications[C]// IEEE WCNC. 2023. |
[18] | LEE T R , TEH J S , JAMIL N ,et al. Lightweight block cipher security evaluation based on machine learning classifiers and active S-boxes[J]. IEEE Access, 2021,(9): 134052-134064. |
[19] | JALALI N A , CHEN H . Federated learning security and privacy-preserving algorithm and experiments research under internet of things critical infrastructure[J]. Tsinghua Science and Technology, 2023,29(2): 400-414. |
[20] | 姚前, 张大伟 . 区块链系统中身份管理技术研究综述[J]. 软件学报, 2021,32(7): 2260-2286. |
YAO Q , ZHANG D W . Survey on identity management in blockchain[J]. Journal of Software, 2021,32(7): 2260-2286. | |
[21] | 王子园, 杜瑞忠 . 边缘环境下基于无证书公钥密码的数据完整性审计方案[J]. 通信学报, 2022,43(7): 62-72. |
WANG Z Y , DU R Z . Data integrity auditing scheme based on certificateless public key cryptography in edge environment[J]. Journal on Communications, 2022,43(7): 62-72. | |
[22] | DEVRAJ A , WANG L , REXFORD J . REDACT:refraction networking from the data center[J]. ACM SIGCOMM Computer Communication Review, 2021,51(4): 15-22. |
[23] | 杨国强, 丁杭超, 邹静 ,等. 基于高性能密码实现的大数据安全方案[J]. 计算机研究与发展, 2019,56(10): 2207-2215. |
YANG G Q , DING H C , ZOU J ,et al. Big data security scheme based on high-performance cryptography[J]. Journal of Computer Research and Development, 2019,56(10): 2207-2215. | |
[24] | DANG L , DONG M , OTA K ,et al. Resource-efficient secure data sharing for information centric e-health system using fog computing[C]// IEEE ICC. 2018: 1-6. |
[25] | XIANG B , ZHANG J , DENG Y ,et al. Fast blind rotation for bootstrapping FHEs[C]// Crypto 2023. 2023. |
[26] | LI G , WU J , LI J ,et al. Fog computing-enabled secure demand response for internet of energy against collusion attacks using consensus and ACE[J]. IEEE Access, 2018,(6): 11278-11288. |
[27] | BOATENG G O , SUN G , MENSAH D A ,et al. Consortium blockchain-based spectrum trading for network slicing in 5G RAN:a multi-agent deep reinforcement learning approach[J]. IEEE Transactions on Mobile Computing, 2023,22(10): 5801-5815. |
[28] | NGUYEN V L , LIN P C , CHENG B C ,et al. Security and privacy for 6G:a survey on prospective technologies and challenges[J]. IEEE Communications Surveys & Tutorials, 2021,23(4): 2384-2428. |
[29] | ZHOU Z , GAURAV A , GUPTA B B . A fine-grained access control and security approach for intelligent vehicular transport in 6G communication system[J]. IEEE Transactions on Intelligent Transportation Systems, 2022,23(7): 9726-9735. |
[30] | 徐子钧, 刘建伟, 李耕 . 面向5G mMTC的网络切片安全研究[J]. 网络与信息安全学报, 2022,8(1): 95-105. |
XU Z J , LIU J W , LI G . Research on network slice security for 5G mMTC[J]. Journal of Network and Information Security, 2022,8(1): 95-105. | |
[31] | BELLARE M , HOANG V T . Efficient schemes for committing authenticated encryption[C]// EUROCRYPT 2022. 2022: 845-875. |
[32] | 邓从政 . 基于公钥密码体制 RSA 算法的注册码生成器[J]. 成都大学学报 (自然科学版), 2015,34(1): 44-47. |
DENG C Z . Registration code generator based on RSA algorithm of public key cryptosystem[J]. Journal of Chengdu University (Science & Technology Edition), 2015,34(1): 44-47. | |
[33] | EGELE M , BRUMLEY D . An empirical study of cryptographic misuse in android applications[C]// ACM CCS. 2013: 73-84. |
[34] | FAHL S , HARBACH M . Why eve and mallory love android:an analysis of android SSL security[C]// ACM CCS. 2012: 50-61. |
[35] | LYU M , HASSAN H.G , VIJAY S . A survey on DNS encryption:Current development,malware misuse,and inference techniques[J]. ACM Computing Surveys, 2022,55(8): 1-28. |
[36] | TRIVIKRAM M . File packing from the malware perspective:techniques,analysis approaches,and directions for enhancements[J]. ACM Computing Surveys, 2022,55(5): 1-45. |
[37] | HU Z , HAN J , PENG H ,et al. Locating sources in multiplex networks for linear diffusion systems[C]// IEEE Transactions on Network Science and Engineering, 2022,9(5): 3515-3530. |
[38] | 张磊 . 民航商用密码应用分析与安全体系研究[J]. 民航学报, 2022,6(3): 92-95. |
ZHANG L . Research on civil aviation commercial cryptography application analysis and security system[J]. Journal of Civil Aviation, 2022,6(3): 92-95. | |
[39] | 唐士杰, 袁方, 李俊 ,等. 工业控制系统关键组件安全风险综述[J]. 网络与信息安全学报, 2022,8(3): 1-17. |
TANG S J , YUAN F , LI J ,et al. Review on security risks of key components in industrial control system[J]. Chinese Journal of Network and Information Security, 2022,8(3): 1-17. | |
[40] | ZHANG K . Impossible differential cryptanalysis and a security evaluation framework for AND-RX Ciphers[J]. IEEE Transactions on Information Theory, 2023. |
[41] | 李荣泰, 常瑞, 苗新亮 ,等. 异构平台设备安全启动机制研究[J]. 信息工程大学学报, 2022,23(2): 198-205. |
LI R T , CHANG R , MIAO X L ,et al. Secure boot mechanism of Heterogeneous Platform Devices, 2022,23(2): 198-205. | |
[42] | YOSHIZAWA T . A survey of security and privacy issues in v2x communication systems[J]. ACM Computing Surveys, 2023,55(9): 1-36. |
[43] | 董晓露, 黎妹红, 杜晔 ,等. 基于切比雪夫混沌映射和生物识别的身份认证方案[J]. 北京航空航天大学学报, 2019,45(5): 1052-1058. |
DONG X L , LI M H , DU Y ,et al. A biometric verification-based authentication scheme using chebyshev chaotic mapping[J]. Journal of Beijing University of Aeronautics and Astronautics, 2019,45(5): 1052-1058. | |
[44] | XUN Y , WEI G , LIU J . G-driverAUT:a growable driver authentication scheme based on incremental learning[J]. IEEE Transactions on Vehicular Technology, 2023. |
[45] | 郝敏, 叶东东, 余荣 ,等. 区块链赋能的6G零信任车联网可信接入方案[J]. 电子与信息学报, 2022,44(9): 3004-3013. |
HAO M , YE D D , YU R ,et al. Blockchain empowered trustworthy access scheme for 6G zero-trust vehicular networks[J]. Journal of Electronics & Information Technology, 2022,44(9): 3004-3013. | |
[46] | 智能网联汽车密码模块安全技术要求:T/GHDQ 79-2021[S]. 2021. |
Security technical requirements of intelligent connected vehicle password module:T/GHDQ 79-2021[S]. 2021. | |
[47] | CAO Y , LI S , LIU Y ,et al. A comprehensive survey of ai-generated content (AIGC):a history of generative AI from GAN to ChatGPT[J]. arXiv preprint arXiv:2303.04226, 2023. |
[48] | WARNAT-HERRESTHAL S . Swarm learning for decentralized and confidential clinical machine learning[J]. Nature, 2021,594(7862): 265-270. |
[49] | ABADI M , ANDERSEN D G . Learning to protect communications with adversarial neural cryptography[C]// International Conference on Learning Representations (ICLR). 2016. |
[50] | ZEADALLY S , DAS A K , SKLAVOS N ,et al. Cryptographic technologies and protocol standards for internet of things[EB]. |
[51] | JKENNEY J B . Dedicated short-range communications (DSRC) standards in the United States[J]. Proceedings of the IEEE, 2011,99(7): 1162-1182. |
[52] | LI G , WU J , LI S ,et al. Multitentacle federated learning over software-defined industrial internet of things against adaptive poisoning attacks[J]. IEEE Transactions on Industrial Informatics, 2023,19(2): 1260-1269. |
[53] | 蒋瀚, 刘怡然, 宋祥福 ,等. 隐私保护机器学习的密码学方法[J]. 电子与信息学报, 2020,42(5): 1068-1078. |
JIANG H , LIU Y R , SONG X F ,et al. Cryptographic method of Machine learning for privacy protection[J]. Journal of Electronics and Information Technology, 2020,42(5): 1068-1078. | |
[54] | MYUNGSUN K . Private compound wildcard queries using fully homomorphic encryption[J]. IEEE Transactions on Dependable and Secure Computing, 2017,16(5): 743-756. |
[55] | GOMEZ A.N , HUANG S , ZHANG I ,et al. Unsupervised cipher cracking using discrete GANs[J]. arXiv:1801.04883v1, 2018. |
[56] | HITAJ B , GASTI P , ATENIESE G ,et al. PassGAN:a deep learning approach for password guessing[C]// International Conference on Applied Cryptography and Network Security. 2019: 217-237. |
[57] | 宁晗阳, 马苗, 杨波 ,等. 密码学智能化研究进展与分析[J]. 计算机科学, 2022,49(9): 288-296. |
NING H Y , MA M , YANG B ,et al. Intelligent cryptography research progress and analysis[J]. Journal of Computer Science, 2022,49(9): 288-296. | |
[58] | KWON H , SIM M , SONG G ,et al. Novel approach to cryptography implementation using ChatGPT[R]. 2023. |
[59] | ZHOU Z , BIN H , LI J ,et al. Malicious encrypted traffic features extraction model based on unsupervised feature adaptive learning[J]. Journal of Computer Virology and Hacking Techniques, 2022,18: 453-463. |
[60] | 王利朋, 关志, 李青山 ,等. 区块链数据安全服务综述[J]. 软件学报, 2023,34(1): 1-32. |
WANG L P , GUAN Z , LI Q S ,et al. Survey on blockchain-based security services[J]. Journal of Software, 2023,34(1): 1-32. | |
[61] | YANG Z , LI G , WU J ,et al. Propagable backdoors over blockchain-based federated learning via sample-specific eclipse[C]// IEEE GLOBECOM. 2022: 2579-2584. |
[62] | SHI Y , LI G , XU X ,et al. PFCC:predictive fast consensus convergence for mobile blockchain over 5G slicing-enabled IoT[C]// IEEE GLOBECOM. 2021: 1-6. |
[63] | 朱岩, 张艺, 王迪 ,等. 网络安全等级保护下的区块链评估方法[J]. 工程科学学报, 2020,42(10): 1267-1285. |
ZHU Y , ZHANG Y , WANG D ,et al. Research on blockchain evaluation methods under the classified protection of cybersecurity[J]. Chinese Journal of Engineering, 2020,42(10): 1267-1285. | |
[64] | GUO F , GUSILO W . Optimal tightness for chain-based unique signatures[C]// EUROCRYPT 2022. 2022: 553-583. |
[65] | 唐飞, 甘宁, 阳祥贵 ,等. 基于区块链与国密 SM9 的抗恶意KGC 无证书签名方案[J]. 网络与信息安全学报, 2022,8(6): 9-19. |
TANG F , GAN N , YANG X G ,et al. Anti-malicious KGC certificateless signature scheme based on blockchain and domestic cryptographic SM9[J]. Chinese Journal of Network and Information Security, 2022,8(6): 9-19. | |
[66] | LI G , DONG M , YANG L T ,et al. Make edge intelligence immune:decentralized service orchestration for secure learning via blockchain[J]. IEEE Transactions on Engineering Management, 2023,(99): 1-12. |
[67] | 刘峰, 杨杰, 齐佳音 . 区块链密码学隐私保护技术综述[J]. 网络与信息安全学报, 2022,8(4): 29-44. |
LIU F , YANG J , QI J Y . Review of blockchain cryptography privacy protection technology[J]. Journal of Network and Information Security, 2022,8(4): 29-44. |
[1] | Jinyin CHEN, Rongchang LI, Guohan HUANG, Tao LIU, Haibin ZHENG, Yao CHENG. Survey on vertical federated learning: algorithm, privacy and security [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 1-20. |
[2] | Jinxin ZUO,Ziyu GUO,Jin LI,Jie ZHANG,Yueming LU. Security evaluation method for confidential and stable complex systems [J]. Chinese Journal of Network and Information Security, 2019, 5(2): 58-65. |
[3] | Tao LI,NJiu-chuan LI,Ai-qun HU. Ontology model based on security parameters capturing process for network systems [J]. Chinese Journal of Network and Information Security, 2017, 3(2): 39-45. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|