基于国密算法的算力网络安全研究

doi:10.11959/j.issn.1000-0801.2023160

摘要/Abstract

摘要：

随着国密算法的推广，对算力网络进行了深入的研究，提出了更高效合理的算力网络安全方案，方案借助国密算法保证算力网络的数据安全及隐私。设计方案内容主要包括：通过底层资源支撑算力需求及密码调用，算力编排层提供数据算力的编排能力；同时，算力调度层智能判别算力资源调度分配的最优节点；密码加固层使用基于硬件支撑下的国密算法，借助公钥密码体制、哈希函数、数字信封、同态加密、区块链等技术，重点研究了算力网络接入安全、传输安全、数据安全及隐私保护方面的安全实现。研究方案创新性地提出了一种保障算力网络数据安全的架构及应用形式，能够满足应用层算力在大数据、智能技术等场景的需求。通过国密算法赋能算力网络，提升算力网络的安全性。

关键词: 算力网络, 国密算法, 隐私保护, 同态加密, 区块链

Abstract:

With the promotion of national secret algorithm, in-depth research on the arithmetic network was carried out, a more efficient and reasonable security scheme for the arithmetic network was proposed, ensuring the data security and privacy of the arithmetic network with the help of the state secret algorithm.The main elements of the design program included: Supporting arithmetic demand and cryptographic invocation through the underlying resources, the arithmetic orchestration layer provided the ability to orchestrate data arithmetic, meanwhile, the arithmetic scheduling layer intelligently discerned the optimal nodes for arithmetic resource scheduling and allocation; the cryptographic reinforcement layer used the national secret algorithm based on hardware support with the help of public key cryptosystem, hash function, digital envelope, homomorphic encryption, blockchain and other technologies.Focusing on arithmetic network access security, transmission security, data security and privacy protection aspects of security implementation.An architecture and application form was innovatively proposed to guarantee the data security of the arithmetic network, which could meet the needs of the application layer arithmetic in the scenarios of big data, intelligent technology, etc..The security of the arithmetic network is enhanced by empowering the arithmetic network through the state-secret algorithm.

Key words: compute first networking, national secret algorithm, privacy protection, fully homomorphic encryption, blockchain

中图分类号:

TP393

潘洁, 叶兰, 张鹏飞, 卜忠贵. 基于国密算法的算力网络安全研究[J]. 电信科学, 2023, 39(8): 157-166.

Jie PAN, Lan YE, Pengfei ZHANG, Zhonggui BU. Research on the security of national secret algorithm based compute first networking[J]. Telecommunications Science, 2023, 39(8): 157-166.

图/表 4

参考文献 20

[1]	雷波, 刘增义, 王旭亮 ,等. 基于云、网、边融合的边缘计算新方案:算力网络[J]. 电信科学, 2019,35(9): 44-51.
	LEI B , LIU Z Y , WANG X L ,et al. Computing network:a new multi-access edge computing[J]. Telecommunications Science, 2019,35(9): 44-51.
[2]	唐雄燕, 曹畅, 李建飞 ,等. 算力网络前沿报告[R]. 北京:中国通信学会, 2020.
	TANG X Y , CAO C , LI J F ,et al. Frontiers of algorithmic networks report[R]. Beijing:China Institute of Communications, 2020.
[3]	国家发展和改革委员会. 全国一体化大数据中心协同创新体系算力枢纽实施方案[R]. 2021.
	National Development and Reform Commission. Implementation plan for the arithmetic hub of the national integrated big data center collaborative innovation system[R]. 2021.
[4]	工业和信息化部. 新型数据中心发展三年行动计划[R]. 2021.
	Ministry of Industry and Information Technology. Three-year action plan for new data center development[R]. 2021.
[5]	中国信息通信研究院. 中国数字经济发展白皮书[R]. 2021.
	China Academy of Information and Communications Technology. White paper on the development of China＇s digital economy[R]. 2021.
[6]	中国信息通信研究院. 2022中国综合算力指数[R]. 2022.
	China Academy of Information and Communications Technology. 2022 China integrated computing power index[R]. 2022.
[7]	中国移动通信集团有限公司. 算力网络白皮书[R]. 2021.
	China Mobile Communications Group Co.,Ltd. Computing force network white paper[R]. 2021.
[8]	中国移动通信集团有限公司. 算力网络安全白皮书[R]. 2022.
	China Mobile Communications Group Co.,Ltd. Computing force network security white paper[R]. 2022.
[9]	叶沁丹, 范贵生, 黄衡阳 . 算力网络一体化支撑方案及应用场景探索[J]. 数据与计算发展前沿, 2022,4(6): 55-66.
	YE Q D , FAN G S , HUANG H Y . Study on integrated support solution and application scenarios of computing power network[J]. Frontiers of Data ＆ Computing, 2022,4(6): 55-66.
[10]	张旭光, 陈鸣锴, 魏昕 . 算力网络支撑下的泛在化视频传输调度[J]. 计算机研究与发展, 2023,60(4): 786-796.
	ZHANG X G , CHEN M K , WEI X . Ubiquitous video transmission scheduling supported by computing power network[J]. Journal of Computer Research and Development, 2023,60(4): 786-796.
[11]	段晓东, 姚惠娟, 付月霞 ,等. 面向算网一体化演进的算力网络技术[J]. 电信科学, 2021,37(10): 76-85.
	DUAN X D , YAO H J , FU Y X ,et al. Computing power network technologies for computing and network integration evolution[J]. Telecommunications Science, 2021,37(10): 76-85.
[12]	姚惠娟, 耿亮 . 面向计算网络融合的下一代网络架构[J]. 电信科学, 2019,35(9): 38-43.
	YAO H J , GENG L . Trend of next generation network architecture:computing and networking convergence evolution[J]. Telecommunications Science, 2019,35(9): 38-43.
[13]	DONG Y , SONG L , XIE R ,et al. Ultra-low latency,stable and scalable video transmission for free-viewpoint video services[J]. IEEE Transactions on Broadcasting, 2022,68(3): 636-650.
[14]	MINOPOULOS G , PSANNIS K E , KOKKONIS G ,et al. QoE assessment of video codecs for video streaming over 5G networks[C]// Proceedings of 2020 3rd World Symposium on Communication Engineering (WSCE). Piscataway:IEEE Press, 2020: 34-38.
[15]	陈波, 邓清唐 . 基于云计算的电力终端安全接入体系架构研究[J]. 电子产品可靠性与环境试验, 2022,40(4): 89-93.
	CHEN B , DENG Q T . Research on the security access architecture of power terminal based on cloud computing[J]. Electronic Product Reliability and Environmental Testing, 2022,40(4): 89-93.
[16]	贾庆民, 郭凯, 周晓茂 ,等. 新型算力网络架构设计与探讨[J]. 信息通信技术与政策, 2022,48(11): 18-23.
	JIA Q M , GUO K , ZHOU X M ,et al. Design and discussion for new computing power network architecture[J]. Information and Communications Technology and Policy, 2022,48(11): 18-23.
[17]	ZHANG Y R , GENG H Z , SU L ,et al. Research on security technology of computing force network service[J]. Mobile Communications, 2022,46(11): 90-96.
[18]	ZHOU G F , LEI B . Computing service demand matching based on computing power identification in computing power network[J]. Frontiers of Data ＆ Computing, 2022,4(6): 20-28.
[19]	SHI J D , ZHU X R . Performance analysis of video-flow in mobile edge computing networks based on stochastic network calculus[C]// Proceedings of International Conference on Wireless and Satellite Systems. Cham:Springer, 2021: 599-610.
[20]	JIN T J , LI W . An Intelligent scheduling and allocation method of big data computing resources based on computing power network[J]. Frontiers of Data ＆ Computing, 2022,4(6): 29-37.

密码算法类别		国产商用密码算法
对称密码算法	分组密码/块加密	SM1、SM4、SM7
	序列密码/流密码	祖冲之（ZUC）
非对称密码算法/公钥	基于离散对数问题	SM2、SM9
哈希函数/杂凑算法	—	SM3