Trends in cybersecurity technology

In 2021, cyberspace security technology will continue to be updated and developed, showing a trend of active innovation. The development prospects of emerging network security technologies in the field of network security, represented by Zero Trust, artificial intelligence, quantum technology and space technology, have attracted the attention of the world. In the digital age, traditional security protection based on boundaries is being replaced by Zero Trust, and Zero Trust has gradually become the mainstream network security architecture in the digital age. Artificial intelligence empowers cyber attacks to spawn more precise, intelligent, and autonomous cybersecurity threats.

Zero Trust will become the mainstream cybersecurity architecture in the digital age

In the digital age, the integration and development of emerging technologies such as cloud migration has gradually invalidated the traditional concept of perimeter security protection, and zero-trust security has established identity-centric dynamic access control, which will surely become the mainstream network security architecture in the digital age. Zero Trust is a new security protection concept for the digital age, and is a network security paradigm with resource protection as the core.

A brief summary and overview of Zero Trust security: 1) the network is in a dangerous environment all the time; 2) there are external or internal threats in the network from beginning to end; 3) the network location is not sufficient to determine the credibility of the network; 4) all devices, users, and network traffic should be authenticated and authorized; 5) the security policy must be dynamic and calculated based on as many data sources as possible. Therefore, the core idea of Zero Trust security is that by default, all people, things and things inside and outside the enterprise are not trusted, and the trust base of access control needs to be reconstructed based on authentication and authorization. The prototype of Zero Trust originated from the concept of de-borderized security proposed by the Yeligo Forum in 2004, and in 2010, Forrester formally proposed the term "Zero Trust" (ZT). After nearly ten years of exploration, the theory and practice of Zero Trust have been continuously improved, and gradually developed from a concept to a mainstream network security technology architecture.

In the digital age, the old-fashioned perimeter security protection is gradually failing. Traditional security protection is centered on the perimeter, and a network security solution built on the boundary is equivalent to building a moat for the enterprise, blocking security attacks beyond the boundary through a combination of security products such as protective walls, VPNs, UTM, and intrusion prevention detection. This construction method is safe by default to a certain extent, and at present, most governments and enterprises in the mainland are still building a security protection system around the border, which is often missing for intranet security, and the drawbacks are also exposed in the increasingly frequent network attack and defense confrontation. The application of emerging technologies such as cloud and material transfer has made fundamental changes in IT infrastructure, scalable hybrid IT environment has become the mainstream system operating environment, platforms, services, users, terminals show a diversified trend, the traditional physical network security boundary disappears, and brings more security risks, the old-style border security protection effect is limited. In the face of an increasingly complex network security situation, the new network security architecture built by Zero Trust is considered to be an effective way to improve the overall security of information systems and networks in the digital age, and has gradually received attention and application, showing a vigorous development trend.

AI-enabled cyberattacks spawn new cyberspace security threats

With the development of artificial intelligence technology, attackers tend to empower each attack link of the malicious code attack chain, enhance the accuracy of the attack, improve the efficiency and success rate of the attack, effectively break through the network security protection system, and cause significant losses to the defender. In terms of malicious code generation and construction, deep learning enables malicious code generation to have obvious advantages over traditional malicious code generation, which can greatly improve the immunity and survivability of malicious code. In the process of malicious code attack release, the attacker can take the deep learning model as one of the core components of the attack, and use the classification function of the neural network classifier in deep learning to accurately identify and attack the attack target. At the 2018 Black Hat Conference, the International Business Machines Corporation (IBM) Research Institute demonstrated an artificial intelligence-enabled malicious code DeepLocker, which achieved accurate target positioning and attack with the help of convolutional neural network (CNN) model, and verified the technical feasibility of accurately releasing malicious code threats. At present, such attack methods have been applied by attackers to actual high-level persistent threat attacks, and once the scope of application continues to be broadened, it will be difficult to achieve confrontation prevention; if combined with cyber attack weapons, it may enhance combat effectiveness and cause serious threats and damage.

On the other hand, with the gradual popularization of the Internet of Things (IoT) and the wide interconnection of industrial control systems, the number of networked devices directly exposed to cyberspace has increased significantly. The 2016 Mirai IoT Botnet Distributed Denial of Service Attack (DDoS) event showed that attackers are using multiple means to control massive IoT devices, forming a botnet of these infected IoT devices, launching large-scale DDoS attacks and causing network blockage and paralysis. In addition to presenting the typical characteristics of large-scale attacks, cyber attackers are paying more and more attention to applying artificial intelligence technology to botnet attacks, and thus evolving intelligent and autonomous characteristics.

The 2021 Global Threat Posture Prediction shows that AI technology will be widely used in similar swarm networks in the future, using millions of interconnected device clusters to simultaneously identify and respond to different attack vectors, and then use self-learning capabilities to carry out autonomous attacks on vulnerable systems on an unprecedented scale. This kind of hive zombie cluster can carry out intelligent collaboration, acting autonomously according to group intelligence, without the control end of the botnet to issue commands; centerless autonomous intelligent collaboration technology makes the size of the botnet multiply beyond the limitations of the command control channel, significantly expanding the ability to attack multiple targets at the same time. The large-scale and autonomous active attacks enabled by artificial intelligence have posed new challenges to the traditional botnet confrontation and spawned new cyberspace security threats.

Quantum technology has injected new impetus into the development of cyberspace security technology

At present, the approach to dealing with quantum threats mainly focuses on the development of quantum cryptography and post-quantum cryptography. Quantum cryptography provides new ideas for improving information security capabilities. The impact of quantum computing on traditional cryptographic measures stems from its unique quantum properties, and if it plays its positive function and uses these characteristics to construct information encryption algorithms, the threat posed by quantum computing may be easily dealt with, and this technology that guarantees information security based on the principles of quantum mechanics is quantum cryptography. In 1984, Charles Bennett and Gilles Brassard proposed a key distribution protocol (BB84 protocol), which provides a new way of thinking for solving the problem of key negotiation in cryptography, and its security is based on such a quantum theory: qubits cannot be accurately copied during transmission, and the comparison of the transmitting quantum state and the receiving quantum state can find out whether there is interception-measurement and other eavesdropping behavior during transmission. In turn, it is possible to achieve security in the so-called information theory sense. Quantum key distribution (QKD), as the closest direction to industrial applications in quantum cryptography, has attracted much attention from all parties. In terms of product development, Swiss ID Quantique, Toshiba European Research Institute, and mainland China's Guoke Quantum, Keda Shield, Anhui Wentian and other companies have quantum key distribution related products to the market. At a strategic level, in July 2019, the 10 eu-nations signed the Quantum Communication Infrastructure (QCI) Statement, which explores the integration of quantum information technology into traditional communication infrastructures across Europe over the next decade to ensure that encrypted communication systems are protected from cybersecurity threats. In June 2020, Israel established the Quantum Communication Alliance to focus on improving quantum cryptography and reducing implementation costs. In 2021, Japan, South Korea and other countries have also published strategy documents accordingly, and standardized work has been carried out on standard development platforms such as ITU-T.

Post-quantum cryptography, on the other hand, is an important means of mitigating quantum threats. For post-quantum cryptography (PQC) algorithms, refers to those cryptographic algorithms that remain computationally secure despite the advent of large-scale quantum computers. The construction of these algorithms does not use the physical properties of quantum mechanics, but continues the traditional mainstream computationally verifiable and safe research methods. At present, the research of post-quantum algorithm focuses on the construction of asymmetric algorithms that solve the problems of public key encryption (key establishment) and signature, mainly including cryptographic algorithms based on difficult problems such as lattice, encoding, multivariate polynomials, and Hash functions. These problems have been developed in the field of traditional cryptography for many years, and its assumption of complexity against quantum attacks is the basis for underpinning the security of post-quantum algorithms. At present, there is no PQC algorithm that takes into account both security and efficiency, but because the deployment of PQC in form mainly involves the replacement of algorithm modules, it is simpler and more practical than QKD technology, and this solution currently carries more expectations. However, the limitations of PQC are also prominent. For example, the PQC algorithm module still inevitably has a side-channel leakage problem; secondly, because the future quantum attack algorithm can not be ruled out to further weaken the difficulty of the underlying mathematical problem, the PQC can not achieve long-term security goals, inconvenient for special confidentiality occasions. This still applies to symmetric algorithms. Doubling the key length based on the search complexity of Grover's algorithm is generally thought to be resistant to quantum attacks, but this understanding is not necessarily correct. Although there is theoretically no unstructured search algorithm that transcends square acceleration, it is not excluded that there will still be better quantum cracking algorithms based on the structural defects of symmetric algorithms. Therefore, increasing the key length to achieve grouping algorithm security can only be a stopgap measure. In practical applications, it is preferable to choose a combination of post-quantum algorithms and QKD techniques to achieve long-term security goals, in line with the strategy of the European standards organization ETSI.

"Flexible space" leads the development direction of space technology

The US military and think tanks agree that almost all of the current combat systems of the US military (including: positioning, navigation, timing, reconnaissance and surveillance, surveying and mapping remote sensing, communication transmission, etc.) are highly dependent on the key support of space resources, with the continuous development of anti-satellite weapons such as lasers, ground foundations, in orbit, electronics and networks in China and Russia, the existing space system is highly fragile and faces key threats and severe challenges, and it is urgent to develop lethal, flexible, deterrent and low-cost military space capabilities. The concept of "flexible space" has been continuously enriched and improved with the adjustment of the US space strategy. In July 2019, the US Space Development Agency released the "Next Generation Space Architecture", which believes that in the era of great power competition, "flexibility, flexibility, and agility" is the development trend of the militarization of US space, and flexible space is a new direction. In April 2021, the U.S. think tank Atlantic Council and the Scowcroft Center for Strategy and Security jointly released the research report "The Future of Space Security: U.S. Strategy for the Next 30", which recommended that the United States give priority to the development of key technologies that can enhance the resilience of the future space system, such as the "Combat Response Space Technology Cluster, the On-Orbit Service Technology Group, and the Emerging Defense Technology Group".

"Flexible space" is a new direction for the development of the US space strategy, and its connotation is constantly enriched with the adjustment of the US space strategy, which is embodied in: decentralized, diffusive and diversified deployment; the system can be decomposed, reorganized, reconstructed, reconstructed and self-repaired at any time; comprehensive threat perception and rapid traceability counterattack; and continuous support for joint operations in other domains under high-risk conditions. Under the guidance of the idea of "flexible space", the United States has proposed a seven-layer architecture for the next generation of flexible space; focusing on the study of anti-interference, strong maneuvering, and software-defined elastic satellite technology; exploring the military application of key technologies in space warfare such as the X-37B space aircraft, space offensive and defensive weapons, and space-based Internet on the "space carrier" platform; and always leading the development of world space technology.

Disclaimer: This article is reproduced from "Information Security and Communications Confidentiality Magazine", the original author Cismag. The content of the article is the personal views of the original author, this public account reprint is only to share and convey different views, if you have any objections, please contact the reprint public account "Information Security and Communication Confidentiality Magazine".