摘要
6G将是一个覆盖空天地海的一体化网络,并为用户提供按需服务.高安全性是6G网络的重要特性,在规划的6G架构中,安全能力将作为一个独立的逻辑面为6G网络和应用提供服务与保障.本文分析并归纳了6G安全演进的3个方面的趋势:一是网络架构的分布式自治化增加了暴露面,需要网元、子网自身具备高安全性;二是全面云化和虚拟化进一步增加了内部攻击的风险,需要基于零信任理念设计网元、网络内部的安全防护措施;三是按需服务的业务能力需要内部建设智能协同机制,并具备弹性、可编排安全能力资源池.基于上述需求和安全技术发展的趋势,本文提出了以内部安全能力建设为基础的6G安全建设思路,设计了包含安全能力层、安全策略控制器、安全智能中心、安全管理中心,协同信任共识设施、编排能力、人工智能能力形成的6G内生安全架构.本架构以网络内建安全能力为基础,信任共识机制为纽带,智能协同技术为手段,形成主动免疫、信任共识、协同弹性的安全架构与运行机制.通过构建可信链路的实际案例推演证明,该架构可为6G网络和应用提供灵活、按需的安全服务.
6G will enable seamless coverage across land,sea,sky,and space,and provide users with on-demand services.6G requires high security and its security capabilities are expected to serve as an independent logical plane under the 6G network architecture to provide services and guarantee for 6G networks and applications.This article analyzes and summarizes the three aspects of 6G security evolution requirements.First,the distributed autonomy of network architecture increases the exposure surface of network equipment and functions,and puts forward the requirements for high security of network elements and subnets themselves.Second,the cloud and virtualization technologies increase the risk of internal attacks,and require security protection mechanisms within network elements and the internal network based on the concept of zero trust.Third,providing ondemand services to customers requires intelligent collaboration mechanisms within the network,as well as an elastic and programmable security capability pool.Based on the above requirements and the development of security technologies,this paper proposes a 6G security construction idea with the built-in security framework as the basis,which includes security capability layer,security policy controller,security intelligence center and security management center,collaborating with the trusted infrastructure,orchestration capabilities and artificial intelligence abilities.The framework is built upon the security capability inside the network,coordinated with the trust consensus and the intelligent collaboration,which forms a security architecture and related operating mechanisms with active immunity,trustworthiness,and collaborative elasticity.By means of the practical case of building a trust link,the framework is proved to be able to provide flexible and on-demand security services for 6G networks and applications.
作者
粟栗
庄小君
杜海涛
冉鹏
黄晓婷
杨朋霖
Li SU;Xiaojun ZHUANG;Haitao DU;Peng RAN;Xiaoting HUANG;Penglin YANG(China Mobile Research Institute,Beijing 100053,China)
出处
《中国科学:信息科学》
CSCD
北大核心
2022年第2期205-216,共12页
Scientia Sinica(Informationis)
基金
国家重点研发计划(批准号:2020YFB1806801)资助项目。
关键词
6G
内生安全
运行机制
网络安全
信任
6G
build-in security
operating mechanism
network security
trust
