With the introduction of 5G,users and devices can access the industrial network from anywhere in the world.Therefore,traditional perimeter-based security technologies for industrial networks can no longer work well.To...With the introduction of 5G,users and devices can access the industrial network from anywhere in the world.Therefore,traditional perimeter-based security technologies for industrial networks can no longer work well.To solve this problem,a new security model called Zero Trust(ZT)is desired,which believes in“never trust and always verify”.Every time the asset in the industrial network is accessed,the subject is authenticated and its trustworthiness is assessed.In this way,the asset in industrial network can be well protected,whether the subject is in the internal network or the external network.However,in order to construct the zero trust model in the 5G Industrial Internet collaboration system,there are still many problems to be solved.In this paper,we first introduce the security issues in the 5G Industrial Internet collaboration system,and illustrate the zero trust architecture.Then,we analyze the gap between existing security techniques and the zero trust architecture.Finally,we discuss several potential security techniques that can be used to implement the zero trust model.The purpose of this paper is to point out the further direction for the realization of the Zero Trust Architecture(ZTA)in the 5G Industrial Internet collaboration system.展开更多
Security and access control for data storage in 5G industrial Internet collaborative systems are facing significant challenges.The characteristics of 5 G networks,such as low latency and high speed,facilitate data tra...Security and access control for data storage in 5G industrial Internet collaborative systems are facing significant challenges.The characteristics of 5 G networks,such as low latency and high speed,facilitate data transmission in the industrial Internet but also increase vulnerability to attacks like theft and tampering.Moreover,in 5G industrial Internet collaborative system environments,data flows across multiple entities and links,which necessitates a flexible access control model to meet specific data access requirements.Traditional role-based and attribute-based access control mechanisms are difficult to apply in such dynamic application scenarios.To address these challenges,we propose a novel data storage solution for 5G industrial Internet collaborative systems.Similar to existing approaches,it provides integrity and confidentiality protection for transmitted data.In terms of security,only authenticated data owners and users can obtain file decryption keys,preventing malicious attackers from data forgery.Regarding access control,decryption is permitted only to authorized data users,safeguarding against unauthorized file access.Furthermore,by introducing an attribute-based encryption mechanism,only data users with specific attributes can decrypt files.In terms of efficiency,our approach utilizes bilinear and modular exponentiation operations solely during the authentication process.For handling substantial data loads,lightweight cryptographic algorithms are employed.Consequently,our solution achieves higher efficiency compared with other known methods.Experimental results demonstrate the feasibility of our approach in real-world applications.展开更多
基金supported by the National Natural Science Foundation of China(U22B2026)the ZTE Industry-Academia-Research Project(HC-CN-20221029003,IA20230628015)。
文摘With the introduction of 5G,users and devices can access the industrial network from anywhere in the world.Therefore,traditional perimeter-based security technologies for industrial networks can no longer work well.To solve this problem,a new security model called Zero Trust(ZT)is desired,which believes in“never trust and always verify”.Every time the asset in the industrial network is accessed,the subject is authenticated and its trustworthiness is assessed.In this way,the asset in industrial network can be well protected,whether the subject is in the internal network or the external network.However,in order to construct the zero trust model in the 5G Industrial Internet collaboration system,there are still many problems to be solved.In this paper,we first introduce the security issues in the 5G Industrial Internet collaboration system,and illustrate the zero trust architecture.Then,we analyze the gap between existing security techniques and the zero trust architecture.Finally,we discuss several potential security techniques that can be used to implement the zero trust model.The purpose of this paper is to point out the further direction for the realization of the Zero Trust Architecture(ZTA)in the 5G Industrial Internet collaboration system.
基金supported by ZTE Industry-University-Institute Cooperation Funds under Grant No.IA20230628015the State Key Laboratory of Particle Detection and Electronics under Grant No.SKLPDE-KF-202314。
文摘Security and access control for data storage in 5G industrial Internet collaborative systems are facing significant challenges.The characteristics of 5 G networks,such as low latency and high speed,facilitate data transmission in the industrial Internet but also increase vulnerability to attacks like theft and tampering.Moreover,in 5G industrial Internet collaborative system environments,data flows across multiple entities and links,which necessitates a flexible access control model to meet specific data access requirements.Traditional role-based and attribute-based access control mechanisms are difficult to apply in such dynamic application scenarios.To address these challenges,we propose a novel data storage solution for 5G industrial Internet collaborative systems.Similar to existing approaches,it provides integrity and confidentiality protection for transmitted data.In terms of security,only authenticated data owners and users can obtain file decryption keys,preventing malicious attackers from data forgery.Regarding access control,decryption is permitted only to authorized data users,safeguarding against unauthorized file access.Furthermore,by introducing an attribute-based encryption mechanism,only data users with specific attributes can decrypt files.In terms of efficiency,our approach utilizes bilinear and modular exponentiation operations solely during the authentication process.For handling substantial data loads,lightweight cryptographic algorithms are employed.Consequently,our solution achieves higher efficiency compared with other known methods.Experimental results demonstrate the feasibility of our approach in real-world applications.
