6G安全潜在关键技术白皮书-英文译文-cl-v1.2

Preface

6Gnetworksareevolvingtowardscomplexityanddiversity,withincreasingopenness

leadingtofurtherblurringoftraditionalnetworksecurityboundaries.Asnetworkattack

methodscontinuetoescalate,futurenetworkscannotrelysolelyonpassivedefense

mechanismssuchasboundaryisolationandplug-insecuritycapabilitiestoensuresecurity.

Therefore,6Gnetworksshouldhavebuilt-insecuritygenestofullyguaranteethe

end-to-endsecurityandtrustworthinessof6Gnetworks.

Built-insecurityisaconceptandmethodforrealizing6Gsecurity.Itemphasizes

integratingsecurityasacoreelementandbasicfeatureintotheentirelifecycleof6G

networks.Securityisrootedin6Gnetworksandcoexistswiththenetwork,enabling6G

networkstohaveself-protection,self-repair,andself-adaptationcapabilities.Itproactively

respondstovariousthreatsandattacksthroughinternalmechanismstoimprovetheoverall

securityandreliabilityof6Gnetworks.

Thereconstructionof6Gnetworkarchitectureprovidesanopportunityandwindow

periodforestablishinganewsecuritysystem.TheIMT-2030(6G)PromotionGroup

pointedoutinthe"6GNetworkSecurityVisionTechnologyResearchReport"[1]that6G

networksecurityshouldhavethefourcharacteristicsof"activeimmunity,resilient

autonomy,digitaltwinsecurity,andubiquitouscollaboration";Inthe"6GTrustworthy

built-inSecurityArchitectureResearchReport"[2],itproposestheconceptofintegrating

"trust+security",andconstructsa6Gtrustworthybuilt-insecurityarchitecturefromthree

levelsofsecuritycapability,securitycontrol,andsecuritydecision-making.Itcollaborates

withdigitaltwinnetworks,artificialintelligenceanalysiscapabilities,andresource

orchestrationandschedulingcapabilities.Intheformofasecurityplane,itprovidesbuilt-in

securitygenesfor6Gnetworkstoachievethesecurityandreliabilityof6Gnetworks.

3/45

Figure1SchematicDiagramof6GTrustworthyBuilt-inSecurityArchitecture

Basedonthe6Gtrustworthybuilt-insecurityarchitecture,thiswhitepaperdescribes

theapplicationscenariosandsecurityrequirements,technicalprinciples,application

concepts,relatedchallenges,andsuggestionsofpotentialkeytechnologiesfor6Gsecurity

fromthreelevelsofsecuritycapability,securitycontrol,andsecuritydecision.Amongthem,

Chapter1WirelessPhysicalLayerSecurityTechnology,Chapter2DistributedTrust

Technology,Chapter3UbiquitousTrustedTechnology,Chapter4QuantumSecurity

Technology,andChapter5PrivacyProtectionTechnologybelongtothepotentialkey

technologiesatthesecuritycapabilitylevel;Chapter6SecurityCapabilityService-Oriented

TechnologyandChapter7MimicDefenseTechnologybelongtothepotentialkey

technologiesatthesecuritycontrollayer;Chapter8AISecurityManagementandDecision

TechnologyandChapter9DTNSecurityDeductionTechnologybelongtothepotentialkey

technologiesatthesecuritydecision-makinglayer.Theabovethreecategoriesof

technologieswillsupportthedesignoftheoverall6Gtrustworthybuilt-insecuritysystem

aroundthegoalsoftrustandsecurity.

4/45

I.WirelessPhysicalLayerSecurityTechnology

1.1ScenariosandSecurityRequirements

Inthefuture,thetypesandquantitiesof6Gterminalswillcontinuetoincrease.Various

InternetofThings(IoT)deviceswithdifferentcapabilitieswillgraduallybecomethemain

force.However,mostIoTterminalshavelimitedprocessingcapabilitiesandcannotcarry

complexsignalingandprocessingoverhead.Inaddition,theyaredistributedindifferentopen

electromagneticenvironments,facingseverewirelesssecuritychallenges[3].Wireless

physicallayersecurity(PLS)technologyutilizesthenaturalsecurityattributesofwireless

channels,suchasanisotropy,randomvariability,andthird-partyuncertainty,toprovide

securitycapabilitiesthatcanbeintegratedbutdonotrelyontraditionalsecuritymechanisms.

Byminingandutilizingthebuilt-insecurityattributesofwirelesschannels,PLScanachieve

theintegrateddesignofcommunicationandsecurity,whichisexpectedtoprovidelightweight

securitycapabilitiesfortheinformationsecurityof6GInternetofThings[4].Wirelessbuilt-in

securitytechnologyisbasedonthetheoryofphysicallayersecurity,whichcanachievethe

endogenousintegrateddesignofcommunicationandsecuritybyfurtherexploringand

utilizingthebuilt-insecurityattributesofwirelesschannels.Underthestimulationofnew

technologiessuchasReconfigurableIntelligentSurface(RIS)andintegratedsensingand

communication,wirelessbuilt-insecuritytechnologycanfurtherperceive,customize,and

manipulatetheelectromagneticenvironmentmorefinely,therebyactivelyshapingtheoptimal

environmentforcombatingwirelessdisturbancesandprovidingadaptivesecuritycapabilities

for6G.

1.2TechnicalPrinciples

(1)PhysicalLayerKeyGeneration

Thephysicallayerkeygenerationtechnologyutilizeschannelreciprocity.The

transmitterandreceivercanrespectivelyobtainconsistentchannelfeatures,suchaschannel

stateinformationandreceivedsignalstrength,togenerateconsistentphysicallayerkeys.

However,thenaturalwirelesschannelisuncontrollable.ByusingRISandotherpotentialkey

technologiesof6G,thewirelessenvironmentcanbeactivelyremodeled,throughoptimizing

thechannelconditionsofcommunication,andreducingthecorrelationbetweenthelegitimate

channelandtheeavesdroppingchannel,increasestherandomnessofthechannelandthe

5/45

entropyofthechannelasarandomsource,therebygreatlyimprovingthekeygeneration

performance.

(2)PhysicalLayerSecurityTransmission

Thephysicallayersecuritytransmissiontechnologydesignssecurebeamformingbased

onthecharacteristicsofwirelesschannels.Itmayincorporatetheartificialnoiseinjectionto

ensurereliabletransmissionofconfidentialinformationwithinthedesiredchannelspace,

whileattemptingtotransmittheartificialnoiseasmuchaspossibleinthenullspaceofthe

desiredchannel,thusmaximizingthecapacityforsecuretransmission.Additionally,RIScan

beleveragedtocustomizeandoptimizethewirelessenvironment,amplifyingthequality

differencebetweenlegitimatechannelsandeavesdroppingchannels,therebyachievingsecure

transmission.

(3)ChannelFingerprintAuthentication

Channelfingerprintauthenticationutilizestheuniquenessandtime-spacespecificityof

wirelesschannelstorealizetheauthenticationofnodeidentityornetworkpacketsthrough

continuouschannelcomparisonorchannelcomparisonwithincoherenttime.Inessence,the

channelcharacteristicsareusedtoadd"positionstamp"tousers.Inthatcase,itnotonly

increasesthelengthofthetrustedroot,butalsoextendsthetraditionaltrustedroot

comparisonandauthenticationmechanismbasedonidentityinformationindextothe

authenticationofwirelesssignals,resistingunknownwirelessaccessattacks.

1.3TechnologyApplicationConcepts

Wirelessbuilt-insecuritytechnologycansolvesecuritythreatsinthephysicallayer

signaldomain,suchaswirelesseavesdropping,wirelessinterference,andwirelessdeception,

thusbuilding6Gairinterfacephysicallayersecurityatomiccapabilities.Furthermore,it

couldbeintegratedintotheupper-layersecuritycapabilitylayertoformanintegratedsecurity

capability,whichcouldprovideasecureandtrustedfoundationforupper-layerapplicationsto

meetdifferentiatedsecurityprotectionrequirements.Thewirelessbuilt-insecuritymechanism

couldprovidesecuritycapabilitieswhichdonotdependoncomputationalcomplexity,reduce

therequirementsforterminalenergyconsumptionandprocessingcapabilities,andmeetthe

securityandlightweightrequirementsoftypical6Gapplicationscenarios.Forexample,in

massiveIoTscenarios,thephysicallayerkeygenerationtechnologycanbecombinedwith

theupper-layerkeysystemorlightweightencryptionalgorithmtoreducetheburdenofkey

distribution/management,andimprovesecuritywhilereducingcomputationalcomplexity.

Atthesametime,byusing6GpotentialkeytechnologiessuchasExtremelyLarge-Scale

MIMOantennas,RIS,andintegratedsensingandcommunication,wecanactivelycontroland

6/45

finelyperceivethewirelessenvironment,excavateandcustomizewirelesschannel

information,andimprovecommunicationqualitywhileassistinginimprovingwireless

securityperformance.

Figure2SchematicDiagramofApplicationConceptsofWirelessPhysicalLayer

SecurityTechnology

1.4ChallengesandSuggestions

Leveragingtheinherentsensingandcontrolchannelcapabilitiesof6G,itisexpectedto

constructanewwirelessphysicallayersecuritytechnologywithintelligentnativeintegration.

However,therelatedresearchisstillinitsinitialstageandneedstobeexploredasfollows:

Utilizeemerging6GtechnologiessuchasRIS,integratedsensingandcommunication,etc.,to

enhancetheabilityforchannelcustomizationandprecisesensing,exploringtheempowering

mechanismfromsensingcapabilitiestosecurecommunicationcapabilities,achievingthe

integrateddesignofcommunication,sensing,andsecurity;Utilizethedeepintegrationof

physicallayersecurityandupper-layersecuritymechanismstofurtherimprovetherobustness

of6Gsecurity;Designandtesttheperformanceevaluationstandards,methodsand

experimentalanalysisofphysicallayersecuritytechnologyaccordingto6Gsecurity

requirements,layingthefoundationforitsengineeringapplications,andconstructinga

wirelessendogenoussecurityperformanceevaluationsystem.

II.DistributedTrustTechnology

2.1ScenariosandSecurityRequirements

Theopennetworkecologyandheterogeneousintegratednetworkarchitectureof6Gput

forwardnewrequirementsforthetrustsystem.Ontheonehand,6Gnetworkshavethe

characteristicsofcross-network,cross-industry,anddeepparticipationofallpartiesinthe

ecology.6Gnetworkswillsupportmulti-partyresourcesharing.Spectrumresourcesand

7/45

computingpowerwillbecomenetworkresourcesthatcanbedynamicallyandon-demand

sharedbymultiplepartiesinthe6Geratoachieveresourcesharing,valuetransferand

monetization.Therefore,thereisaneedforadecentralized,open,transparent,and

tamper-proofoperationalmechanismthatcanbuildconsensusamongmultipleparties,address

resourcecompetitionissues,andensuretheentireprocessisopen,transparent,and

trustworthy[5].

Ontheotherhand,6Gnetworkssupportheterogeneousnetworkssuchassatellite

networks,industrynetworks,andbodyareanetworks.Devicesfromdifferentorganizations

andinstitutionsneedtoestablishsecureandreliabletrustrelationships.Traditional

telecommunicationsnetworksmainlyadoptcentralizedandendorsementtrustmodels.Inthe

future,6Gnetworksneedtointroducetrustmodelsbasedonconsensus.Theentities

participatinginthenetworkusetechnicalmeanstoachievemutualtrustamongmultiple

partiessothattherootoftrustnolongerdependsonasinglepointbutiscomposedof

multipleparticipatingparties[6].

2.2TechnicalPrinciples

Blockchainisthefoundationofdistributedtrust.Blockchaintechnologyisessentiallya

decentralizeddatabasethatwritesinformationintoablockandformsachainofblocksby

connectingeachblock.Eachblockcontainsinformationaboutthepreviouslyconnectedblock

andusescryptographictechniquessuchashashalgorithmstopreventthecontentand

connectionoftheblockfrombeingtamperedwith.Blockchainhasthecharacteristicsof

decentralization,openness,transparency,traceability,andtamper-proof[5].Thekey

technologiestoimplementblockchaincanbesummarizedasP2Pprotocol,consensus

algorithm,ledgerstructure,incentivemechanism,smartcontract,cryptographicalgorithm,

etc.

Accordingtotheaccesssystemauthorizationmethodofparticipants,blockchainsystems

canbedividedintotwocategories:Permissionlessblockchainsystems,whereanyonecan

accessthesystemwithoutauthorization,andparticipantsareuntrusted;Permissioned

blockchainsystems,whereparticipantscanonlyaccessthesystemafterbeingauthenticated,

andparticipantsdonotfullytrusteachother(semi-trusted).Accordingtothedifferent

applicationscopesofblockchain,thepermissionedblockchainsystemscanbedividedinto

consortiumchainsandprivatechains.Aconsortiumchainisablockchainjointlymanagedby

multipleinstitutions[6].

Inadditiontousingblockchaintobuildatrustbase,6Galsoneedstodesignadistributed

authenticationscheme.Theauthenticationofatelecommunicationnetworkconsistsoftwo

8/45

parts.Oneistheauthenticationbetweentelecommunicationnetworkdevices.Thecurrent

methodmainlyadoptsthepublickeycertificatemethod,andthetrustrootisusuallytheCA

oftheoperatororequipmentvendor.Thisisakindofendorsementtrustmechanism[6].

DecentralizedPublicKeyInfrastructure(DPKI)maybecomeanalternativetechnologyfor

distributeddeviceauthentication.Bybuildingatrustplatformcollaboratively,andstoring

certificatesandcertificateverificationprocessesinadistributedmanner,DPKIcanachieve

cross-domaincertificateverification,enhancingthetrustworthinessandreliabilityofCAs.

Thesecondistheauthenticationbetweentelecommunicationnetworkusersandthe

network.Currently,theidentityofauseristypicallycreatedbyoperatorsandissuedwhen

theusersignscontractswiththeoperator.Allidentitiesarecentrallycreated,maintained,and

managedbytheoperator,essentiallyconstitutingacentralizedauthenticationscheme.Digital

identitymayemergeasanalternativetechnologyfordistributeduserauthentication.

DecentralizedIdentifiers(DID)definedbytheW3Careaverifiable,decentralizedformof

digitalidentity.DIDisheldbythecontroller,decoupledfromthecentralizedregistration

authority,identityproviderandcertificateauthority,anddoesnotrequireanyendorsement

fromotherparties.

2.3TechnologyApplicationConcepts

(1)6GBlockchain

The6Gblockchainisbasedonthe6Gnetworkastheinfrastructure,andmobile

communicationnetworknodesastheinfrastructurenodesofblockchain.6Gblockchain

serves6Gservices,andaroundthecorefunctionof"multi-partytrust",itprovidesasecure

andtrustedplatformforupper-layerservice.Theservicealsoneedstoreshapetheservice

proceduresduetotheintroductionofblockchain[7].Accordingtothedifferentrolesof

blockchainintelecomnetworks,blockchainisdeployedindifferentpositionsofthenetwork,

andtherearethreedeploymentmodes.Thefollowingfigureisaschematicdiagram:

9/45

Figure3SchematicDiagramofBlockchainDeployment

1)Underlyingblockchainmode:Thecorenetworkblockchainmoduleisdeployedat

thelevelofnetworkelementsornetworkmanagement,generatinginitialblockchain

nodesaftertheestablishmentofthenetwork,andundertakingthefunctionsof

blockchainconstruction,maintenance,andpermissionauthenticationofblockchain

nodes.Theblockchaincapabilitiesofaccessnetworksandterminals(inwhich

blockchainclientsmaybeprovided)arepre-installedandcanbeusedafteraccesstothe

network.Theblockchainexistswiththeestablishmentofthenetworkandcanrealize

functionssuchasuserauthenticationandauthorizationandcorenetworkservice

discoveryempoweredbyblockchain.

2)Upper-layerblockchainmode:Theblockchainisbuiltontopoftheexistingtelecom

networkarchitecture,andblockchainfunctionscanbepluggedinorremovedaccording

torequirements.Theblockchainfunctionalityisdeployedintheformofnetwork

functionsinthecorenetwork,evolvingindependentlyanditeratingquickly.The

blockchaincapabilitiesofaccessnetworksandterminals(inwhichblockchainclients

maybeprovided)canbeissuedbythecorenetwork,andtheblockchaincapabilitiescan

befreelyconfiguredaccordingtorequirements.

3)Hybridblockchainmode:Theblockchainmoduleisdividedintotwoparts,onepart

belongingtothebasicfunctionsofthetelecomnetwork,deployedintheunderlying

mode,andonlycontainingbasictrustfunctionssuchasidentityauthentication;Theother

partbelongstotheservicefunctionsofthetelecomnetwork,deployedintheupper-layer

mode,andadditionalfunctionscanbeaddedorremovedasneeded.

(2)DistributedAuthentication

Fordistributedauthenticationamongtelecomnetworkdevices,6Gnetworkswill

introducetheDPKItechnologybasedonblockchain.Itwillleveragetheblockchain's

10/45

characteristicsofopennessandtransparency,consensusamongmultipleparties,and

tamper-prooftobuildatrustalliance,enablingblockchain-basedcertificateandidentity

management,transparentauditing,andcross-domainverification.Therearethreemain

technicalapproaches:First,therealvaluesofcertificatesarestoredinastoragesystem,while

thehashesofcertificatesarestoredintheblockchain.Theblockchainmaintainstheintegrity

ofthedata,therebypreventingfromthefailureofnodesinthestoragesystemduetoattacks.

Second,operatorsformaconsortiumchain,witheachoperatorwritingtheircertificatesand

CAcertificatesrequiredfornetworkoperationsintotheconsortiumchain.During

authentication,completecertificatesdonotneedtobeprovided,andonlythecorresponding

identifiersontheblockchainneedtobecarried.Third,devicepublickeysaregeneratedbased

onidentityinformation,withouttheneedforsignaturesfromauthoritativeentitiesortheuse

ofdigitalcertificates,simplifyingthecomplexityofkeymanagement[7].

Fordistributedauthenticationbetweentelecomnetworkusersandthenetwork,6G

networkswilladoptdigitalidentitytechnology.Usershavetheirowndigitalidentitiesandcan

autonomouslycontrolthescopeoftheiridentities'useindifferenttrustdomainsorservices,

selectivelysharingspecificidentityinformationwithentitiesthatneedverification.Digital

identitycansupportanonymousidentityverification.Userscanprovidethenecessaryidentity

informationwhentheyneedtoverifytheiridentity,whilesimultaneouslyprotectingtheir

privacy;Identityauthenticationisextendedtoallentitieswithinthenetwork,encompassing

notonlyuserauthenticationbutalsotheauthenticationofdigitalpersonas,AIassistants,

networknodes,andevendistributedautonomousnetworksasawhole;Combiningdigital

identitywithsmartcontractscanrealizeautomatedidentityauthenticationandpermission

control.

2.4ChallengesandSuggestions

Blockchainfacestheimpossibletriangleofsecurity,transactionrate,and

decentralization.Itisimpossibletosimultaneouslyachieveallthree.Ifblockchainisapplied

to6Gnetworks,theexistingblockchainarchitectureusedintheinternetcannotcopewiththe

largeandfasttransactionscharacteristicof6G.Thispresentsacriticalflaw,asthesecurity

andtransactionratefallshortofrequirements,significantlyimpactingsystemsecurity.

Therefore,researchisneededonaspectsofblockchainsuitablefor6Gnetworks,including

ledgerstructure,deploymentmode,consensusalgorithm,andapplicationmode.Ananalysis

ofthethreesidesoftheimpossibletriangleisnecessarytoselectthemostsuitableblockchain

for6Gnetworks.

Distributedauthenticationintroducesanewwayofmanagingandverifyingcertificates

11/45

andidentities,bringingnewchallengestothenetwork.Firstly,effectivelymanaging,storing,

andtransmittingdistributedcertificatesandidentitiespresentsachallenge.Thisrequires

consideringdatareliabilityandmaintainingdataconsistency.Secondly,theauthentication

processbeforenetworkentitiesinteractneedstobereconstructed.Newandadvanced

cryptographictechnologiescanbeutilizedtoenhancethesecurityandverificationefficiency

ofcertificatesandidentities,ensuringsecureprotectionandefficientverificationduring

distributedstorage.Furthermore,theintroductionofsmartcontracttechnologycanrealize

automatedauthenticationandpermissioncontrolofcertificatesandidentities,ultimately

improvingsystemefficiency.

12/45

III.UbiquitousTrustTechnology

3.1ScenariosandSecurityRequirements

The6Gcloud-edge-terminalconvergedarchitecturewillblurthetraditionalsecurity

boundaries,requiringcross-domainandconsistentsecuritysolutionstorealizeaunified

orchestrationofsecuritypolicies.Atthesametime,thedevelopmentofgenerativeartificial

intelligencewillgreatlyreducetheattackthresholdandimprovetheautomationofattacks.

Traditionalsecurityprotectionmechanismsofdetectingandthenfilteringwillnotbeableto

meettherequirementsofmassiveserviceconnectionsandlowlatency.6Gnetworksneeda

securitytechnologythatdoesnotrelyonpriorknowledgeofattacks,doesnotaffectservice

processingperformance,andcanensurethesecurityofdataprocessingandcross-domain

interconnectionandinteroperability.Thistechnologyshouldalsobeabletoprovidea

consistentsecuritysolutionforthecloud,edge,andterminal,andprovidereal-time

assessmentandprotectionofnetworkassets.

3.2TechnicalPrinciples

Trustedcomputingisatechnologybasedonhardware,software,andprotocolsthataims

toprotecttheintegrity,availability,andconfidentialityofcomputersystems,prevent

unauthorizedaccessandattacks,andprovidetheabilitytoverifyandassessthe

trustworthinessofcomputersystems.Trustedcomputingmainlyincludesthefollowingkey

technologies:secureboot,securemetric,remoteauthentication,trustedexecution

environment,andmemory/virtualmachinesecurity.

(1)SecureBootandTrustedMetric

Byverifyingtheintegrityandauthenticityofthefirmware,operatingsystem,anddrivers

duringthesystembootprocess,itensuresthatonlyauthorizedsoftwareisloadedand

executed.Thisfunctioncaneffectivelydetectandpreventunauthorizedortamperedsoftware

frombeingloadedandexecutedduringthebootprocess,thuseffectivelypreventingthe

intrusionofmalicioussoftware.Itcanalsopreventattacksonchipsbyexploitinghardware

vulnerabilities.Theapplicationofsecurebootandtrustedmetriccanensurethatassetscanbe

discoveredintimewhenattackedbymalicioussoftware.Throughtheremoteauthentication

server,thesecuritypostureofallassetscanbeevaluated,sothatsecurityO&Mpersonnelcan

performsecurityO&Monassetsmoreefficiently.

13/45

(2)TrustedExecutionEnvironment

Atrustedexecutionenvironmentprovidesanenvironmentthatisisolatedfromthemain

operatingsystem.Thismeansthatevenifthemainoperatingsystemisattacked,sensitive

dataandcodewillnotbeaffected.Atthesametime,applicationsrunninginthetrusted

executionenvironmentcansecurelyprocesssensitivedatawithoutworryingaboutthisdata

beingaccessedbymalicioussoftwareorunauthorizedapplications.Forusers,sincethe

trustedexecutionenvironmentallowsequipmentmanufacturersandapplicationdevelopersto

buildaverifiablechainoftrust,ensuringthateverylinkfromboottoruntimeissecure,it

increasesusertrustindevicesandapplications.Therefore,thetrustedexecutionenvironment

canbeusedtoprotectassetsthatareinaninsecureenvironmentorassetsthatrunhigh-risk

applicationsandprocesssensitivedata.

3.3TechnologyApplicationConcepts

Byapplyingtrustedcomputingsolutionsin6Gnetworks,itispossibletoprovideusers

of6Gnetworkswithahigherlevelofsecurity,andallow6Gnetworkmaintainerstoprovide

thesamequalityofserviceatalowercostandwithlessenergyconsumption.

Acompletetrustedcomputingsolutionrequiresthecollaborationofchips,firmware,

operatingsystems,etc.Thefollowingfigureshowstherelationshipbetweenkeytrusted

computingtechnologies:

Figure4SchematicDiagramoftheRelationshipBetweenKeyTechnologiesofTrusted

Computing

Ascanbeseenfromthefigureabove,therootoftrustisthecornerstone,providinga

trustedfoundation.Securemetricbuildsachainoftrusttoextendtrusttotheoperatingsystem

andapplications.Thetrustedexecutionenvironmentprovidesasecuritymechanismtoprotect

14/45

sensitivedataprocessedduringapplicationexecution.Sincetherootoftrustislocatedina

read-onlyareaandtrustedverificationislocatedonaremoteserver,itisdifficultforattackers

touploadmalicioussoftwareortamperwithapplications.

Forassetsthathaveappliedtrustedcomputingsolutions,O&Mstrategiesaremore

concernedwithhowtoconfigurethemsothatattackerscannotcauseharm,ratherthanthe

attacksandattackvectorslaunchedagainsttheassets.Thismakessecurity

detection/protectionnolongerinserieswiththebusiness,notonlyeliminatingtheproblems

ofincreasedservicelatency,bandwidth,andimpactonservicecontinuitycausedbysecurity

detection/defense,butalsogreatlyreducingtheresourceconsumptionandenergy

consumptionofsecuritydetection/defense.

ForsecurityO&M,trustedcomputingprovidesaunifiedsolutionforheterogeneous

assets.Throughthesameprotocol,theremoteauthenticationservercontinuouslyevaluates

thesecuritystateofassets,providinganendorsementforcross-domaininterconnectionand

interoperability.Assetsthatfallintoanuntrustedstatecanbequicklydiscoveredandisolated.

Fordataproviders,trustedcomputingprovidesanisolatedsecureoperatingenvironment.

Sensitive/privatedataistransmittedencryptedandprocessedinanisolatedmemoryareabya

secureapplicationdevelopedbythedataprovider.Thistechnica