CHAPTER SIX
CPK Virtual Network
6.1 Linkage Between Identities
The world is made up of the entities, and the heart of Internet-of-Things is to prove the authenticity of static entity. It was done by identity authentication and body authentication. And what about dynamic entity? Any interaction between two entities, generates an event and event forms virtual link automatically. Virtual link is a connection from identity of entity to identity of entity, i.e. I to I mode. And in I to I mode, the authenticity of linkage can be proven. So, the virtual network is a provable network. Events exist in the form of process, and the event process is divided into access process and receive process. The access process always takes place before the receiving process happens, so the access process can be authenticated before the receive process, it is called “proof-before-event”.
The interactive process between two entities is conducted through a virtual link. Therefore, as long as there are events, there will be a virtual link simultaneously. A single activity generates a single event, and a single event forms a single virtual link, in the same way, a compound activity generates a compound event, and a compound event forms a compound virtual link.
Virtual link is a provable connection from identity to identity of entity. Each entity and event is authenticated on the base of identity authentication. Identity is unique, so, entities are mutually independent, thus virtual links are mutually independent, furthermore, events are mutually independent. This independence feature brings great convenience to prove system security, which could not be proven in the past, now can easily be proven. For only a single event can be accurately characterized, it is very important that the compound event must be decomposed into single event. A good holistic solution should be an organic proof chain of all events.
The virtual link has the characteristics of independence and traceability. When the thinking way for security issues is turned from visualization to virtualization, we can get a more reasonable explanation and form a more reasonable solution.
6.2 Provable Linkage
The linkage can be established between any entities, such as sender and receiver, payer and payee, creator and reader, etc. Each event is independent and forms independent virtual linkage. The verification of virtual link is realized by digital array online, called array seal, or 2-dim code offline, called 2-dim code seal. Depending on the event and business category, various seals can be formed. Arrays and 2-dim codes are collectively known as digital seals. Through the 2-dim code, get through the connection between the logical world and the physical world. There are three basic kinds of seals:
Identity-seal is composed of subject,time,sign code:
identity-seal={subject,time,sign1}
Where sign1 is the signature of the subject to the time, the proof of authenticity of the subject,
SIGsubject(time)=(s1,c1)=sign1
Object-seal is composed of subject, object,sign code:
object-seal={subject,object,sign2}
Where sign2 is the signature of the subject to the object, the proof of authenticity of the object.
SIGsubject(object)=(s2,c2)=sign2
Characteristic-seal is comosed of subject, character,sign code:
characteristic-seal={subject,character,sign3}
Where sign3 is the signature of the subject to the character, the proof of authenticity of the object.
SIGsubject(character)=(s3,c3)=sign3
Virtaral Internet: The virtual internet is a provable logical net in which a connection is formed with user names or tel-nos. The seal provides the authenticity of source user-name or tel-no. The authenticity is used as a judgment whether to accept the connection and whether to adopt. Virtually linked internet is separated from the Internet and mobile-net, and any illegal events that took place in Internet can finally be found by the virtually linked internet.
The seal of the internet composed of sender,time,sign1,destination,sign2:
Internet Seal={sender,time,sign1,destination,sign2}
Where the signs are:
SIGsender(time)=(s1,c1)=sign1
SIGsender(destination)=(s2,c2)=sign2
The receiver's accessing control is:
VERSENDER(time,s1)=c'1
VERSENDER(destination,s2)=c'2
Virtual Logistics-Net:The virtual label net is a provable logical net in which a virtual connection is formed between the supplier and consignee. The seal of supplier must provide the authenticity of supplier's identity and of the goods. Authenticity of goods also includes the authenticity of the identity of the goods and the characteristics of the goods. If a buyer becomes a seller, then the seller must add its own evidence of authenticity to the good, thus an authenticity proving chain is formed. The authenticity can be provided by RFID level or paper label. Especially the paper label, although it may be easily copied, due to the character of trace-ability, and proof chain between anti-fake label and receipt (invoice), it can play effective role to prevent copying attack. Therefore,the anti-fake label can be made of RFID or paper.
The consignor provides the Label Seal as anti-fake label:
Label Seal={consignor,time,sign1,char,sign2}
Where the signs are evidence of the authenticity of consignor and goods:
SIGconsignor(time)=(s1,c1)=sign1
SIGconsignor(char)=(s2,c2)=sign2
In case of paper label, the Label Seal must be printed, with the two-dim codes. Such as
The seal for anti fake label can also be used as the seal for software as trade mark. Virtual software net is formed between the software issuer and the software users. The seal for software provides the issuer's authenticity, the authenticity of the name of software and the authenticity of the body of software. The authenticity is used by users as a judgment whether to download (upload), whether to install (invoke). It allow us to implement a brand management of software. If the original kernel is responsible for safe operation of software and the CPK kernel is responsible for the authenticity of software, then the two kernels can compose a new two-kerneled operating system.
The issuer provides Soft Seal as trademark:
Soft Seal={issuer,time,sign1.chr,sign2}
Where the signs provide the authenticity of subject and object:
SIGissuer(time)=(s1,c1)=sign1
SIGissuer(chr)=(s2,c2)=sign2
The seal is used for downloading or invoking control:
VERISSUER(time,s1)=c'1
The user's installing or executing control is:
VERISSUER(chr,s2)=c'2
Where, chr may be a compressed code of software.
6.3 IoT and IoE
After many years exploration and development, we have a clearer understanding of the properties of IoT security. The nature of IoT security is the authentication of “entity”; the principle of authentication is “mutual suspicion”; the purpose of authentication is to implement self-assurance policy; the realization of authentication is based on asymmetric public key system. The Internet of things, which forms a planar lattice network between entities, must resolve the scale distribution of the private key.
If isolated entities make up the Internet of things, then there is an Internet of Event between entities and entities. The Internet of Event is a virtual network, which is something like quantum entanglement. In quantum entanglement, the physically same reaction takes place at another quantum, but in the virtual network, the logically adverse reaction takes palace in another entity, ie., one entity certifies and the other entity verifies. The Internet of Event includes many different types of virtual network, and complex link relationships are formed between events. But it's easy to find a solution by breaking the complex event into separate events. If any event in the Internet of things can prove or verify its authenticity; if any event in the IoE can proved its authenticity, then we can say that this is the ultimate solution to overall security. The block diagram of the overall solution (see Fig. 6.1):
Fig.6.1 Block Diagram of Overall Solution
Entities and events in Cyber space constitute a flat chess-board like grid in which entities can be virtually linked and authenticated. Cyber space includes a variety of different entities and variety of different events and forms a complex relationship between the entities or events. In such a case, it looks that it is almost impossible to solve the security problems. However, when we take the Cyber space as entity and event, it is easy to find a solution, because the Cyber space has only two factors, that is “entity” and “event”. Therefore, as long as the problem of entity authenticity of IoT and event authenticity of IoE is solved, then the problem of security in Cyber space is solved.
If any entity and event in any place of chess-board can be authenticated, then we can say, this will be the final solution for Cyber security.
Events exist in different forms, single events are in a single form, while related events are in a compound form. If we can organically classify the related events and turn compound events into a separated single events, its security proof will be very easy. Authentication technology is based on taxonomy of events, so, the classification of event will occupy very important position in the security proof, especially in the design of holistic solution.
The purpose of entity authentication or event authentication is to realize self-assurance control (decided by one's own will). Assurance control is a new security principle, different from the traditional mandatory control (decided by other will).
The authentication method of entity or event should be based on objective evidence, it is different from the traditional method that is based on trust or model. In remote authentication, it is not allowed to use symmetric password.
The authentication must be carried out “on the spot” blocking any transfer of trust. We should be free from the traditional login mechanism to prevent “right-taken-over”.
A Cyber space includes many different types of entities, dealing with different types of events. How to reasonably handle the authentication problem of different entities and different events is a complicated problem, and it inevitably refers to the key management issues. Whether the Key management is good or bad is directly related to the authentication system is good or bad. The key management will be a key research project. In CPK authentication system, the frequent used entities are as follows: in communication system, the provided identities are sender's name, including Internet user name, telephone mobile phone number, etc.; in transaction system, the provided identities are accounts including the bank name, creator, etc.; in logistics system, the provided identities are manufacturer's name, enterprise's name.
The provable connection of Identity to (I to I) is the foundation of Internet of Things and the authentication of entity is the core point of Internet of Event. Therefore, the Cyber security is the security of entity and event.
6.4 Compound Event
It is easy to prove the authenticity of a single entity. But in reality there are a lot of compound entities. For example, the personal residence certificate is a composite entity, because the certificate contains at least the name, address, ID number and so on, which is a compound of three entities. And the CPK Account Money also is a compound entity, because in the Account Money at least includes the authenticity of the name of issuing bank, account name, account balance, and the authenticity of the account, amount and the payee. Therefore, it is very important how to define the composition accurately according to the purpose. In communication, for example, the connection header format is an entity, but is needed to include at least the authenticity of sending IP address and receiving IP address, because if it does not include the receiving IP address, illegal access and DOS attacks may be taken place by the copying means. For another example, if the authenticity of the receiving account is not defined in the digital account money, such money is afraid of loss and the database is also afraid of loss, leading to a series of security problems.
There are two kinds of methods to prove the authenticity of compound entity. The first is to prove the authenticity of all single entities respectively when the composition is clear. In such case, if there is a dispute, then it is easy to find out the controversy and responsibility. This is the preferred method to prove authenticity. The other is to take the compound entity as a data to prove the authenticity of the data. However, the MAC method is efficient and convenient method in data security, but in the case of entity authentication, it will be hard to provide the accurate controversy and responsibility when dispute occurs.
In the same way, the proof of authenticity of a single event is easy. But in reality there are a lot of compound event. For example, a remote payment event is a compound event that is composed of communication connection event, a payment event, a checkout event, and a receipt event, etc. Because of the independence nature of virtual connections and events, it is easy to prove the authenticity of compound event by proving all single events separately. In the design of security system, therefore, first of all, it must be clear how to define a compound event, and in which what single events must be included, and whether the composition meets the completeness and simplicity etc. Small compound events with completeness can be aggregated into larger event, consequently the security problem of a large system can be solved. To step by step is the reliable way to achieve the overall architecture of Cyber security.
Summary
The construction of self-assured Internet-of-event based on the “I to I” authentication mode is the core task of Cyber security. The theory of self-assurance can turn the security policy from passive defense to active management; the authentication logic from trust-based logic to evidence-based logic; the security system from “trusting system” to “proving system”. The theory of virtualization can turn the thinking mode from visualized thinking to abstract thinking. It allows us to solve the complex security problem with simple method.
CPK combined public key has experienced more than ten years of ups and downs since the publication in 2003. To a certain extent, the hard adherence of CPK reflects the real situation of the development of the Cyber security in China, also exposes some existing problems. Fortunately, the CPK are rushed out of the ten years left out situation, slowly opens a new situation of lighting sparks of fire. But a new theory, new concepts, new technology can not easily be accepted by people, it needs time and debate. But we must guard against sectarian tendency in the academic field, exclusive tendency of interest group.
The main threat to the Cyber world will come from terrorist activity. Bleeding activities in land will turn to bloodless Cyber activities, the battlefield will probably be the largest financial system. To prevent terrorist activities, regardless of any situation, the bloody terrorist activities on land or bloodless terrorist activities on the network, is the common duty of mankind.
The construction of self-assured Cyber security is a huge system engineering, it needs the cooperation of all mankind to safeguard common human destiny.
References
[1] Orange Book Rainbow Series Verified Protection Mandatory Protection Security domains Superseded Common Criteria TCSEC U.S.DoD Orange Book.
[2] 南湘浩,陈钟. 网络安全技术概论. 北京:国防工业出版社,2003.
[3] PROTECTING AMERICA'S CRITICAL INFRASTRUCTURES (PDD 63) Presidential Decision Directive, 1998.
[4] President's Information Technology Advisory Committee, Cyber Security: A Crisis of Prioritization, A Report to president, Feb., 2005.
[5] 南湘浩. CPK标识认证. 北京:国防工业出版社,2006.
[6] Nan Xianghao. CPK Crypto System and Identity Authentication[M]. Beijing: Publishing House of Electronics and Industry, 2012.
[7] The White house, Washington, NATIONAL STRATEGY FOR TRUSTED IDENTITIES IN Cyber SPACE, Enhancing Online Choice, Efficiency, Security, and Privacy, Apr., 2011.