With the acceleration of new infrastructure, cyber security has recently become the focus of attention. The 2020 Beijing Cybersecurity Conference and the 8th Internet Security Conference will be held one after another, the “2019 China Internet Cybersecurity Report” will be released, and the 2020 National Cybersecurity Awareness Week will soon open. Feiteng actively responds to the challenges of network security and builds a safe and reliable domestic computing system. While providing core computing power support for various types of equipment in the new infrastructure, it also escorts the network security of the new infrastructure.
Zero-day vulnerabilities account for more than 1/3
The number of tampered government websites increased by 138% year-on-year
The National Internet Emergency Response Center (CNCERT) recently released the “2019 China Internet Network Security Report”. The report shows that my country’s ability to respond to major security vulnerabilities has been continuously strengthened, but the number of event-type vulnerabilities and high-risk zero-day vulnerabilities has increased. The vulnerability threat situation faced is even more severe.
In 2019, the number of event-type vulnerabilities received by the National Information Security Vulnerability Sharing Platform (CNVD) exceeded 100,000 for the first time, representing a year-on-year increase of 227%. The number of security vulnerabilities recorded by CNVD hit a record high of 16,193, a year-on-year increase of 14%. In the past five years, the number of zero-day vulnerabilities (referring to the fact that CNVD has not released the patch when the vulnerability is included) has continued to rise, with an average annual growth rate of 47.5%. The number of zero-day vulnerabilities indexed in 2019 continued to grow, accounting for 35.2% of the total indexed vulnerabilities. These vulnerabilities have not yet released patches or corresponding emergency measures when they are disclosed, which seriously threatens my country’s cyberspace security.
In 2019, the number of tampered websites in my country exceeded 180,000, a substantial increase from 2018. Among them, the number of tampered government websites was 515, an increase of 138% over 2018. Important organs, party and government departments have also become important targets of cyber attacks.
The new infrastructure will bring about a smart world where everything is connected. With the development of new technologies such as 5G, AI, VR/AR, cloud computing, and the Internet of Things, and the implementation of smart applications such as smart transportation, smart grid, and smart home, cybersecurity threats will become further intensified.
Feiteng Realizes Trusted Computing 3.0 Dual Architecture
Accelerate the implementation of products and solutions
The CPU is the security cornerstone of an information system. As a leading independent core chip provider in China and a core member of the network information industry chain, Feiteng takes practical actions to prevent security loopholes, design and develop actively immune trusted computing CPUs, and promote landing applications.
At the “2020 Beijing Cyber Security Conference 2nd Cyberspace Security Trusted Technology Innovation Forum” held recently, Guo Yufeng, deputy general manager of Feiteng, delivered a keynote speech entitled “CPU Endogenous Security to Build a Trusted Computing Platform”. Guo Yufeng said that security is the core requirement of the digital intelligence era of the Internet of Everything, and security and trustworthiness have opened up a new era of “active defense” for network security.
PSPA (Phytium Security Platform Architecture) is a processor security architecture standard formulated by Feiteng. This is also the first time that a domestic CPU company has released a security architecture standard at the CPU level, which realizes the bottom-up intrinsic safety of domestic computer systems from the CPU level. Trusted Computing 3.0 is the core defense technology determined by my country’s network security and other security 2.0 standards. Feiteng PSPA has realized the dual-system architecture of Trusted Computing 3.0, and truly achieves security and trustworthiness “in the core”.
PSPA defines the software and hardware functions and properties involved in secure processors from ten aspects, including cryptographic acceleration engine, key management, trusted boot, trusted execution environment, secure storage, firmware management, mass production injection, and lifecycle management , Anti-physical attack and hardware vulnerability immunity, involving the hardware design, firmware design, mass production and other aspects of the chip, comprehensive consideration and solution.
Feiteng has implemented the requirements of this specification in the design of the FT-2000/4 safety CPU released in September 2019. FT-2000/4 safety CPU not only has unique innovation in built-in security, but also provides effective support for trusted computing from the CPU level.
Guo Yufeng said:
Feiteng’s subsequent CPU design, whether it is server-oriented (Tengyun S series), desktop-oriented (Tengrui D series), or embedded (Tenglong E series), will fully support the PSPA security architecture standard, making Endogenous safety technologies are increasingly covered.
Next year, Feiteng will further launch chips that support the PSPA 2.0 security architecture.
In addition to new product research and development, Feiteng is actively working with partners to build PSPA joint solutions to build and expand the trusted computing ecosystem. At the system solution level, Feiteng has built an active immune trusted computing platform and an endogenous immune anti-corruption subsystem, which have better performance and higher security. At present, Feiteng’s ecological partners have developed products such as trusted firewalls, trusted computer terminals, trusted PLCs, and trusted DCSs based on PSPA. Typical application scenarios form a joint solution. In the future, Feiteng will join hands with a wider range of ecological partners to launch more secure and credible joint solutions.
Feiteng has joined hands with ecological partners to create a highly secure full data process, full technology stack, full life cycle, and fully autonomous trusted blockchain joint solution, covering the entire data process, from IoT terminals, computer terminals, edge clouds, From the communication network to the cloud platform, secure and credible software and hardware measures are set up in each link; covering all levels of the technical architecture, from the bottom chip, the whole machine, the operating system, the cloud platform to the blockchain service and blockchain application, Safe and credible software and hardware measures are set up at each technical level; covering the entire life cycle of the equipment, from the factory of the chip, the factory of the whole machine, the user’s use, the return of the whole machine, the return of the chip to the factory, and the destruction of the equipment. Strict software and hardware control measures are adopted in the cycle to ensure that sensitive data is not leaked; from chip products, complete machines, operating systems, cloud platforms to blockchain products, each product is completely self-designed, and security can be fully guaranteed .
The trusted computing joint solution based on Feiteng CPU has been applied in many key fields involving the national economy and people’s livelihood, such as some government affairs offices, energy, power and financial industries, as well as mobile office platforms.
Shen Changxiang: Active Immune Trusted Computing
Building security lines for new infrastructure
Active immune trusted computing is a new computing model. It uses passwords as gene antibodies to implement functions such as identity recognition, state measurement, and confidential storage. It can perform security protection while computing operations, and can identify “self” and “non-self” in time. ” components, the whole calculation process is measurable and controllable without being disturbed, thereby destroying and repelling harmful substances entering the body. It is equivalent to cultivating immunity for the network information system, and it is the source and premise of giving full play to the kinetic energy of new infrastructure such as 5G and data centers.
At present, my country’s active immune trusted computing has developed to the 3.0 era. The “Network Security Level Protection System 2.0 Standard”, which was officially implemented in December last year, has listed trusted computing 3.0 as its core defense technology.
At the 2020 Beijing Cyber Security Conference and the 8th Internet Security Conference held not long ago, Shen Changxiang, an academician of the Chinese Academy of Engineering and a member of the National Integrated Circuit Industry Development Advisory Committee, pointed out that with the popularization of 5G, network bandwidth has increased, transmission distance has been shortened, and base station density has increased. It is particularly important to promote safe and trusted products and services in accordance with the requirements of national network security laws and hierarchical protection systems in a timely manner.
Shen Changxiang believes that the new infrastructure is centered on data and network, and the premise of its healthy development is to build a strong security line of defense with active immunity “trusted computing”. Academician Shen Changxiang put forward the view that “a new system of active immune protection must be built”. The new system needs to have “simultaneous computing and security protection”, “computing components + protective components dual structure”, “triple protection framework”, ” Human-computer trusted interaction”, “establishing trusted facilities”, “leaving attackers nowhere to start” and other characteristics.
New infrastructure calls for new security, and new security empowers new infrastructure. With the in-depth advancement of Equal Assurance 2.0 and Trusted Computing 3.0, Feiteng PSPA will surely provide better support for more new infrastructure users to establish a secure and trusted information system from terminal to cloud.