Research and design of information security architecture in smart city

引言
Introduction
建设智慧城市是我国推动新型城镇化、全面建成小康社会的重要举措。自2012年首批90个智慧城市试点进行规划、建设以来,至今已有290个智慧城市试点城市开始规划、建设和实施。基于物联网、云计算、下一代互联网、大数据等信息技术的智慧城市建设,不仅能提高城市公共服务的效率、响应速度,还能优化城市产业结构,带给市民更高品质的城市生活体验。
Building smart city is an important measure to promote the new urbanization and build a well-off society in an all-round way. Since 2012, the first batch of 90 smart city pilot planning, construction, so far has been a pilot city of 290 smart city planning, construction and implementation. The construction of Smart City networking, cloud computing, the next generation Internet based on Internet, big data and other information technology, not only can improve the efficiency of public services, the city’s response speed, but also to optimize the industrial structure of the city, to bring more high-quality public city life experience.

全国首个安全无线城市投入运行

智慧城市建设Ⅲ贯穿城市规划、城市建设、城市管理和服务的全过程,涵盖城市管理、规划、环境保护、园林、建筑、文化、旅游、公用事业等城市管理相关领域,通过智慧城市管理、智慧交通、智慧医疗、智慧环境保护、智慧水务、智慧乡村等智慧应用建设,不仅能够解决现代城市管理中的信息沟通不及时、管理被动滞后、缺乏有效评估机制等突出问题,还能提高市民与政府管理部门互动效率,极大提高市民生活质量。但是,智慧城市需要智慧的城市信息安全运行和管理,同时需要面临诸如恶意网络攻击、公共和个人信息泄露等安全隐患,甚至威胁国家安全。
The whole process of smart city construction throughout the city planning and construction, city management and services, covering the city management, planning, environmental protection, landscape, architecture, culture, tourism, public utilities and other city management related fields, through the wisdom of the city management, intelligent transportation, medical wisdom, wisdom, wisdom, wisdom environmental protection water village the construction of wisdom, not only can solve the information communication in the modern city management is not timely, passive management lags behind, highlighting the lack of effective evaluation mechanisms, but also improve the public and government management department interaction efficiency, greatly improve the quality of life of the people. However, the wisdom of the city needs to operate and manage the wisdom of the city’s information security, but also need to face such as malicious network attacks, public and personal information leakage and other security risks, and even threaten national security.
本文以智慧城市的信息安全架构为核心,在顶层规划阶段就独立设计了基于PKI,CA信息安全架构的公共模型,建立智慧城市安全策略与安全审计策略,支持不同智慧应用安全因子度量策略及整体智慧城市信息安全因子度量指标体系,实现三维安全空间可扩展,能够根据不同智慧城市的各自建设特点安全伸缩。

H7N9禽流感患者增多 关注诊断试剂和抗病毒药物标的

Based on the information security architecture of the wisdom of the city as the core, in the top-level planning stage independent design based on PKI CA model, the public information security architecture, build smart city security strategy and security audit strategy, support different intelligence application safety factor measure information security factor strategy and the overall smart city metric system, the realization of three-dimensional space security according to the construction characteristics of their expansion, expansion of the wisdom of the city in different security.
1 信息安全架构内涵
1 information security architecture
1.1信息安全空间
1.1 information security space
智慧城市信息安全三维空间具有认证、权限、完整、加密和不可否认五大要素。x轴是安全机制,提供安全结构体系;Y轴是0sI网络参考模型,网络安全是在网络的各个层面展开;z轴是安全服务,从网络各个层次提供智慧应用所需要的安全服务支持。智慧城市信息安全三维空间主要包括智慧应用认证服务、存取安全服务、数据加密服务等。由x、Y、z轴形成的安全空间随着网络逐层扩展,范围逐步扩大,安全内涵逐步丰富。智慧城市安全机制包括基础设施公共安全、智慧应用平台安全、数据存取安全、网络传输安全、智慧应用安全、智慧城市运行安全、智慧管理安全、授权和审计安全、信息安全监测体系。
Smart city information security has three dimensions of authentication, authorization, integrity, encryption and undeniable five elements. The X axis is the security mechanism, provide the security structure; the Y axis is 0sI network model, network security is carried out in different levels of the network; the Z axis is the security service, to provide security services to intelligence application support from all levels of network. Smart city information security three-dimensional space, including intelligent application authentication services, access to security services, data encryption services. By X, Y, Z axis formed by the security space with the network layer by layer expansion, the gradual expansion of the scope of the gradual enrichment of security. The security mechanism of the wisdom of the city infrastructure including public safety, security, intelligence application platform data access security, network security, application security, operation security, wisdom wisdom wisdom city safety management, authorization and audit security, information security monitoring system.
智慧城市安全服务包括对等实体认证服务、加密服务、数据完整性服务、数据源点认证服务、禁止否认服务、犯罪证据不可抵赖服务。
The wisdom of the city security services include peer entity authentication services, encryption services, data integrity service, data source authentication service, non repudiation service denial service, criminal evidence.
智慧城市安全技术包括身份识别技术、加密技术、数字签名技术、访问控制技术、数据完整性技术、认证技术、数据挖掘与分析技术。
Smart city security technology includes identity authentication, encryption, digital signature, access control, data integrity, authentication, data mining and analysis.
1.2安全系统架构
1.2 security system architecture
智慧城市的安全系统架构采用标准信息安全保障系统(S—MIs系统架构),建立在世界公认的PKI/CA标准的信息安全基础设施上,具有如下特点:
Smart city’s security system architecture uses a standard information security system (S – MIs system architecture), established in the world recognized PKI \/ CA standard information security infrastructure, with the following features:
1)硬件和系统软件通用;
1) hardware and system software;
2)具有PKI/cA安全保障体系;
2) with PKI \/ cA security system;
3)业务应用系统按照PKI/CA的标准重新编制业务应用信息系统;
3 business application system in accordance with the PKI \/ CA standards for the preparation of business application information system;
华夏银行常州分行积极开展网络安全宣传活动
4)主要的通用硬件、软件通过PKI/CA认证。
4) the main common hardware and software through PKI \/ CA certification.
S—MIS系统架构将智慧应用直接建立在PKI/CA的安全基础设施上,主要的系统软件和硬件都需要PKI,CA认证,再加上外围安全防范措施,极大地增强智慧城市信息安全强度。
The S – MIS system architecture intelligence applications will be built directly into the security infrastructure of PKI \/ CA, the main hardware and software needs PKI, CA certification, plus the external security measures, greatly enhance the information security strength of the wisdom of the city.
1.3 信息安全审计
1.3 information security audit
智慧城市的信息安全审计是智慧城市管理者对整个智慧平台(包括多个智慧子平台、多个子系统)访问和使用情况的记录和审查,必须确保安全规则被正确执行,并帮助分析安全事故产生的原因。采用数据挖掘技术和分析技术,实现不同网络环境中不同终端设备的监控和管理,通过可视化智能预警和告警机制向管理员发出警告,并支持信息安全审计人员对历史数据进行分析、处理和追踪。
Information security audit of wisdom is the wisdom of the city’s city manager on the intelligence platform (including multiple intelligence sub platform, multiple subsystems) recording and reviewing access and use situation, must ensure the safety rules are executed properly, and help the safety accident cause analysis. Using the data mining and analysis technology, realize the monitoring and management of different terminal equipment in different network environment, issued a warning to the administrator through the visual intelligent early warning and alarm mechanism, and support the information security audit personnel to conduct analysis of historical data processing and tracking.
1.4信息安全监测体系
1.4 information security monitoring system
智慧城市的安全监测体系保障智慧城市具有较强的应急事故处理能力,核心是实现智慧城市信息安全资源的安全监测体系,主要具有预警、保护、监测、应急、恢复和反击6项能力。
Safety monitoring system for the protection of the smart city smart city has the ability to deal with emergency strong, is the core of safety monitoring system to achieve information security resources of the wisdom of the city, mainly has the early warning and protection, monitoring, emergency response, recovery and counterattack ability 6.
2 智慧城市安全规划

鄂西管理处:新员工培训进行时 再添“新鲜血液”

2 smart city security planning
2.1 规划原则
2.1 planning principles
1)标准化原则
1) the principle of standardization
在安全架构、安全策略、安全机制、安全审计等安全保障体系方面,严格遵从国际、国家技术安全标准,行业标准和城市建设安全相关规范。
In the security architecture, security policy, security mechanism, security audit and other security systems, strict compliance with international, national technical safety standards, industry standards and urban construction safety related norms.
2)系绕性原则

2) the principle of winding
智慧城市安全规划是系统工程,涉及到多部门的协同工作和多系统集成,需要采用系统工程方法进行统一的信息安全调研、建设与实施。
Smart city security planning is a systematic project, involving multi sectoral collaborative work and multi system integration, the need for a unified system engineering methods of information security research, construction and implementation.
3)独立性原则
3) the principle of independence
智慧城市基于目前已经建成运行的信息化基础设施及信息平台,在充分调研的基础上,独立整理出智慧城市安全管理流程以及安全系统架构,独立于业务流程与业务系统。
The wisdom of the city has built the information infrastructure and information platform based on the operation, on the basis of full investigation, sorting out the independent smart city safety management process and security system architecture, independent from the business process and business system.
4)逐步强化原则
4) progressive strengthening principle
智慧城市信息安全建设是集成信息技术、软硬件系统、人员、策略、制度、规程的总和,考虑到时间和成本,采用总体规划、逐步强化原则,能够快速、稳定地进行建设、实施、升级。
The construction of smart city information security is the sum of integrated information technology, software and hardware system, personnel, strategy, system and regulations, taking into account the time and cost of the overall planning, and gradually strengthen the principle, can quickly and stably construction, implementation and upgrade.
2.2 安全机制
2.2 security mechanisms
智慧城市安全机制的核心分为运行管理安全、应用系统安全、基础数据安全和运行环境安全4个部分。
The core of the smart city security mechanism is divided into 4 parts: operation and management security, application system security, data security and operating environment security.
1)运行管理安全:确立智慧城市运行管理机构和流程,构建监管分离的安全体系,建立科学合理的运行管理安全审批。
1) operation and management of security: the establishment of smart city management agencies and processes, the construction of a separate regulatory security system, the establishment of a scientific and rational operation and management of security approval.
2)应用系统安全:识别智慧城市中的智慧应用系统的安全风险与应对机制,建立应用系统安全审计。
2 application system security: identify the wisdom of the city in the application of intelligent security risks and response mechanisms, the establishment of application system security audit.
3)基础数据安全:分析GIs基础地形图数据、城市基础信息数据,建立数据安全审计。
3 basic data security: analysis of GIs basic topographic map data, urban basic information data, the establishment of data security audit.
4)运行环境安全:监测智慧城市专用有线网络,连接手机终端和应用系统的无线宽带网络,连接公安视频系统的视频网络,监测智慧应用正常运行的软硬件平台(服务器、存储设备、操作系统等),监测城市安全指挥中心场地以及应用系统安全稳定运行的中心机房环境,建立运行环境安全审计。
4) safe operating environment: monitoring smart city special cable network, wireless broadband network connection terminal and mobile phone applications, video network security video system, software and hardware platform of monitoring the normal operation of the application of wisdom (servers, storage devices, operating system, etc.) center room environment safe and stable operation of city safety monitoring command center site as well as the application system, running environment security audit.
2.3 安全策略
2.3 security policy
智慧城市贯穿城市规划、城市建设、城市管理和服务的全过程,具有智能化管理特点。安全策略是城市安全服务、管理、安全审计的基础,主要包括机房与设备安全策略、操作系统安全策略、网络和数据库安全策略、应用安全策略、开发管理安全策略、应急事故管理策略、密码和安全管理策略、信息审计策略㈣。同时,针对系统整体架构、功能、信息数据、接口,制定冗余、备份和恢复等安全策略。
移动应用,云计算时代,终端安全需要多重防御,安全技术和解决方案的整合整合是大势所趋。
Smart city runs through the whole process of urban planning, urban construction, urban management and services, with intelligent management features. Security policy is the foundation of city management, security services, security audit, including security strategy, computer rooms and equipment operating system security strategy, network and database security strategy, security strategy, security strategy, application development and management of the emergency management strategy, management strategy, information encryption and security audit strategy four. At the same time, for the overall system architecture, functions, information data, interface, the development of redundancy, backup and recovery security policy.
2.4 风险识别与评估
2.4 risk identification and assessment
1)应用系统风险与评估:根据智慧城市的智能应用系统风险进行识别并评估。
1 application system risk and evaluation: identify and evaluate the risk of smart applications in smart cities.
2)系统集成安全风险与评估:主机系统、网络设备、安全设备、软件平台等安全风险与评估。
2 system integration security risk and evaluation: host system, network equipment, security equipment, software platform and other security risks and assessment.
3)意外事故安全风险与评估:意外事故造成的安全风险与评估。
(3) accident safety risk and assessment: safety risk and assessment of accident.
4)安全管理风险与评估:城市管理过程中的安全风险与评估。
4 safety management risk and assessment: security risk and assessment in the process of urban management.
2.5 安全审计
2.5 security audit
安全审计是落实智慧城市安全策略的重要机制和手段。主要体现在以下4个方面:
Security audit is an important mechanism and means to implement smart city security strategy. Mainly reflected in the following 4 aspects:
1)对潜在攻击者起到威慑或警告作用;
1) act as a deterrent or warning to potential attackers;
2)对已经发生的系统破坏行为提供有效的跟踪证据;
2) to provide effective tracking evidence for the destruction of the system;
3)为审计员提供有价值的系统使用日志,帮助系统及时发现入侵行为或潜在的系统漏洞;
3) provide a valuable system log for auditors to help the system detect intrusions or potential vulnerabilities in a timely manner;
4)为审计员提供系统运行的统计日志,及时发现系统性能上的不足或需要改进和加强的地方。
4) to provide the auditor with statistical log of system operation, to find out the deficiencies in the system performance or to improve and strengthen the system.
3 智慧城市安全设计
3 Smart City Security Design

提升信息安全保障工作,在洽谈使用厂家的产品或服务时,别忘了提出系统的使用、操作和维护人员的技能培训需求。

猜您喜欢

全体员工需知的超短的网络信息安全常识
电脑物理安全动画——告别对话
网络安全公益短片中间人攻击防范
走进不一样的罗仲谦粉丝称:很可爱
LATINDEX JERUSALEMU
随机密码生成器、密码卡、密码文件、本地还是在线存储