Jinjian: The security status of Internet technology resources

December 12, the world's first large-scale conference to explore the industry Internet, 2014 CVW. The industry Internet conference was held in Beijing and was synchronized through the big screen of New York Times Square. The conference was made by the Asia Letter Group, the cloud base and the Chuang-Zhuang economic and Technological Development zone jointly hosted more than 5,000 global it and traditional industry leaders and elites who are concerned about the development of Internet and traditional industries, and explored the evolution of "Internet access to traditional industries", "traditional industry internet" and the technological model and business innovation of industrial Internet.

In the afternoon of the Industrial Internet Conference "Internet Security @ Internet" theme Forum, China Internet Information Center deputy Director Jinjian attended and gave a speech, the following is the full text of his speech:

Jinjian: I hope you pay more attention to our work, our Internet technology resources, mainly refers to the Internet's IP address and operation. IP address, I think it is a bit like oil, as well as coal resources, although we can continue to upgrade IPV4, IPV6 and IPV9, I think this upgrade will bring a, if we do not use it properly, we can do unlimited expansion, but can lead to increased management, This is also a waste of resources. So from this point of view, the Internet's technical resources, such as coal and oil, should be used well, save it for the Internet security management play out. Everyone has seen this, the Internet needs a more reliable network environment, because the network is virtual. Look right this figure, in addition to know who is who, but also need to protect themselves, this is personal privacy protection. You want to let others know, let others know, do not let others know not to let others know, this is our ideal network environment. The internet has grown to the present, more and more demands.

Morning to speak of the industry, infiltrated into the various industries of the Internet, have put forward this aspect of the appeal. Let's look at the Internet technology resources, this is the most important resources on the Internet IP address, this is our telecommunications Liu Zi thousand teachers are very familiar with the map, we look at the left is IPV4, the right is IPV6, do not look too carefully, look inside the complex wiring to know the use of this address is not how. Because you know that the allocation of the use of waste a lot of addresses, V6 tried to solve the problem, but there is no particularly good solution. This is about global addresses, and we are now transitioning from V4 to V6. Now look at the familiar fitting network, the operation of this space. Starting from 2012, the official launch of the name, can use their own name can also use any name as the access suffix, you can see a lot of personalized.

Whether the name of the IP address space expansion, or the name of space expansion, can bring us a lot of convenience, we can have a lot of good experience. But the growth of space will certainly bring security problems, from our point of view, we have been doing business IP address work, the picture on the left of our cnnic before the director do, divided into three layers, do not know whether it is reasonable. We do this work or have a certain logic, IP address and domain people play a role in the middle, the total number of people close to 300 million, IPV4 space has been exhausted, IPV6 in full swing to promote the deployment. The underlying resource maintains the relationship between the name and the IP address, and the database is very complex. From this position can see the Internet data resources in a safe location, if the use of good can solve a lot of problems, with bad also have a lot of problems. To sum up, now a lot of smart devices, and even the human body implanted some chips, many devices require a lot of services a logo, using an IP address to access this thing, everything interconnected. V4 upgrades to V6, space expands. When you use the language of each country in your name, you can use your own language. We think the address and name of the resolution relationship is not very safe, but also involved in the protocol to do data signature, so that the resolution become more reliable. This is the new situation that is driving us towards the next generation of new network architectures. Let's look at this picture, it looks very complicated.

Because we are concerned about two issues, a problem is domain name resolution, you may find the Internet in China to the United States, because a layer of distribution abroad, to ensure that these inquiries are very complex. The second domain name, the first is distributed, the second its protocol is very simple, especially vulnerable to attack. These two days I believe that the operator's friends are dealing with the problem of DNS attacks, a large number of attacks have sprung up operators, it will cause the network paralysis, congestion. We can see such queries and attacks on the network damage. But we also know that you use good DNS to bring a lot of convenience. You know the browser, it will be in the page to check DNS priority, you visit the speed is very fast. Let's talk about the IP address problem, above this illustrated global IP address allocation management level, the top. So this is on behalf of the State IP address, there are many agencies directly from the Regional Network Information center to apply for address, but all China's address is not assigned to this place, a layer of the address allocation, this is the address distribution. You know the address assigned to do the broadcast, if not your address you also broadcast you also use, then bring routing hijacking problem. RPKI, it's safer to bind your address to ASR. Originally designed to make users invisible to become more secure. But a lot of mail application, the browser is also the database that query builds, make sure your mail is not to be fished, so the construction of this protocol, why become so key, be no matter to the network infrastructure topology or to the application all play a very important role.

The last one, I want to say about the application based on DNS, just said to do geographical signature. This protocol architecture is a CA alternative technology, with DNS deployment, will become more compatible with the system than the KPI, you put the verification process in the invisible place, whether it is to send mail or QQ can verify the content of each other, but you do not have to deliberately show, to enforce the use of some agreements. This is the nature of it, hoping to replace the current CA. This is a graph, not particularly good-looking, but it is said that when using mail, there is a new CA technology looks like mail, preventing spam from being tampered with and hijacked. Using DNE, you can build a framework in which users and content providers authenticate with each other, leveraging the technology of the underlying resources to make the upper-level application environment more trustworthy, verifiable, and manageable.

Finally, I would like to make a brief summary of the importance of Internet technology resources. First of all, with the current increase of mobile Internet network traffic, the network topology increased. IP address and domain name is becoming more and more important, just said, yesterday today, three operators were attacked, whether it is fishing or ddoos attack. Our management domain name, do very strong real-name application, you use this to do domain names, his security can be improved, so we let these identity services into a very credible entrance. The third is through the new management structure, can solve the basic network topology security issues, based on this framework, we can not experience the original service to replace the new, so that it more flexible, docking different applications. Five such resources, you use the app or use speech recognition, no longer need to use the domain name, its import function is weakening. But sinking, and doing it well, can be a good way to build a secure and trusted Internet. Whether we are professional to do network security or users, I hope you pay attention to our name Internet technology security, although it is not necessarily scientific, but it is very useful, can help each level of network security work.

(Responsible editor: Mengyishan)