卷期 : 14 /
出版年 : 2018/01/01
傳統軍事系統設計只需對抗物理性毀壞攻擊,現今的各式軍事系統在新式的不對稱作戰思維下則需面對數位資訊網路的各式駭侵攻擊,如竊取重要情資、偽冒命令甚或是破壞控制系統等,影響軍事武器系統運作之手法。而防堵駭侵攻擊的重要手段,包括:系統安全的分級、人員角色的分權授權、身份辨識、資料內容及來源真確性保護等。區塊鏈技術在這些手段上均具備扮演關鍵角色的潛力。區塊鏈技術讓不具信任基礎的點對點兩端,得以安全地交換訊息。其價值在加密貨幣如「比特幣」金融服務的應用已獲得證明。運用區塊鏈技術,利用其去中心化特性,可徹底消彌單點失效的可能性,創造出讓各種裝置或感測器得以更快速復原的運作環境。然而,區塊鏈應用於軍事系統將面對如下挑戰:規模涵蓋性問題、運算耗能耗時問題。為避免這些問題,我們提出一個類無鑰簽章基礎建設KSI-like的解決方案,試圖達到系統防護及全系統監控的功能。這個基礎建設是以私有認許制的區塊鏈型式所構成,利用此架構將包容以下網路安全關鍵核心功能要求:界限保護、事件隔離、修復操作及快速模組更替While the traditional design of military systems demands only capabilities to resist physical destructive attacks, in view of asymmetric combat strategy, it needs additionally to confront the situation that, in cyber domain, various hacking attacks, from adversaries, such as theft of important intelligence, fake commands, and even the espionage of control system to retard our ability to carry out operational missions, are emerging. To defend against these hacking threats, there are critical countermeasures including system security level classification, role-based authorization, identity and authentication, data integrity and source identification. Among them, Blockchain plays a potential role.Blockchain makes trustless, peer-to-peer messaging possible and has already proven its worth in the world of financial services through cryptocurrencies such as Bitcoin. By leveraging the Blockchain, the decentralized approach would eliminate single points of failure, creating a more resilient ecosystem for devices/sensors to run on. However, there are challenges of Blockchain in defense systems:scalability issues,processing power and time. To avoid these,we proposed a Keyless Signature Infrastructure (KSI) solution accounted for protection of the system and system-wide monitoring. The infrastructure is organized private and permissioned Blockchain-based, accommodates with the critical cyber-secure functionalitise:border managemet, incident isolation,recovery operations and agile technology insertion.
關鍵詞 : 區塊鏈、雜湊現金、橢圓曲線數位簽章演算法、數位簽章、雜湊現金演算法、全艦通用運算環境Blockchain;Hash Cash;Elliptic Curve Digital Signature Algorithm(ECDSA);Digital Signature;Hashcash Algorithm;Total Ship Computing Environment(TSCE)