摘要
为了解决通过5G网络安全访问医院内部资源时,医院网络边界模糊、准入机制易失效等安全隐患,通过搭建零信任平台作为5G网络通往医院内部的桥梁,以单包授权为核心,建立了以身份、环境、行为、软件和硬件为评估因素的动态授权机制,实现了5G终端在最小授权、微隔离、动态授权、持续监控下访问医院资源。该机制不仅提升了5G远程接入每个环节的安全性,而且实现了对医院重要资源的网络隐身,极大程度地缩小了网络攻击面。
This paper explores how to safely access internal hospital resources through 5G networks, and solve security risks such as the blurred boundary of hospital network and easy invalidation in terminal access mechanism after the combination of 5G and traditional medical care. A zero-trust platform is built as a bridge between 5G networks and the interior of the hospital. With single-packet authorization as the core protocol, a dynamic authorization mechanism with identity, environment, behavior, software and hardware as evaluation factors is established. 5G terminals can access hospital resources under minimal authorization,micro-isolation, dynamic authorization, and continuous monitoring are realized. This mechanism not only improves the security of each process of 5G remote access, but also realizes network stealth of important hospital resources, which greatly reduces the network attack surface.
作者
章俊
张雨恬
胡少文
ZHANG Jun;ZHANG Yutian;HU Shaowen(The First Affiliated Hospital of Nanchang University,Nanchang Jiangxi 330006 China;Affiliated Hospital of Jiangxi University of Traditional Medicine Nanchang,Jiangxi 330004 China;Jiangxi Science and Technology Infrastructure Platform Center,Nanchang Jiangxi 330003 China)
出处
《通信技术》
2022年第3期404-408,共5页
Communications Technology
基金
江西省卫生健康委科技计划项目(202210354)。
关键词
零信任架构
5G
软件定义边界
单包授权
zero-trust architecture
5G
software defined perimeter
single packet authorization
