欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2015, Vol. 32 ›› Issue (5): 701-707.DOI: 10.7523/j.issn.2095-6134.2015.05.018

• 电子认证专栏 • 上一篇    下一篇

在桌面虚拟化系统中实施国产密码算法

林雪燕1,2,3, 林璟锵1,2, 管乐1,2,3, 王雷1,2   

  1. 1. 中国科学院数据与通信保护研究教育中心, 北京 100093;
    2. 中国科学院信息工程研究所 信息安全国家重点实验室, 北京 100093;
    3. 中国科学院大学, 北京 100049
  • 收稿日期:2014-09-01 修回日期:2015-03-03 发布日期:2015-09-15
  • 通讯作者: 林璟锵
  • 基金资助:

    国家重点基础研究发展(973)计划(2014CB340603)、国家高技术研究发展(863)计划(2012AA013104,2013AA01A214)和中国科学院战略性先导专项(XDA06010702)资助

China standard cryptographic algorithm implementation in virtual desktop system

LIN Xueyan1,2,3, LIN Jingqiang1,2, GUAN Le1,2,3, WANG Lei1,2   

  1. 1. Data Assurance and Communication Security Center, Chinese Academy of Sciences, Beijing 100093, China;
    2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
    3. University of Chinese Academy of Sciences, Beijing 100049, China
  • Received:2014-09-01 Revised:2015-03-03 Published:2015-09-15

摘要:

在分析现有主流桌面虚拟化方案的基础上,综合考虑中国在通信安全方面的法律要求,对虚拟桌面传输协议的特性进行分析与总结,同时对KVM方案的SPICE协议进行基于国产密码算法的安全性改造.通过在OpenSSL中添加国产密码算法SM3/SM4,用以替换SPICE协议中SSL使用的SHA1/AES算法,提供机密性和完整性保护.实验表明,该方案不仅能保证传输的安全性,同时能保持其性能,推广了国产密码算法的应用,符合国家相关管理条例.

关键词: 国产密码算法, 桌面虚拟化, SPICE协议, OpenSSL

Abstract:

Currently desktop virtualization technology has become a focal point of the cloud computing technology and we analyze the main virtual desktop systems. Considering the legal requirement in communication security, we summarize the characteristics of the virtual desktop transmission protocols and choose the SPICE protocol, based on KVM, to improve the transmission security. In SPICE, the communication between the client and server can be secured by using OpenSSL. We propose to support the China standard cryptographic algorithms including SM3 and SM4 in the open-source project OpenSSL to ensure the security of virtual desktop system. The experimental results show that our scheme can not only ensure the safety of the transmission, but also keep good performance.

Key words: China standard cryptographic algorithms, desktop virtualization, SPICE protocol, OpenSSL

中图分类号: