China standard cryptographic algorithm implementation in virtual desktop system

doi:10.7523/j.issn.2095-6134.2015.05.018

Abstract

Abstract:

Currently desktop virtualization technology has become a focal point of the cloud computing technology and we analyze the main virtual desktop systems. Considering the legal requirement in communication security, we summarize the characteristics of the virtual desktop transmission protocols and choose the SPICE protocol, based on KVM, to improve the transmission security. In SPICE, the communication between the client and server can be secured by using OpenSSL. We propose to support the China standard cryptographic algorithms including SM3 and SM4 in the open-source project OpenSSL to ensure the security of virtual desktop system. The experimental results show that our scheme can not only ensure the safety of the transmission, but also keep good performance.

Key words: China standard cryptographic algorithms, desktop virtualization, SPICE protocol, OpenSSL

CLC Number:

TP309

LIN Xueyan, LIN Jingqiang, GUAN Le, WANG Lei. China standard cryptographic algorithm implementation in virtual desktop system[J]. , 2015, 32(5): 701-707.

References

[1] Wang X, Yu H. How to break MD5 and other hash functions[C]//Advances in Cryptology-EUROCRYPT 2005. Springer Berlin Heidelberg, 2005:19-35.

[2] Wang X, Yin Y L, Yu H. Finding collisions in the full SHA-1[C]//Advances in Cryptology-CRYPTO 2005. Springer Berlin Heidelberg, 2005:17-36.

[3] 孙宇, 陈煜欣. 桌面虚拟化及其安全技术研究[J]. 信息安全与通信保密, 2012(6):87-88.

[4] 石屹嵘, 龚德志. 基于SPICE开源协议的云桌面技术架构研究[J]. 电信科学, 2013, 29(8):162-167.

[5] Schlosser D, Binzenhofer A, Staehle B. Performance comparison of windows-based thin-client architectures[C]//Telecommunication Networks and Applications Conference, 2007,ATNAC 2007. Australasian,IEEE, 2007:197-202.

[6] Wang J, Liang L. Survey of virtual desktop infrastructure system[EB/OL].(2011-05-13)[2014-08-15]. https://tools.ietf.org/html/draft-ma-appsawg-vdi-survey-00#page-30.

[7] 罗鹏, 祝跃飞. Windows下RDP协议的安全性[J]. 计算机工程, 2007, 33(20):145-147.

[8] Boca I. Citrix ICA Technology Brief[R]. Technical White Paper, 1999.

[9] Pfleeger S L. Taking action to build trust in security[J]. Security & Privacy, 2014, 12(2):3-4.

[10] SPICE. SPICE sources and documentations[CP/OL].[2014-08-15]. http://www.spice-space.org/.

[11] QEMU. QEMU sources and documentations[CP/OL].(2012)[2014-08-15].http://www.qemu.org/.

[12] 国家密码管理局. SM2椭圆曲线公钥密码算法[CP/OL]. (2010-12-22)[2014-08-15]. http://www.oscca.gov.cn/UpFile/2010122214822692.pdf.

[13] 国家密码管理局. SM3密码哈希算法.[CP/OL]. (2010-12-22)[2014-08-15]. http://www.oscca.gov.cn/UpFile/20101222141857786.pdf.

[14] 国家密码管理局. SM4密码哈希算法.[CP/OL]. (2009-11-31)[2014-08-15]. http://gm.gd.gov.cn/upfile/2009113105257460.pdf.

[15] OpenSSL Sources and Documentations[CP/OL].(2014)[2014-08-15]. http://www.openssl.org/.