在桌面虚拟化系统中实施国产密码算法 |
| |
作者姓名: | 林雪燕 林璟锵 管乐 王雷 |
| |
作者单位: | 1. 中国科学院数据与通信保护研究教育中心, 北京 100093;
2. 中国科学院信息工程研究所 信息安全国家重点实验室, 北京 100093;
3. 中国科学院大学, 北京 100049 |
| |
基金项目: | 国家重点基础研究发展(973)计划(2014CB340603)、国家高技术研究发展(863)计划(2012AA013104,2013AA01A214)和中国科学院战略性先导专项(XDA06010702)资助 |
| |
摘 要: | 在分析现有主流桌面虚拟化方案的基础上,综合考虑中国在通信安全方面的法律要求,对虚拟桌面传输协议的特性进行分析与总结,同时对KVM方案的SPICE协议进行基于国产密码算法的安全性改造.通过在OpenSSL中添加国产密码算法SM3/SM4,用以替换SPICE协议中SSL使用的SHA1/AES算法,提供机密性和完整性保护.实验表明,该方案不仅能保证传输的安全性,同时能保持其性能,推广了国产密码算法的应用,符合国家相关管理条例.
|
关 键 词: | 国产密码算法 桌面虚拟化 SPICE协议 OpenSSL |
收稿时间: | 2014-09-01 |
修稿时间: | 2015-03-03 |
China standard cryptographic algorithm implementation in virtual desktop system |
| |
Authors: | LIN Xueyan LIN Jingqiang GUAN Le WANG Lei |
| |
Institution: | 1. Data Assurance and Communication Security Center, Chinese Academy of Sciences, Beijing 100093, China;
2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
3. University of Chinese Academy of Sciences, Beijing 100049, China |
| |
Abstract: | Currently desktop virtualization technology has become a focal point of the cloud computing technology and we analyze the main virtual desktop systems. Considering the legal requirement in communication security, we summarize the characteristics of the virtual desktop transmission protocols and choose the SPICE protocol, based on KVM, to improve the transmission security. In SPICE, the communication between the client and server can be secured by using OpenSSL. We propose to support the China standard cryptographic algorithms including SM3 and SM4 in the open-source project OpenSSL to ensure the security of virtual desktop system. The experimental results show that our scheme can not only ensure the safety of the transmission, but also keep good performance. |
| |
Keywords: | China standard cryptographic algorithms desktop virtualization SPICE protocol OpenSSL |
本文献已被 CNKI 等数据库收录! |
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
|