File Transparent Encryption System Based On Xen

Nowadays, flow of data between computers has become more easy and frequent with the continuous development of computer technology. The flow of date produces security issues. Especially for businesses, the security of sensitive data is directly related to the company’s core competitiveness. It is a subject worthy of in-depth study that how to protect the data.The other hand, virtualization technology has entered a rapid development era with the demand for low-cost information technology. Xen virtualization technology is an open source project which represents the paravirtualization technology. It improves system performance with minor modifications in the operating system and greatly promoted the development of virtualization technology.The needs of informationization and the development of virtualization technology, resulting in a desktop virtualization technology, Virtual Desktops, a product of Citrix. It is one of the company’s future development directions that use virtualization technology to provide employees with office resources.This paper gives a solution which can protect data of the company based on the Xen virtualization technology. By adding Xen transparent encryption and decryption modules, the data is always in the form of cipher text which is stored in the storage device. And out of the security environment, the data can still be effectively protected. And data encryption and decryption is completely transparent to the user, there’s no need to change the original habits when using the data.The design of key server is an important part in this solution. In modern cryptography system, data encryption and decryption algorithms are public. So, the data security and keys have a great relationship. We must ensure the security of the key in the key distribution process. The system uses the Diffie-Hellman key exchange algorithm to generate a shared key which is used to encrypt communication content with the key server, and the key server uses digital signature to verify the identity of the client.Finally, we test this system. And the results show that the system can effectively protect the data and meet the proposed of this paper.