Based On The Research And Implementation Of Rdp Protocol Security Scheme

Cloud computing is introduced as a new computing mode,and it has been usedbusiness widely.The application of cloud terminal decrease the case that the user dependon the hardware.Base on the virtual desktop infrastructure,it place most resource andcalculation from client side to server side,and make the client side become thin clientside.However,under this kind of computing mode,how to guarantee the security of datatransmission between client side and server side(as the log on password for examplewhen apply for VM) has become an inevitable problem in any net communicationsecurity. Some cloud computing service providers propose themselves own solutionagainst this problem. Under the virtual desktop infrastructure, the RDP protocol isproposed as a remote desktop display protocol, which designed basic connectivity andgraphics remoting to facilitate user interaction with a remote computer system bytransferring graphics display information fromthe remote computer to the user andtransporting input from the user to the remote computer. However, the RDP protocolonly does data encryption during the communication, and as we all know, the RC4which is the encryption algorithm of RDP exist many defects and security holes all thetime, in this thesis we will research and use the AES method to subtitut the oldencryption method of RDP protocol. Besides, the RDP protocol only realize thesingle-way identity authentication based on account and password. This will easilymake RDP protocol under attack by man-in-middle, so this thesis also use TLS protocolto improve the RDP protocol, and realize the full mechanism of identity authentication.This system devides the security machnism of RDP protocol for two parts. One isthe general security level and another is the strong security level. The strong level ofsecurity programs is added directly to the TLS layer, the use of TLS-IO to take over theentire upper layer protocol data transmission, certificate authentication and the securityof data transmission in the hierarchy. The general level of security in the RDP, the use ofAES algorithm to replace the RC4algorithm of the RDP protocol is used in the unsafe.It can enhance the data security transfer.This thesis is divided into three modules, one of which is a strong security level security design, is a weak level of security under the security scheme design and theserver to server session process of a monitoring module design. In the strong securitygrade mainly is the realization of the RDP protocol of ISO layer and TCP layer is addedbetween the TLS layer, the RDP protocol stack of the data is no longer directly throughthe TCP layer transmission information, but through the TLS layer to transmitinformation, so that the TLS to take over TCP layer on the upper layer protocol stackinteraction. In the weak level of security, we no longer design TLS layer, but in the RDPprotocol layer SEC add an algorithm replacement module, using AES algorithm toreplace the original RC4algorithm to transmission of the data protection. The originalRC4algorithm remains, we are only in the original encryption level and add a gradelevel of encryption, through the RDP protocol handshake negotiation results to selectthe final required algorithm. Server monitor module design makes use of sniffertechnology, by in accordance with good filtering rules to capture data packets sent to theserver, from the captured data packet analysis on remote RDP client information, andrecorded in the log file.