Research And Implementation Of Desktop Cloud Authentication System

With the rapid development of Internet technology, cloud computing that is an emerging market information technology industry and under more and more observation by every industry chain. Desktop cloud that act as an important application of cloud computing, has been applied in more and more fields. Although desktop cloud is in the rapid developmeng, it also meets some security problem. How to effectively organize and manage users of desktop cloud and information of virtual machine, to ensure that legitimate users can access personal desktop easily and safely, and prevents the illegal user from malicious accessing virtual machine and monitoring communication channel, has become an urgent problem to be solved.To solve these problems, this paper study and achieve a desktop cloud authentication system, which takes full advantage of public key infrastructure, SM2 algorithm and kerberos authentication protocol, and improve kerberos protocol based on symmetric cipher, and implement unified authentication of virtual machines. The research work of this paper includes the following contents:Firstly, this paper studies the identity authentication technology and public key infrastructure, and studies the principle of RSA, ECC, SM2 and other asymmetric encryption algorithm, and analyze the existing problems of RSA public key cipher algorithm and the advantage of ECC and SM2 algorithm. Then make a study of principle and authentication process to the existing Kerberos protocol, and analysis its defects. At the same time, analysis a improved kerberos protocol that is current widely used and based on RSA public key infrastructure, and analysis its existing problems, then put forward a new kerberos protocol that based on SM2 algorithm public key infrastructure. Compared with the traditional public key infrastructure that based on the RSA algorithm, the public key infrastructure that based on SM2 algorithm could create a smaller digital certificate, file, which is conducive to rapid transmission in wireless network. The improved kerberos protocol based on SM2 algorithm public key infrastructure could solve the defect of the kerberos protocol in a certain extent, enhance the security level of the authentication process and can greatly improve the operation efficiency of the certification system at the same time, and improve the performance of the entire authentication system, and is helpful to promote the use of desktop cloud systems.Secondly, this paper carries on the demand analysis to the desktop cloud authentication system, designs the architecture of authentication system in detail, including architecture design and the design of functional modules. The authentication system includes three functions, the certificate authority, the management of users and virtual machines, and unified login to virtual machines using Kerberos. Designs the authentication process of login in detail and the directory tree of LDAP.Finally, the development environment of the authentication system is described in this paper. Combined with the improved Kerberos authentication protocol that based on SM2 algorithm public key infrastructure and LDAP directory, the implementation of the desktop cloud authentication system is completed on the basis of MIT Kerberos, OpenLDAP and OpenSSL. Introduces the implement methods of the SM2 algorithm, and describes the implementation methods of each function module of the authentication system. And tests the authentication system on the ubuntu virtualization environment built by VirtualBox.