Design And Implementation Of Virtual Cloud Desktop Access Control System Based On Two-factor Authentication

With the coming of the era of cloud computing,government,enterprises and individuals have all enjoyed the rapidity and convenience brought by cloud service.The low-cost cloud service can bring great convenience to enterprises' business and office work.The most common application of cloud services for the office work of enterprises is virtual cloud desktop.By using the virtual cloud desktop system,the enterprises' employees can log in to the virtual cloud desktop server of enterprise to work at anytime and anywhere,which greatly improved the flexibility of office work.At this stage,however,the service providers of virtual cloud desktop system mainly focus on helping enterprises to save costs,how to deployment flexible and fast,how to telecommuting conveniently,and how to centralized management directions.There are still some deficiencies in the remote login users of virtual cloud desktop's identity authentication.This paper starts with the deficiencies of enterprise's virtual cloud desktop system on the access control ways for end-users and aims at secure access control system.It conducts an in-depth investigation on the virtual device authentication and the user two-factor authentication method of virtual cloud desktop.Based on that,a set of virtual device authentication based on improved SSL protocol and a two-factor authentication access control system based on users' password of time series are realized.The system can ensure that the end users who login to the virtual cloud desktop are authorized users and access the data resources with corresponding permissions.The specific content of this paper is as follows:1.Firstly,this paper introduces the research background of virtual cloud desktop,and list the main service providers of virtual cloud desktop at home and abroad,and introduce their each respective technical characteristics.Besidesit presentsthe current common identity authentication methods,and points out the deficiencies of virtual cloud desktop in identity authentication.To know about the concept,features,core technologies,architecture of cloud computing and the basic concept of virtual cloud desktop.It has also done some research on authentication related content,currently popular authentication protocols and authentication methods.2.In view of the fact that the single-factor authentication through account/password authentication for accessing user authentication is generally adopted for the virtual cloud desktop system,a two-factor authentication method based on virtual device authentication and dynamic password authentication is proposed,which improved the authentication level of the virtual cloud desktop system to the end user,and ensuring the enterprise's data security effectively.3.For the problem that authorized physical terminal is inconvenient to carry with,this paper put forward the method of virtual device authentication.Using the browser to login,this method uses the improved SSL protocol,and use the PKI authentication method to write the eigenvalue of the customized desktop of virtual cloud desktop registered in the server into the digital certificate.After loading the digital certificate for the user,the two-way authentication is conducted with the virtual device.In the verification process,the eigenvalue of the certificate obtained through device verification during the first login iscompared with the eigenvalue of the user virtual cloud desktop in the server when registered to ensure that the user's virtual device is authorized.4.For the current situation that static password is generally used to login the virtual cloud desktop for the user.This paper proposes a dynamic password authentication method based on time synchronization.When a user logs in virtual cloud desktop,the combination of personal six-digital static password +dynamic password is needed to log in.This method has not only solved the problem of insufficient static password strength,but also avoided the fraudulent use of password shield when it is lost.5.Based on the scheme in this paper,a two-factor authentication method of virtual device authentication based on improved SSL protocol and dynamic password authentication based on time synchronization is designed and implemented for virtual cloud desktop access control system.The system consists of local terminal,remote terminal,network environment,architecture server,virtual application server,virtual desktop server,etc.It can realize telecommuting for the employees of a company by using any terminal for high-intensity two-factor authentication.It can ensure that the user is authorized to access the enterprise server's data resources effectively,thus ensuring the enterprise's data security,and the private data of the enterprise will not be stolen.The test results show that the two-factor authentication access control system can satisfy the need of telecommuting in terms of its performance,and can also prevent a certain degree of penetration attack in terms of its security.Therefore,it has high practical value.