虚拟云桌面认证与安全传输技术研究与实现

发布时间：2018-02-05 01:29

本文关键词： 云计算虚拟云桌面认证安全传输　出处：《西安电子科技大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着互联网的迅猛发展,计算机应用已经渗透到人类生活的各个领域,人们对计算机性能的要求也越来越高,频繁的更换高性能主机,势必会造成一定的资源浪费,因此,人们对传统的计算模式有了新的认识,云计算应运而生。伴随着云计算的快速发展,尤其是私有云的广泛应用,云计算相关的虚拟化技术也越来越成熟,用户可以使用多个低性能主机协调提供高性能虚拟云桌面,这样能够以有限的资源更好的满足用户的需求。私有云的发展,虚拟云桌面的广泛使用,给企业内部网络带来了新的安全挑战。用户在瘦客户端上通过网络连接到自己的虚拟云桌面,像使用一台实体主机一样,运用该云桌面进行一切网络操作,例如用户可以通过该云桌面访问企业内部的虚拟应用服务器。在虚拟环境下,用户的虚拟云桌面位于云计算中心,用户通过瘦客户端与云计算中心相连接,进而获得到自己的云桌面,因此需要对用户的瘦客户端进行有效的注册认证;同时,在云计算中心,多个用户云桌面共用网络和虚拟交换机,而在一般情况下,数据的传输均以明文的方式进行,因此,必须保证用户虚拟云桌面与应用服务器间的数据安全传输。本文设计的虚拟云桌面认证与安全传输平台,利用FreeIPA对加入到云区域内的服务和用户进行管理,同时以证书的方式对瘦客户端进行注册和认证,用户通过瘦客户端进行登录,连接至FreeIPA服务器,然后访问FreeIPA管理的服务;利用OpenStack实现用户主机和应用服务器的虚拟化,FreeIPA将Open Stack作为一个服务进行管理,连接至FreeIPA服务器的用户,可以访问OpenStack服务,获得云桌面,用户通过该云桌面进行一切网络操作,例如访问应用服务器。该课题结合云计算环境下虚拟化的特点,利用数字证书对瘦客户端进行认证,采用Kerberos协议对用户身份进行认证。课题根据云桌面与云服务器虚拟化的特点,对传统SSL安全协议进行改进,实现虚拟环境下云桌面与应用服务器之间的双向身份认证。将客户端证书存入UsbKey,使得用户通过UsbKey的PIN码与证书绑定在一起,UsbKey中的证书通过虚拟机的bios.uuid序列号与用户的虚拟云桌面绑定在一起,最终实现用户、证书、虚拟云桌面的“合三为一”,建立用户虚拟云桌面与应用服务器之间的安全传输通道,确保通信双方数据传输的安全性。
[Abstract]:With the rapid development of the Internet, computer applications have penetrated into the various fields of human life, people have higher and higher requirements for the performance of computers, frequent replacement of high-performance hosts. It is bound to cause a certain waste of resources, so people have a new understanding of the traditional computing model, cloud computing came into being. With the rapid development of cloud computing, especially the wide application of private cloud. Cloud computing related virtualization technology is becoming more and more mature, users can use multiple low-performance hosts to coordinate the provision of high-performance virtual cloud desktop. This can better meet the needs of users with limited resources, the development of private cloud, the wide use of virtual cloud desktop. Users connect to their virtual cloud desktop through the network on the thin client and use the cloud desktop for all network operations just like using an entity host. For example, the user can access the virtual application server within the enterprise through the cloud desktop. In the virtual environment, the user's virtual cloud desktop is located in the cloud computing center, and the user connects to the cloud computing center through the thin client. In order to get their own cloud desktop, it is necessary to register and authenticate the user's thin client effectively. At the same time, in the cloud computing center, multi-user cloud desktop sharing network and virtual switch, and in general, data transmission is done in clear text, so. It is necessary to ensure the secure data transmission between the user virtual cloud desktop and the application server. The virtual cloud desktop authentication and secure transmission platform designed in this paper. FreeIPA is used to manage the services and users who join in the cloud area. At the same time, the thin client is registered and authenticated in the form of certificate, and the user logs in through the thin client. Connect to the FreeIPA server and then access the FreeIPA managed service; Using OpenStack to realize the virtualization of user host and application server FreeIPA manages OpenStack as a service. A user connected to a FreeIPA server can access the OpenStack service to obtain a cloud desktop through which the user performs all network operations. For example, access to application server. This subject combines the characteristics of virtualization in cloud computing environment, using digital certificates to authenticate thin clients. According to the characteristics of cloud desktop and cloud server virtualization, the traditional SSL security protocol is improved. Realize the bidirectional authentication between the cloud desktop and the application server in the virtual environment. The client certificate is stored in the UsbKey. the user is bound to the certificate through the UsbKey PIN code. The certificate in UsbKey binds to the virtual cloud desktop through the bios.uuid serial number of the virtual machine, and finally realizes the user, certificate, virtual cloud desktop "three as one". The secure transmission channel between the user virtual cloud desktop and the application server is established to ensure the security of the data transmission between the two parties.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】