Research on Authentication Method for Virtual Desktop System based on CPK

Abstract

Virtual desktop technology separates the users and the resources, contributing to terminal security solutions and improvement of resource utilization. It also provides the convenience for the centralized management of resources. But the introduction of virtualization technology also makes unique safety risks existing in virtual desktop. Identity authentication is the key technology to solve the problem of virtual desktop security problems and also is the foundation of more complex security protective measures. This article first describes the principle of the Combined Public Key (CPK) cryptosystems, then according to the characteristics of the virtual desktop, two authentication methods based on CPK are proposed for virtual resources applying and virtual resources using respectively. And the user and the virtual machine is bound through the federated identity in order to prevent fraudulent use of virtual machine,. At last, the safety and performance analysis of the proposed authentication method is given. Virtual desktop which can completely separate the user and data is convenient for the centralized management to user's system, application and data. With increased resource utilization rate, enhanced the continuity of business, reduce the pressure of terminal security risks, and many other advantages, so it is widely used in recent years. At the same time, its unique security risks also have gradually received attention. Due to the virtual desktop based on virtualization technology, multiple virtual machines share hardware resources, and therefore need to provide the corresponding security solution for user data isolation, virtual machine protection and data storage, etc (1-3). Identity authentication which is one of the key technology to solve the virtual desktop security can ensure that users remote login and use their own virtual resources, manage user's data, at the same time, more complex and fine-grained protection measures can also be implemented the virtual desktop system based on identity authentication. According to the characteristics of the virtual desktop, two authentication methods based on CPK was proposed for virtual resources applying and virtual resources using respectively in this article. And for resists the risk of fraudulent using virtual machine effectively, a method of binding of the user ID and the virtual machine UIID through the federated identity was given. At last, the safety and performance analysis of the proposed authentication method is given.