Mobile One Time Passwords and RC4 Encryption for Cloud Computing

Abstract: Cloud services have grown very quickly over the past couple of years, giving consumers and companies the chance to put services, resources and infrastructures in the hands of a provider. Therefore removing the need of providing these services themselves. This can for example lead to cost savings, better resource utilization and removing the need of technical expertise for the customers. There is big security concerns when using cloud services. Security is very important in cloud computing since people and companies store confidential data in the cloud. It must also be easy to use the services provided, since cloud services have so many users with different technical background. Since the control of services and data needed for the everyday-run of a corporation is being handled by another company, further issues needs to be concerned. The consumer needs to trust the provider, and know that they handle their data in a correct manner, and that resources can be accessed when needed. This thesis focuses on authentication and transmission encryption in cloud services. The current solutions used today to login to cloud services have been investigated and concluded that they don't satisfy the needs for cloud services. They are either insecure, complex or costly. It can also be concluded that the best encryption algorithm to use in a cloud environment is RC4, which is secure and at the same time a fast algorithm. Compared to AES, which together with RC4, are the most common encryption methods used over the Internet today, RC4 is the better choice. This thesis have resulted in an authentication and registration method that is both secure and easy to use, therefore fulfilling the needs of cloud service authentication. The method have been implemented in a fully working finished solution, that use a regular mobile phone to generate one time passwords that is used to login to cloud services. All of the data transmissions between the client and the server have been configured to use RC4 encryption. The conclusions that can be drawn is that the security proposal implemented in this thesis work functions very well, and provide good security together with an ease of use for clients that don't have so much technical knowledge.