Abstract
Typically, cloud computing has been embraced by businesses. However, this master thesis introduces the personal cloud – a new cloud concept proposed to address personal needs. By bringing cloud computing into the personal sphere, the different personal computing sevices are enabled to share resources and collaborate to form new and richer services; their resources could be made accessible from everywhere and to be shared among family and friends.
However, putting together services from different devices, across different networks into compound services and sharing resources with other individuals, while ensuring sufficient access control is a major challenge. This demands for proper security solutions, such as trust establishment, secure authentication and identity management. Solutions for personal identity management and establishment of long-lasting security associations are proposed, by introducing the mobile phone as an authentication token and a personal identity provider service. The possibly to put the identity provider on the mobile phone is also evaluated.
A high-level CORAS security analysis of cloud computing in general and particularly related to the new personal cloud is performed, to highlight some problematic areas regarding security.
A working prototype which uses mobile authentication for SIP telephony has been developed as an example of a personalized service. By pointed out how the prototype can be further expanded, it is shown how a personalized service can be a fully integrated part of the personal cloud and its security government.