Login and registration. For registration and login, it is used secure communication channel (TLS). Registration can be done on the website or during client installation. During registration on the website the user has to enter his first and last name (arbitrary lines), email address and password. One email address can only be associated with one account. During registration, a minimum password length of at least six characters is imposed; a maximum limit is not set. In addition, no email address should be used as a password. During registration on the website DropBox provides a hint of the password quality, but accepts weak passwords. The registration process during client installation is slightly different: the client application does not have a password strength indicator and the user has to repeat the password. When entering a previously used address, a corresponding message is displayed. When first logged in through a client app, the user enters an email address and password. After passing the authentication, the security token is transmitted to the server and stored on the client side for further user authentication. DropBox does not send an activation message to the email immediately after registration, it only happens after trying to get the first URL to share the file, so the user can use the new account as soon as fill in the registration form. In case of a failed login attempt, DropBox informs the user that one element of the login / password pair is incorrect but does not specify which one.

If a user has lost his password, Dropbox sends a message to the user's registered email. This email contains the URL of a secure web page for entering a new password. Dropbox prevents password hijacking by temporarily blocking your account after many unsuccessful attempts to sign in for a specified period of time. Dropbox has the ability to use two-factor authentication. This option can be enabled in profile settings. In can be used one-time access codes that can be received on a mobile phone. It is also possible to use barcodes using Tіme Based One Tіme Password mobile applications.

Secure communication channel (SCC). During the DropBox analysis, the principle of securing communication channel between the client and the server was considered.

SCC formation protocol – TLS.

Message authentication algorithm – AES_256_СBС (SHA1).

Key agreement algorithm – EСDHE_RSA (2048 bit).

Data storage security. DropBox uses AES-256 to encrypt data stored on servers. This data will not be encrypted on the client side, instead DropBox encrypts the data after booting on the server side using its own encryption key. Since DropBox encrypts data on the server, user can not be sure in data privacy.

Data encryption algorithm –AES-256.

Data encryption key possession – the key is owned by the provider. 2.2

Login and registration. A SCC is used to register and log in. New accounts can be created on a Google page. To use the service must have a Google account, which is the same for all services and email address tied to Gmail. During registration, the user must be sure to provide first and last name, gender, birth date, come up with a unique email address and enter password twice. Also need to enter information from the image. One email address can be associated with one account. To create a Google Account, you must select a password, which include at least 8 characters, but not more than 100 characters. In passwords can be used Latin letters (both large and small: A-Z, a-z), numbers (0-9) and punctuation marks. The password can consist of only one character’s group. When creating a password, the system provides a password quality hint. Google also rejects common passwords. Thus, weak passwords are not accepted. Since the login is unique to all Google applications – no additional signup confirmation is required. If unsuccessful attempt to log in, Google notifies the user that one element of the pair login / password is not correct, but does not specify what kind of. If a user forgets his password, he gets two possible ways to set a new password:  a secure page for resetting user’s password, URL sent by mail;  using a code that is sent to a mobile phone via a short message or can be communicated during a phone call.

Google prevents brute force passwords using mandatory requirements Input characters from the image after a series of failed login attempts in service. Google has the ability to use two-factor authentication, this option can be enabled in the profile settings. It is used one-time access codes that can be send on mobile phone.

SCC. During the analysis of Google Drive, the security principle for communication channel between client and server was considered.

SCC formation protocol – TLS.

Message authentication algorithm – RС4_128 (SHA1).

Key agreement algorithm – EСDHE_EСDSA (256 bit).

Data storage security. Google Drive does not use server-side data encryption. 2.3

Login and registration. A SCC is used to register and log in. New accounts can only be created using the Wuala App. During registration a user must provide a unique name, email address and password. A single email address can be associated with multiple accounts. Only minimum lengths of at least six characters are imposed on the password, no maximum limit is set. Wuala provides hint about password quality during registration, but does not reject weak passwords. Wuala does not send an activation message to the email to confirm the fact of registration. In case of unsuccessful login attempt, Wuala informs the user that one or both of the elements of the login / password pair is incorrect but does not specify which one. Passwords are not stored on Wuala servers, so the ability to recover a lost password is not available.

Wuala provides optional password hint functionality. The password hint can be used for a single username or email address and will be sent to a registered email address. If there are multiple accounts registered with the same email address – multiple emails will be sent, one for each account that has a password hint. The password hint feature allows to collect information about already registered usernames and email addresses. There are no restrictions on the number of failed login attempts. Two-factor authentication is not currently implemented in Wuala.

SCC. The Wuala SCC uses its own client-server communication protocol rather than standardized and well-known SSL / TLS. According to Wuala press releases, integrity checks are being used to protect data during transmission, but no detailed documentation on mechanisms and protocols has been published. In conjunction with the convergent encryption schemes used by Wuala, the lack of encryption during transmission allows attackers to receive messages being transmitted and to attempt information-gathering attacks.

SCC formation protocol is absent.

Message authentication algorithm – AES_256 (SHA1) Key agreement algorithm – DHE_RSA (2048 bit)

Data storage security. The idea behind Wuala encryption is to have an unreliable file system whose security is ensured by cryptographic methods. Used scheme is an implementation of directory tree structure for cryptographic file system called Сryptree.

Trust is based on a symmetrical root key that is obtained from a user's password. Wuala calculates the individual keys for each directory and the individual keys for each file. They all are output through the root key. They can be provided to partners for the purpose of data exchange. Wuala uses converged encryption schemes. This means that key to encrypt the file is derived from its hash value.

The most important properties of convergent encryption schemes are: 1) Identical plaintexts are encrypted into identical crypto texts, regardless of user; 2) Server cannot decrypt the crypto texts without having a copy of the plaintext.

The first property ensures the implementation of encrypted data deduplication feature. The second property protects documents that are unique to the user, such as selfwritten works, unpublished technical reports, etc.

Converting encryption schemes, on the other hand, have important disadvantages, including the attacks possibility if the attacker has access to the server side. According to press releases, it is noted that Wuala uses AES-256 to encrypt metadata and stored information. The client signs each file with a pair of user keys, in order to identify files that were received from third parties. The signatures are created and verified using RSA-2048, while SHA-256 hash function is used to verify the integrity.

Data encryption algorithm – converged encryption scheme.

Data encryption key possession – the key is stored on the client side.

Table 1 presents what advantages and disadvantages of each studied cloud services [ 5-7 ]. So, unlike Wuala's service, Google Drive and DropBox have two-factor authentication, password-attack protection, password recovery mechanism and transfer data by TLS 1.1 protocol (SCC formation protocol). One of the major drawbacks of each service is that message authentication uses the SHA1 algorithm, which is considered as outdated and not resistant to hacking. In Google Drive for messages authentication along with the SHA1 algorithm uses an algorithm RC4 that is also a disadvantage of service because it was proven that the modern attacks on the RC4 allow to break it for a few days or even hours. Another drawback of Google Drive is that it does not implement server-side data encryption. Wuala uses the Diffie-Hellman protocol for key agreement, while Google Drive and DropBox use the Diffie-Hellman protocol on elliptic curves.

Table 2 shows the analysis of the basic encryption algorithms used in cloud services. This also was given from previous review part [ 5-7 ]. Next Section of the paper consists on improvement of cryptographic security of Google Drіve that is most effective among analyzed cloud services; it based on stream cipher but has some vulnerability (Table 2).

This is very important issue because possible types of security challenges for cloud computing services include compromises to the confidentiality and integrity of data in transit to and from a cloud provider and at rest [ 1,8 ].

Google Drіve is data store owned by Google Inc. that allows users to store their data on servers in the cloud and share it with other users on the Internet.

During the analysis of Google Drive, the principle of securing communication channel between the client and the server was considered in Section 2. Let's take a closer look at the RC4-128 message encryption algorithm [ 9 ]. RС4 is streaming cipher developed by Ron Rivest in 1987, when he worked for the US company RSA Security. Has become a common algorithm used in such popular protocols as TLS (to secure internet traffic) and WEP (for wireless network security). Among others, it stands out for its speed and ease of software implementation, but the PC4 has flaws that indicate its inappropriate use in the latest systems. RС4-128 uses a sequence of numbers from 0 to 127 in the array S, which changes when algorithm works (Fig. 2). RС4-128 consists of following processes: Key Scheduling Algorithm (KSA), Pseudorandom Number Generation (PRNG) and Data Encryption. These processes are described by Pseudo-code 1. Besides that, RC4 is value part of security system in BitTorrent, Skype, Opera, Kerberos, PDF etc.

Pseudo-code 1: 1. .KSA to set the initial value of the array S: 1.1. 1.2. 1.3.

KSA stars work with S initialization such as S[і]=і, for і .

The secret key is given by a set of numbers, which are placed in a key array K, that also contains128 elements. Usually, a short sequence of numbers is selected, which is then repeated until K is filled.

The key array is used to convert S by the following scheme: 1.3.1. j=0; 1.3.2. For і the following steps are performed: 1.3.2.1. j=(j+ S[і] + K[і])mod128; 1.3.2.2. buf=S[і]; S[і]=S[j]; S[j]= buf. 2. PRNG algorithm for encryption: 2.1. A byte array k of PRN is generated, selecting random elements of the S array for the next sample: 2.1.1. і = 0; j = 0; 2.1.2. The following algorithm is used to generate each byte of a random stream: 2.1.2.1. і = (і+1)mod128; 2.1.2.2. j = (j+S[і])mod128; 2.1.2.3. buf=S[і]; S[і]=S[j]; S[j]= buf. 2.1.2.4. t = (S[і] + S[j])mod128; 2.1.2.5. k = S[t] 3. Data Encryption: 3.1. X-plain text; Y-ciphertext; .

The Fast Software Encryption Cryptographic Conference took place in Singapore in 2013, the main event being the speech of American Professor Dan Bernstein, who introduced the method of bypassing TLS (Transport Layer Security) and SSL (Secure Sockets Layer) protocols if they use RC4 encryption algorithm [ 10 ].

Successful attack on the cipher can be carried out due to insufficient randomness of the bit stream to which the message is transmitted. If chase a large number of network packets through this stream, it can be detected enough repetitive patterns to get the original content of the message. Successful attacks require the capture of large amounts of encrypted traffic. The researcher reported that he managed to bypass TLS protection in 32 hours, but hackers can apply various techniques to optimize and accelerate the RC4 hacking process. Apparently, this encryption algorithm is not crypto resistant (secure) and requires improvement [ 11 ]. 3.2

Therefore, improved stream cipher called ISC2k19 was developed, which eliminates the disadvantages of RC4 by changing the PRNG algorithm to substitution table implementation (S-box) and the use of constants, generation of additional PRNG flow and data encryption algorithm changing, which allows to increase the cryptographic security [ 12 ] of the algorithm.

ISC2k19 uses a sequence of numbers from 0 to 255 in the array S, which changes during algorithm works. ISC2k19 consists of four following processes (described by Pseudo-code 2): Pseudo-code 2: 1. KSA to set the initial value of the array S: 1.1. KSA stars work with S initialization such as S[і]=і, for і . 1.2. The secret key is given by a set of numbers that are placed in the key array K, which also contains 128 elements. Usually, a short sequence of numbers is selected, which is then repeated until K is filled.

1.3. The key array is used to convert S by the following scheme: 1.3.1. j=0; 1.3.2. For і the following steps are performed: 1.3.2.1. j=(j+ S[і] + K[і])mod128; 1.3.2.2. Then S[і] and S[j] are modified using a tables of substitutions (S-box, Table 3) and constants (Const, Table 4); 1.3.2.3. S[j]= Sbox (S[j]+Const[i]) ; S[i]= Sbox(S[i]).

1.3.2.4. buf=S[і]; S[і]= S[j]; S[j]= buf. 2. PRNG algorithm for randomly selecting array elements and changing array S, for S[і], where і . 2.1. A byte array of PRN is generated by selecting random elements of array S for the next sample: 2.1.1. і = 0; j = 0; 2.1.2. The following algorithm is used to generate each byte of a random stream: 2.1.2.1. і = (і+1)mod128; 2.1.2.2. j = (j+S[і])mod128; 2.1.2.3. Then S[і] and S[j] are modified using a tables of substitutions (S-box, Table 3) and constants (Const, Table 4); 2.1.2.4. S[j]= Sbox (S[j]+Const[i]) ; S[i]= Sbox(S[i]) 2.1.2.5. buf=S[і]; S[і]=S[j]; S[j]= buf. 2.1.2.6. t = (S[і] + S[j])mod128; 2.1.2.7. k = S[t]. 3. The algorithm for generating an additional stream of PRN for randomly selecting array elements and changing array S, S[і], where і . 3.1.Bytes r of PRN of key are generated by selecting random array S elements. 3.1.1. і= 128, j=0. 3.1.2. j=(j+1)mod128. 3.1.3. S[m] = S[і-1] (S[і-1] <<< j).

3.1.4. r = S[m]. 4. Data encryption: 4.1. X- plain text; Y-ciphertext; Y і

Both Table 3 and Table 4 are used in PRNG algorithm forming process of ISC2k19 stream cipher for security improving. Constant 51 Index

96 Constant 53 Constant 04 4f 66 2c 82 40 98 00 23 1a 83 8f ed c3 46 72 52 88 bc 6a 07 3b 89 b6 cb 4a eb 5e 77 e3 93 ff 4c 27 0b 78 2f 94 f3 58 b2 db 79 84 95 d2 cf 75 1b 84 92 20 2a 69 6e 85 9d fc 5a 86 38 b1 05 Index 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 18 96 12 80 Next Section of this work contains experimental technique as well as study of RC4 and improved stream cipher (ISC2k19).

An experimental study conducted to confirm or refute the hypothesis. To obtain the maximum result, it is necessary to clearly describe the study methodology. The conclusions of the theory, that would be experimentally studied should include only observable quantities. If it is difficult to predict the result theoretically, it is advisable to use statistical results. These experiments are based on traditional standards of research study in cryptography [ 13-15 ] and particularly in stream cipher security analysis [1618]. To perform each experiment study, it is necessary: 1. Determine the experimental purpose; 2. Set a target task; 3. Select the research object; 4. Identify input and output data; 5. Create a program of experimental work; 6. Determine the methods and techniques of intervention in the research object; 7. Develop techniques for recording the progress and results of the experiment; 8. Prepare instruments, devices, applications, etc.

According to the hypothesis, the qualitative nature of the expected results is predetermined: this will ensure a quick and correct evaluation of them, instantly alert with unexpected results, and help to avoid false conclusions. 4.2

The purpose of this experiment is study the speed characteristics of RC4 and improved stream cipher ISC2k19. To achieve mentioned purpose the following tasks should be performed: 1. Estimation the speed of 100KB data cryptographic transformation by software application based on both stream ciphers; 2. Estimation the speed of 1MB data cryptographic transformation by software application based on both stream ciphers; 3. Estimation the speed of 10 MB data cryptographic transformation by software application based on both stream ciphers; 4. Estimation the speed of 100 MB data cryptographic transformation by software application based on both stream ciphers.

Research object: the process of data cryptographic transformation.

Input data: encryption file, key stream.

Output data: encryption/decryption speed.

The experiment is performed manually with the help of the developed software application; the results are recorded in the Table 6. To confirm the achievement of this purpose, a comparative speed test of the encryption and decryption was carried out (between software-implemented cipher RC4-128 and developed ISC2K19 cipher). Testing was performed on four different computers; the characteristics of their hardware are given in Table 5. Testing was carried out for four selected files of different sizes (Table 6). The speed of ISC2K19 algorithm averaged was 20,2 MB/s, while the RC4-128 speed is 24,05 MB/s. Therefore, the improved stream cipher ISC2K19 showed worse results than RC4-128 during speed tests by 14.8%. But since the difference in time between RC4-128 and ISC2K19 data encryption is negligible, the speed of ISC2K19 is not a major disadvantage (security is priority parameter).

The purpose of this experiment is study the statistical characteristics of cryptographic security of RC4 and improved stream cipher ISC2k19. To achieve mentioned purpose the evaluation the statistical characteristics of both stream ciphers using the NIST STS technique.

Research object: data encryption process.

Input data: encrypted files by size 100 КB, 1МB, 10МB, 100МB.

Output data: test coefficients.

The experiment is performed by a console version of the NIST STS [ 19 ]. In accordance to [ 20-21 ] the most modern analytical attacks are statistical; during cryptanalysis, a large number of encryptions are performed to obtain a key, and round key variants are formed based on ciphertexts. When processing a sufficiently large sample of ciphertexts formed on a single key, the correct value of key bits is more common that the other variants. Obviously, the probability of finding the right pair, which gives a specific value of the key, depends on the statistical properties of the cipher. To increase the complexity of cryptanalysis, the properties of cryptograms must be close to random sequences. Therefore, a necessary (but not sufficient) condition for cipher security to analytic attacks is to provide good statistical properties of the output sequence (ciphertexts).

To test the statistical characteristics of the developed cryptoalgorithm it was tested in accordance with the NIST STS technique [ 19 ]. Software implementation of the algorithm is subjected to statistical testing using the NIST STS. The following parameters were selected for testing: 1. The length of the tested sequence n=106 bit; 2. The number of tested sequences m=100; 3. Significance level α=0,01.

Thus, the sample size under test was N = 100 × 106 bit; number of tests q for different lengths q = 188. Thus, the statistical portrait of the generator contains 18800 values of P probability.

In the ideal case, with specified parameters, only one sequence of one hundred can be discarded during testing, so the pass speed of each test should be 99%. But this restriction is too strict, so a rule based on the rj confidence interval applies. The lower bound in this case is the value Pmіn = 0,96015. From this viewpoint, the results of testing cryptographic algorithm and the key extension algorithm were analyzed. Analyzing the results, it can be conclude that the software implementation of the improved stream cipher passed complex control according to the NIST STS technique and showed better results than RC4-128 on 4.7%.