TBSAC: Token-Based Secured Access Control for Cloud Data

Abstract

Growing digital world has led to enormous data. With the growing data, its availability and processing have become a tedious task which is rescued by cloud computing. The cloud computing and data integration pose critical security concern to protect the data from unauthorized access. The current literature suggests various data access control schemes and models for cloud, but all provide permanent access to the resources, i.e., once a user is authenticated, either he is required or is not to be authenticated or authorized for subsequent requests. The data industry nowadays works on auto-expiry access tokens with traditional access control mechanisms which the current literature lacks. This paper contains a framework for data privacy using contextual information, attribute-based encryption, time-based assured data deletion, JSON Web Token (JWT) for token-based authorization, challenge response-based authentication, policy and context update with hidden policy for attribute-based encryption.