Somesh Singh et al, International Journal of Research in Engineering, IT and Social Sciences, ISSN 2250-0588, Impact Factor: 6.452, Volume 06 Issue 07, July 2016, Page 50-54 www.indusedu.org Page 50 A comparative study of various access control and authentication techniques in cloud computing Somesh Singh 1 and Dr. Vineet Richhariya 2 1 (M. Tech student, Dept. of Software Engineering, LNCT Bhopal) 2 (Professor and Head of Dept., CSE, LNCT, Bhopal) Abstract: Today internet is like an important entity of us. Everything we do today is somehow related to internet. A person's data is very crucial to himself and it isn’t easy to share data bet ween two entities. But today, thanks to cloud computing platform, from normal people to large organizations, data and information exchange is now at our fingertips. But of course, we still have some real life issues over internet as well. The most concerned of them is data theft and hence data security. So, through this paper, we are going to evaluate a number of techniques, based on their computational costs and feasibility and try to mark those certain spots, where there is a need for a change. Keywords: Cloud Computing, Authentication, Privacy, Access Control, Data encryption. I. INTRODUCTION There was a time when magnetic tapes were used for data storage. As time passed, a number of discoveries and inventions were made in the field of data storage. But at the same time, users and their data grew exponentially. Cost of physical data storages moved up along with the size of data. The birth of internet in the early 1980’s brought a revolution in computer technology. With the use of internet, a lot of online services then came into being. One of which is Cloud computing. It makes use of remote servers and internet, to store and share data and provides a number of services which includes Infrastructure as a Service (IAAS), Platform as a Service (PAAS) and Software as a Service (SAAS). It completely removes the use of local physical storages and provides an easy way to share data with other people. Consequently, the users and their data, both are growing at rapid speed. With so much data to share, it becomes a hectic job to secure data from unauthorized users. For example, a data owner (DO) wants to share his data to a person living in Asian continent but not with anyone from other continents. What if, someone from other continent acts as from Asian continent? How can data be then secured in an environment, where anyone can try access the data and if succeeded, can cause harm or abuse the data? This calls for strict security measures in cloud computing so that data should only be accessed by the users authorized by the DO only. Thus, a secure access control is required which provides an on-demand security & data access control architecture for cloud computing. Different mechanisms are used to provide access control on cloud data. In traditional symmetric key system, the data owner encrypts the data and defines all the authorized users in different Access Control Lists (ACL) [1]. This information is then shared with the Cloud Service Provider (CSP), which in turn, allows only the users defined in the ACLs, to decrypt the data, by sharing the key from the data owner. However, with time, the number of keys grows with the users, causing data owner a headache regarding the key management. Also, in case a user is revoked, it might end up causing issues to other authorized users as well. Another method of applying access control on cloud data is Attribute Based Access Control (ABAC). In this method, a subject and object’s attribute is used to define different access levels for the user on the basis of that an access control mechanism is provided to the user. ABAC manages access to objects by evaluating rules against the properties of subject and object, and operations that is why it is distinguishable. A description for the ABAC is presented in the Figure 1.a. It uses the Attribute Based Encryption (ABE) [2-4] system, where the user is identified by its attribute while the data is encrypted with an attribute based access structure. If the user attributes matches data's attribute structure, then only the user can decrypt the data otherwise it will deny the user's access. ABE has 2 widely used variants known as Key-Policy