Access Control for the Cloud Based on Multi-device Authentication

Cloud-based storage services such as Box or Dropbox are proliferating. They are being commonly adopted to store private information, which is beneficial for resource-constrained devices such as smartphones. However, stealing such device must not enable the attacker to have access to cloud data. In this paper, an access control mechanism for such scenario is proposed. It leverages the fact that each person usually carries several connected devices, thus forming a personal network previously referred to as Internet - of - You (IoY). Results show that this mechanism is resilient against several attacks, it is feasible in a real world scenario, and it is specially appropriate for files larger than 20kb as bigger files reduce the capacity of attack.