Secure and Efficient Attribute-Based Access Control for Multiauthority Cloud Storage

Cloud storage facilitates both individuals and enterprises to cost effectively share their data over the Internet. However, this also brings difficult challenges to the access control of shared data since few cloud servers can be fully trusted. Ciphertext-policy attribute-based encryption (CP-ABE) i...

Full description

Saved in:
Bibliographic Details
Published in:IEEE systems journal 2018-06, Vol.12 (2), p.1731-1742
Main Authors: Wei, Jianghong, Liu, Wenfen, Hu, Xuexian
Format: Article
Language:English
Subjects:
Access control
Algorithms
Cloud computing
cloud storage
Cryptography
Data storage
Encryption
multiauthority ciphertext-policy attribute-based encryption (CP-ABE)
Outsourcing
public update
revocation
Servers
Storage systems
System effectiveness
Upgrading
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cloud storage facilitates both individuals and enterprises to cost effectively share their data over the Internet. However, this also brings difficult challenges to the access control of shared data since few cloud servers can be fully trusted. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising approach that enables the data owners themselves to place fine-grained and cryptographically-enforced access control over outsourced data. In this paper, we present secure and cost-effective attribute-based data access control for cloud storage systems. Specifically, we construct a multiauthority CP-ABE scheme that features: 1) the system does not need a fully trusted central authority, and all attribute authorities independently issue secret keys for users; 2) each attribute authority can dynamically remove any user from its domain such that those revoked users cannot access subsequently outsourced data; 3) cloud servers can update the encrypted data from the current time period to the next one such that the revoked users cannot access those previously available data; and 4) the update of secret keys and ciphertext is performed in a public way. We show the merits of our scheme by comparing it with the related works, and further implement it to demonstrate its practicality. In addition, the proposed scheme is proven secure in the random oracle model.
ISSN:1932-8184
1937-9234
DOI:10.1109/JSYST.2016.2633559