Improving security and efficiency of time-bound access to outsourced data

In time-bound access control, access to the system resources by authorized users is limited to specific time periods. In 2012, Vimercati, Foresti, Jajodia and Livraga proposed a scheme for time-bound access control to outsourced data in cloud using hierarchical key derivation structure. We show that their scheme has a security flaw. A user, after access right revocation, can still have access to the resources associated to his revoked subscription interval. There is a scheme by Wang, Li, Owens and Bhargava for efficient revocation in data outsourcing scenario. The main advantage of their scheme is that it does not require data block re-encryption and updates when any user's access right changes. It has a disadvantage that any change in access right of a single user, requires the data owner to recompute and distribute access certificates to all the users who requires further data access. In order to mitigate the security flaw of Vimercati et al. scheme, we present a solution based on the data access mechanism proposed by Wang et al. such that any user's access right revocation will be independent of other user's data access. Our solution removes their drawback without sacrificing other desirable properties of the original scheme.