MMACS: A multi-authority cloud access scheme with mixed access structure

The mode of outsourcing brings about new challenges for data security and access control in cloud computing. Ciphertext-Policy Attribute-based Encryption (CP-ABE) is considered to be a powerful tool for protecting data confidentiality in cloud storage system. Due to the large scale of cloud, there are many independent domains. It is impossible for a single authority to issue attributes to all of the users. In addition, single authority could be the bottleneck of system. Attribute revocation has always been the primary difficulty in ABE. In this paper, we propose a multi-authority cloud access scheme with mixed access structure to support universal attribute and more flexible access control in multi-authority cloud storage system. After adding owner-defined attribute to traditional access structure, owner can decide which user has the right to access data. Two kinds of revocation methods can provide real-time privilege updating in multi-authority system. Detailed security analysis shows that the proposed MMACS scheme meets the security requirements under existing security models. Performance evaluation also demonstrates its highly efficient in attribute revocation.

[1]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[2]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[3]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[4]  Yang Ming,et al.  An Efficient Attribute Based Encryption Scheme with Revocation for Outsourced Data Sharing Control , 2011, 2011 First International Conference on Instrumentation, Measurement, Computer, Communication and Control.

[5]  Cong Wang,et al.  Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , 2009, ESORICS.

[6]  Zhang Huanguo,et al.  Development of trusted computing research , 2008, Wuhan University Journal of Natural Sciences.

[7]  T. Eissa,et al.  A fine grained access control and flexible revocation scheme for data security on public cloud storage services , 2012, 2012 International Conference on Cloud Computing Technologies, Applications and Management (ICCCTAM).

[8]  Kui Ren,et al.  Attribute-based fine-grained access control with efficient revocation in cloud storage systems , 2013, ASIA CCS '13.

[9]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[10]  Patrick D. McDaniel,et al.  Principles of Policy in Secure Groups , 2001, NDSS.

[11]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[12]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[13]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).