A Fine-Grained Access Control Scheme for Big Data Based on Classification Attributes

Abstract

In order to protect the security and privacy of big data, the cloud storage service needs to enforce effective access control mechanism on user requests. Attribute-Based Encryption is a promising cryptographic access control technique to ensure the end-to-end security of data in cloud. However, the existing ABE researches mainly focus on the efficiency decryption, while the flexibility of policy, the communication cost, and the metadata management of ciphertexts are still challenging issues in the big data environment. In this paper, for the first time, we propose a new distributed, scalable and fine-grained access control scheme based on classification attributes for the cloud object storage. The classification attributes and threshold policies are integrated into an access structure, and then the objects are encrypted with the integrated access structure. The constant-size ciphertext components related to attributes can be managed as the corresponding metadata. As a result the encryption complexity and ciphertext storage are reduced. In addition, we present a new label-based access control model with multi-authorities to describe the detailed relationships of entities in our scheme. Besides, the proposed scheme is proved to be secure under l-BDHE assumption, and the system implementation demonstrates the practical feasibility and good performance.