A Secure Scheme for Storage, Retrieval, and Sharing of Digital Documents in Cloud Computing Using Attribute-Based Encryption on Mobile Devices

Abstract

ABSTRACT This work describes the analysis, design, and implementation of a secure scheme for storage, retrieval, and fine-grained sharing of digital documents in cloud computing using mobile devices. Confidentiality of digital documents stored in public clouds from a mobile device is achieved by implementing the digital envelope concept. Data are encrypted using AES, and the session key is encrypted using ciphertext-policy attribute based encryption (CP-ABE). CP-ABE also provides access control mechanisms at a fine-grain level, allowing the decryption of the AES key only to those users having the correct set of attributes. The encryption and decryption processes are carried out in a mobile device that interacts with a cloud provider, a trust server, and a key server. For practical implementation of CP-ABE, the Tate pairing was used on elliptic curves type A and F over prime fields, using affine and projective coordinates for the security levels 80, 112, and 128 bits. After evaluating the proposed system for different CP-ABE implementation options, it was observed that the elliptic curves type A allow execution times 18 times faster compared with the use of elliptic curves type F, achieving processing times that ensures the deployment of the proposed secure scheme.