Attribute-based fuzzy identity access control in multicloud computing environments

Abstract

Firstly, we propose a multiauthority ciphertext policy attribute-based encryption scheme. It achieves fine-grained access control based upon fuzzy identity over encrypted data without any trusted center or extra interaction among multiple authorities. Moreover, it satisfies the collusion resistance requirement as long as at least one of the attribute authorities is honest. The security proof demonstrates that the proposed scheme is secure against chosen plaintext attacks in random oracle model under decisional multilinear Diffie–Hellman assumption. Secondly, we construct an attribute-based access control system for proxy-based multicloud environment to achieve distributed access control without any trusted center, manager, or additional secret keys. In our construction, the original secret keys are split into a control key, a decryption key and a set of transformation keys. It only takes the mobile device a lightweight decryption with a single decryption key. The overwhelming majority of decryption operations are outsourced to cloud via transformation keys. In addition, the attribute revocation can be realized by updating transformation keys using the control key, while ciphertexts and user’s decryption key still remain unchanged. Furthermore, proxies are helpful to promote the collaboration among multiple clouds in file access control system. Finally, the performance analysis shows that our construction is flexible and practical for mobile users in proxy-based multicloud environment.