Efficient decentralized attribute-based access control for cloud storage with user revocation

Abstract

Cloud storage access control is very important for the security of outsourced data, where Attribute-based Encryption (ABE) is regarded as one of the most promising technologies. Current researches mainly focus on decentralized ABE, a variant of multi-authority ABE scheme, because conventional ABE schemes depend on a single authority to issue secret keys for all of users, which is very impractical in a large-scale cloud. A decentralized ABE scheme should not rely on a central authority and can eliminate the need for collaborative computation. However, constructing such an efficient and practical decentralized ABE scheme remains a challenging research problem. In this study, we design a new decentralized ciphertext-policy attribute-based encryption access control scheme for cloud storage systems. Firstly, our scheme dose not require any central authority and global coordination among multiple authorities. Then, it supports any LSSS access structure and thus can encrypt data in terms of any boolean formula. In addition, we also utilize Proxy Re-encryption technique to overcome the user revocation problem in decentralized ABE schemes, thus making our scheme more practical. Our security and performance analysis demonstrate the presented scheme's security strength and efficiency in terms of flexibility and computation.