Encryption-Based Secure Sharing of Data with Fine-Grained Access Control in Public Clouds

Abstract

Security challenges are still among the biggest obstacles when considering the adoption of cloud services. This triggered a lot of research activities, resulting in a quantity of proposals targeting the various cloud security threats. Current approaches to enforce fine-grained access control on confidential data hosted in the cloud are based on fine-grained encryption of the data. Under such approaches, data owners are in charge of encrypting the data before uploading them on the cloud and re-encrypting the data whenever user credentials change. Data owners thus incur high communication and computation costs. A better approach should delegate the enforcement of fine-grained access control to the cloud to minimize the overhead of the data owners, while assuring data confidentiality from the cloud. To achieve fine-grained and scalable data access control for personal health records (PHRs), the authors leverage attribute-based encryption (ABE) techniques to encrypt each patient's PHR file. Differently from previous works in secure data outsourcing, they focus on the multiple data owner scenario and divide the users in the PHR system into multiple security domains that greatly reduce the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multiauthority ABE. The scheme also enables dynamic modification of access policies or file attributes and supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios.