Method of secure, scalable, and fine-grained data access control with efficient revocation in untrusted cloud

Abstract

Cloud computing is a developing computing paradigm in which resources of the computing infrastructure are provided as services over the network. Hopeful as it is, this paradigm also brings new challenges for data security and encryption storage when date owner stores sensitive data for sharing with untrusted cloud servers. When it comes to fine-grained data and scalable access control, a huge computation for key distribution and data management is required. In this article, we achieved this goal by exploiting and uniquely combining techniques of ciphertext-policy attribute-based encryption (CP-ABE), linear secret sharing schemes (LSSS), and counter (CTR) mode encryption. The proposed scheme is highly efficient by conducting the revocation on attribute level rather than on user level. The goals of data confidentiality and no collusion attack (even the cloud servers (CS) collude with users), as well as ones of fine-grainedness and scalability, are also achieved in our access structure.