MMACS: A multi-authority cloud access scheme with mixed access structure

Abstract

The mode of outsourcing brings about new challenges for data security and access control in cloud computing. Ciphertext-Policy Attribute-based Encryption (CP-ABE) is considered to be a powerful tool for protecting data confidentiality in cloud storage system. Due to the large scale of cloud, there are many independent domains. It is impossible for a single authority to issue attributes to all of the users. In addition, single authority could be the bottleneck of system. Attribute revocation has always been the primary difficulty in ABE. In this paper, we propose a multi-authority cloud access scheme with mixed access structure to support universal attribute and more flexible access control in multi-authority cloud storage system. After adding owner-defined attribute to traditional access structure, owner can decide which user has the right to access data. Two kinds of revocation methods can provide real-time privilege updating in multi-authority system. Detailed security analysis shows that the proposed MMACS scheme meets the security requirements under existing security models. Performance evaluation also demonstrates its highly efficient in attribute revocation.