Multi-authority fine-grained access control with accountability and its application in cloud

Abstract

Attribute-based encryption (ABE) is one of critical primitives for the application of fine-grained access control. To reduce the trust assumption on the attribute authority and in the meanwhile enhancing the privacy of users and the security of the encryption scheme, the notion of multi-authority ABE with an anonymous key issuing protocol has been proposed. In an ABE scheme, it allows to encrypt data for a set of users satisfying some specified attribute policy and any leakage of a decryption key cannot be associated to a user. As a result, a misbehaving user could abuse the property of access anonymity by sharing its key other unauthorized users. On the other hand, the previous work mainly focus on the key-policy ABE, which cannot support ciphertext-policy access control. In this paper, we propose a privacy-aware multi-authority ciphertext-policy ABE scheme with accountability, which hides the attribute information in the ciphertext and allows to trace the dishonest user identity who shares the decryption key. The efficiency analysis demonstrates that the new scheme is efficient, and the computational overhead in the tracing algorithm is only proportional to the length of the identity. Finally, we also show how to apply it in cloud computing to achieve accountable fine-grained access control system.