Owner Specified Excessive Access Control for Attribute Based Encryption

Abstract

Attribute-based encryption (ABE) has emerged as a promising solution for access control to diverse set of users in cloud computing systems. Policy can just specify whether (or not) any specific user should be given access to data, but it lacks to provide data owner the privilege to specify (how much) fraction, or (which) specific chunk from that data to be accessed or decrypted. In this paper, we address this issue, and propose a scheme that will give data owner excessive access control, so that he can specify specific chunk out of total data to be accessed by user depending on his attributes. In our scheme, a data owner can encrypt data over attributes specified in a policy, but even if user’s attributes satisfy the policy; he can decrypt data (partially or fully) fractionally based on his attributes specified by owner. The owner can also prioritize user’s access based on his designation, or hierarchal role in a specific organization. We also address to resolve the issue of attributes repetition, due to which the cost of computations in encryption by owner and ciphertext size is reduced. Furthermore, we achieve it with a single ciphertext over policy for entire data, and proof our scheme to be secure in the generic group and random oracle model. Theoretical comparisons of computations with existing constructions, and performance of the scheme evaluated in the Charm simulator is reasonable enough to be adopted in practice.