Revocable Attribute-Based Data Storage in Mobile Clouds

Abstract

It is becoming fashionable for people to access data outsourced to clouds with mobile devices. To protect data security and privacy, attribute-based encryption (ABE) has been widely used in cloud storage systems. However, one of the main efficiency drawbacks of ABE is the high computation overheads at mobile devices during user revocation and file access. To address this issue, we propose a revocable attribute-based data storage (RADS) scheme equipped with several attracting features. First, our RADS scheme achieves a fine-grained access control mechanism, by which file owners do not need to explicitly specify authorized visitors to their outsourced files. Second, our RADS scheme allows mobile users to authorize the cloud service provider (CSP) to share costly computations in file access, without exposing the file content. Third, our RADS scheme offloads the operations of access-credential update and file re-encryption during revocation process to CSP, leaving all non-revoked users undisturbed. The revocation of RADS achieves a strong data protection, i.e., revoked users can access neither newly uploaded files nor old ones. The security and efficiency of the RADS scheme are validated via both analysis and experimental results.