Revocable, Decentralized Multi-Authority Access Control System

Abstract

For secure, public cloud storage, an access control scheme is critical, which ought to be carefully designed to achieve fine-grained access control and support outsourceddata confidentiality. Cipher-text Policy Attribute Based Encryption (CP-ABE) is introduced as one of the most beneficial, powerful techniques that can be leveraged to construct a secure access control system. However, this type of technique mainly supports storing data only on a private cloud storage system in which the service is managed by only one single authority. In addition, CP-ABE does not properly consider revocation issues to address changes to policy attributes and users. These two issues have motivated many researchers to develop more suitable schemes with limited success. By leveraging the existing work, in this paper, we propose a new CP-ABE scheme that tackles most of the existing work’s limitations and securely allows storing data on a public cloud storage system by employing multiple authorities which manage a joint set of attributes. Furthermore, the proposed scheme efficiently addresses the revocation issue by presenting two techniques that allow policy update and invalidate a user’s secret key to eliminate collusion attacks. In terms of computation overhead, the proposed system outsources expensive operations of encryption and decryption to a cloud server to mitigate the burden on a data owner and data users, respectively. Our security and performance analysis of the system demonstrates that our system is practical and secure.