Scalable and secure access control policy update for outsourced big data

Abstract

Ciphertext Policy Attribute-based Encryption (CP-ABE) is proven to be one of the most effective approaches to data access control in data outsourcing environment such as cloud computing since it provides efficient key management based on user attributes of multiple users in accessing shared data. However, dealing with policy update limits the efficiency of the CP-ABE. In CP-ABE scheme, the access policy is used as a core element for data encryption. Hence, if the policy is updated, the data owner needs to re-encrypt files and send them back to the cloud. This incurs overheads including computation, communication, and maintenance cost at the data owner side. The computation and communication cost are very expensive if the outsourcing environment is devoted to “big data”. In this paper, we extend the capability of our access control scheme: C-CP-ARBE to be capable of supporting secure and flexible policy updates in the big data outsourcing environment. We develop a secure policy updating algorithm and propose a very lightweight proxy re-encryption (VL-PRE) technique to enable the policy updating to be done in the cloud in an efficient and computationally cost effective manner. Finally, we demonstrate the efficiency and performance of our proposed scheme through the implementation.