SDSS-MAC: Secure data sharing scheme in multi-authority cloud storage systems

Abstract

Secure data access control has become a challenging issue in cloud storage system schemes. Some attribute-based encryption techniques have been proposed to achieve more secure data access control for sharing data in a semi-trusted cloud storage system with multiple attribute authorities. However, based on Dolev–Yao model, security goals such as active attack resistance, confidentiality, anti-collusion, and attribute revocation security for most schemes cannot be all perfectly guaranteed since the capable adversary can overhear, intercept, replay, and synthesis arbitrary information in the open communication channels. In this paper, we first propose a Security-enhanced Multi-Authority Attribute-Based Encryption (SMA-ABE) scheme against common drawbacks for existing Multi-Authority Attribute-Based Encryption (MA-ABE) schemes such as key distribution on secure channel assumption and non-reliable decryption algorithms. Then based on our SMA-ABE scheme, a Secure Data Sharing Scheme in Multi-Authority Cloud-storage-systems (SDSS-MAC) is constructed to achieve fine-grained access control and efficient decryption with offloaded and verifiable transformation on cloud, and to support secure attribute-level immediate revocation of users' attribute. It can be formally proved that SDSS-MAC can achieve the confidentiality, provenance verification and integrity of data, secure key distribution, multiple collusions resistance, and attribute-revocation security. Finally, performance comparison among SDSS-MAC and other related schemes are given to demonstrate that SDSS-MAC can balance above security goals with practical efficiency of storage, computation and communication comparing with other related schemes.