Secure cloud storage using anonymous and blackbox traceable data access control

Abstract

AbstractIn cloud storage systems, data outsourcing and untrusted service providers make data‐access control become a challenging issue because traditional technologies always consider service providers as a fully trusted party. Ciphertext‐policy attribute‐based encryption (CP‐ABE) shows particular advantages in this setting because this encryption gives the data owner a direct control on data‐access policies. However, malicious users in traditional CP‐ABE systems may leak their decryption keys in the form of a decryption device/blackbox with little risk of getting caught because no one (including the key authorities) can reveal them. This issue has become a major practicality concern in many data outsourcing applications (e.g., financial and healthcare systems) where the preservation of privacy with regard to sensitive data is critical. To address this problem, blackbox traceable CP‐ABE leveraged the “traitor tracing” property of broadcast encryption to identify these malicious users. However, the size of the keys and ciphertexts in the blackbox traceable CP‐ABE depends on the number of users. In this paper, we introduce an accumulator‐based encryption (ACC‐ENC), which can be integrated with conventional non‐traceable CP‐ABE‐based data‐access control to achieve an additional blackbox traceability feature without sacrificing performance (just adds elements to the ciphertext and the public key). We first formally define the model of ACC‐ENC and present a concrete construction that is proven fully secure; then, we illustrate applying ACC‐ENC to obtain CP‐ABE‐based data‐access control with blackbox traceability for cloud storage. Performance evaluation shows that additional computation costs of the proposition are very low compared to the original scheme. Copyright © 2015 John Wiley & Sons, Ltd.