Ciphertext Policy Attribute Based Encryption scheme is a promising technique for access control in the cloud storage, since it allows the data owner to define access policy over the outsourced data. However, the existing attribute based access control mechanism in the cloud storage is based on small universe construction, where the attribute set is defined at setup, and the size of the public parameters scales with the number of attributes. A large number of new attributes need to be added to the system over time, small universe attribute based access control is no longer suitable for cloud storage, whereas large universe attribute based encryption where any string can be employed as an attribute and attributes are not required to be enumerated at system setup meets this requirement. Unfortunately, one of the main efficiency drawbacks of existing large universe attribute based encryption is that ciphertext size and decryption time scale with the complexity of the access structure. In this work, we propose large universe attribute based access control scheme with efficient decryption. The user provides the cloud computing server with a transformation key with which the cloud computing server transforms the ciphertext associated with the access structure satisfied by the attributes associated with the private key into a simple and short ciphertext; thus it significantly reduces the time for the user to decrypt the ciphertext without the cloud computing server knowing the underlying plaintext; the user can check whether the transformation done by the cloud computing server is correct to verify transformation correctness. Security analysis and performance evaluation show our scheme is secure and efficient.
Read full abstract