Secure and Efficient Attribute-Based Access Control for Multiauthority Cloud Storage

Abstract-Cloud storage facilitates both individuals and enterprises to cost effectively share their data over the Internet.However,this also brings difficult challenges to the access control of shared data since few cloud servers can be fully trusted. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising approach
that enables the data owners themselves to place fine-grained and cryptographically-enforced access control over outsourced data. In thispaper,wepresentsecureandcost-effectiveattribute-baseddata access control for cloud storage systems. Specifically, we construct a multiauthority CP-ABE scheme that features: 1) the system does not need a fully trusted central authority, and all attribute authorities independently issue secret keys for users; 2) each attribute
authority can dynamically remove any user from its domain such that those revoked users cannot access subsequently outsourced data; 3) cloud servers can update the encrypted data from the current time period to the next one such that the revoked users cannot access those previously available data; and 4) the update of secret keys and ciphertext is performed in a public way. We show the merits of our scheme by comparing it with the related works, and further implement it to demonstrate its practicality. In addition, the proposed scheme is proven secure in the random oracle model.