A fine grained access control and flexible revocation scheme for data security on public cloud storage services

Cloud computing based storage services have rapidly spread in the market due to their promising capabilities and features. However, the security challenge of outsourcing sensitive data for sharing on the cloud which is not fully controlled by the data owners is still open. In this paper, we present negative and positive attributes in attribute based encryption to support fine grained access control and flexible revocation. The framework is designed to shift the key security roles, such as authentication and key management, from the cloud to be shared between data owners and a trusted third party. Furthermore, this research aims to enable data owner to do most of the heavy re-encryption tasks using the cloud resources and without revealing his data or attributes to the cloud. We propose a flexible revocation solution which enables the owner to revocate users without the need for re-encrypting all the affected files or regenerating system and users´ keys. We highlight the performance of our scheme by analyzing its computational complexity.