DocumentCode
1760764
Title
DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems
Author
Kan Yang ; Xiaohua Jia ; Kui Ren ; Bo Zhang ; Ruitao Xie
Author_Institution
Dept. of Comput. Sci., Univ. of Sci. & Technol. of China, Hefei, China
Volume
8
Issue
11
fYear
2013
fDate
Nov. 2013
Firstpage
1790
Lastpage
1801
Abstract
Data access control is an effective way to ensure data security in the cloud. However, due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Existing access control schemes are no longer applicable to cloud storage systems, because they either produce multiple encrypted copies of the same data or require a fully trusted cloud server. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising technique for access control of encrypted data. However, due to the inefficiency of decryption and revocation, existing CP-ABE schemes cannot be directly applied to construct a data access control scheme for multiauthority cloud storage systems, where users may hold attributes from multiple authorities. In this paper, we propose data access control for multiauthority cloud storage (DAC-MACS), an effective and secure data access control scheme with efficient decryption and revocation. Specifically, we construct a new multiauthority CP-ABE scheme with efficient decryption, and also design an efficient attribute revocation method that can achieve both forward security and backward security. We further propose an extensive data access control scheme (EDAC-MACS), which is secure under weaker security assumptions.
Keywords
authorisation; cloud computing; cryptography; storage management; CP-ABE schemes; DAC-MACS; EDAC-MACS; backward security; ciphertext-policy attribute-based encryption; data access control for multiauthority cloud storage system; efficient attribute revocation method; extensive data access control scheme; forward security; trusted cloud server; Access control; Cloud computing; Encryption; Public key; Servers; Access control; CP-ABE; attribute revocation; decryption outsourcing; multiauthority cloud;
fLanguage
English
Journal_Title
Information Forensics and Security, IEEE Transactions on
Publisher
ieee
ISSN
1556-6013
Type
jour
DOI
10.1109/TIFS.2013.2279531
Filename
6585778
Link To Document