Implementing secure data access control for multi-authority cloud storage system using Ciphertext Policy-Attribute based encryption

Data access control is an effective way to ensure the data security in the cloud. However, due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. In a multi-authority Attribute Based Encryption scheme, multiple attribute-authorities monitor different sets of attributes and issue corresponding decryption keys to users, and encryptors can require that a user obtain keys for appropriate attributes from each authority before decrypting a message. Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising cryptographic primitive for fine-grained access control of shared data. In CP-ABE, each user is associated with a set of attributes and data are encrypted with access structures on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the ciphertext access structure. An important issue of attribute revocation is cumbersome for CP-ABE schemes. This challenging issue is considering by more practical scenarios in which semi-trustable on-line proxy servers are available. The proposed solution enables the multi-authority to revoke user attributes with minimal effort. This is achieve by uniquely integrating the technique of proxy re-encryption with CP-ABE, and enable the authority to delegate most of laborious tasks to proxy servers. The proposed scheme is provably secure against chosen ciphertext attacks.