Efficient distributed access control for big data in clouds

The term big data refers to the massive amounts of digital information, which can be efficiently stored and processed on a cloud computing platform. However, security and privacy issues are magnified by high volume, variety, and velocity of big data. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a promising cryptographic primitive for the security of cloud storage system and can bring together data leakage prevention and fine-grained access control. The existing researches on applying CP-ABE to cloud storage system mainly focus on the efficiency of decryption and user revocation, and some special improvements have been done to alleviate the workloads of data owners and users, such as proxy re-encryption and decryption outsourcing. However, the complexity of user revocation is still linearly correlated with the number of ciphertexts and users in the system. Therefore, in a big data environment with mass data and users, user revocation is still a challenge. In this paper, we propose a distributed, scalable and fine-grained access control scheme with efficient decryption and user revocation for the big data in clouds. We also present a new multi-authority CP-ABE scheme for supporting the efficient decryption outsourcing, user revocation and dynamically joining and exiting of attribute authorities. In our scheme, user revocation is only related to revoked user and can achieve both forward security and backward security. The system analysis shows that our scheme is efficient and provably secure in the generic group model.