An Access Control Framework for Semi-trusted Storage Using Attribute-Based Encryption with Short Ciphertext and Mediated Revocation

Cryptographic access control (CAC) is an enforcement mechanism that provides authorization in the absence of a fully trusted reference monitor, which is the case in outsourced storage systems. Attribute-based encryption can be used to represent permissions in CAC similar to traditional access control, but several limitations regarding its performance and revocation process were observed. Several schemes addressed the computational overhead from revocation but did not provide solutions for storage overhead issues. Other schemes focused on storage consumption but not on revocation. To address both issues of storage and revocation overhead, we constructed Mediated Constant Cipher text-Policy ABE (MC-CP-ABE) and a mediated revocation protocol. We implemented this and three other CP-ABE schemes together with the protocol to build an access control framework for facilitating file transfer in semi-trusted third-party servers. We evaluated the performance of our framework using these four schemes and the trade-offs in using a mediated architecture for fine-grained revocation. We show through experiments that our solution maintains a constant-length numeric ABE cipher text and reduces the time required to perform selective and partial revocation.