Cryptology ePrint Archive: Report 2012/651
TAAC: Temporal Attribute-based Access Control for Multi-Authority Cloud Storage Systems
Kan Yang and Zhen Liu and Zhenfu Cao and Xiaohua Jia and Duncan S. Wong and Kui Ren
Abstract: Data access control is an effective way to ensure the data security in the cloud. Due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems.
Ciphertext-Policy Attribute-based Encryption (CP-ABE), as a promising technique for access control of encrypted data, is very suitable for access control in cloud storage systems due to its high efficiency and expressiveness.
However, the existing CP-ABE schemes cannot be directly applied to data access control for cloud storage systems because of the attribute revocation problem. In this paper, we consider the problem of attribute revocation in multi-authority cloud storage systems where the users' attributes come from different domains each of which is managed by a different authority.
We propose TAAC (Temporal Attribute-based Access Control), an efficient data access control scheme for multi-authority cloud storage systems, where the authorities are independent from each other and no central authority is needed. TAAC can efficiently achieve temporal access control on attribute-level rather than on user-level. Moreover, different from the existing schemes with attribute revocation functionality, TAAC does not require re-encryption of any ciphertext when the attribute revocation happens, which means great improvement on the efficiency of attribute revocation. The analysis results show that TAAC is highly efficient, scalable, and flexible to applications in practice.
Category / Keywords: public-key cryptography / Access Control, Temporal Revocation, CP-ABE, Cloud Storage, Multi-authority
Date: received 15 Nov 2012
Contact author: liuzhen sjtu at gmail com
Available format(s): PDF | BibTeX Citation
Version: 20121121:161957 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]