Paper 2012/651

TAAC: Temporal Attribute-based Access Control for Multi-Authority Cloud Storage Systems

Kan Yang, Zhen Liu, Zhenfu Cao, Xiaohua Jia, Duncan S. Wong, and Kui Ren


Data access control is an effective way to ensure the data security in the cloud. Due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Ciphertext-Policy Attribute-based Encryption (CP-ABE), as a promising technique for access control of encrypted data, is very suitable for access control in cloud storage systems due to its high efficiency and expressiveness. However, the existing CP-ABE schemes cannot be directly applied to data access control for cloud storage systems because of the attribute revocation problem. In this paper, we consider the problem of attribute revocation in multi-authority cloud storage systems where the users' attributes come from different domains each of which is managed by a different authority. We propose TAAC (Temporal Attribute-based Access Control), an efficient data access control scheme for multi-authority cloud storage systems, where the authorities are independent from each other and no central authority is needed. TAAC can efficiently achieve temporal access control on attribute-level rather than on user-level. Moreover, different from the existing schemes with attribute revocation functionality, TAAC does not require re-encryption of any ciphertext when the attribute revocation happens, which means great improvement on the efficiency of attribute revocation. The analysis results show that TAAC is highly efficient, scalable, and flexible to applications in practice.

Available format(s)
-- withdrawn --
Public-key cryptography
Publication info
Published elsewhere. Unknown status
Access ControlTemporal RevocationCP-ABECloud StorageMulti-authority
Contact author(s)
liuzhen sjtu @ gmail com
2014-02-10: withdrawn
2012-11-21: received
See all versions
Short URL
Creative Commons Attribution
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.