A fine-grained access control and revocation scheme on clouds

In recent years, more and more companies outsource their data to the cloud service provider to greatly reduce the cost. However, it also raises underlying security and privacy issues for the significant corporate data. Therefore, a natural way to keep sensitive data confidential against an untrusted cloud service provider is only to store the encrypted data in the cloud. Flexible encryption schemes can provide a fine grain access control for the encrypted data and ensure legitimate user to decrypt the corresponding data. The key problems of this approach include establishing access control for the encrypted data and revoking the access rights from users when they are no longer authorized to access the encrypted data on cloud servers. This paper aims to solve these problems. First, with the attribute encryption and the dual encryption system, we propose a concrete access control scheme constructed over the composite-order bilinear groups, and we prove its security under the standard model. Then, we propose a fully fine-grained revocation scheme under the direct revocation model so as to efficiently revoke access rights from users on cloud servers. Copyright (C) 2012 John Wiley & Sons, Ltd.