CryptCloud+: Secure and Expressive Data Access Control for Cloud Storage

Jianting Ning, Zhenfu Cao, Xiaolei Dong, Kaitai Liang, Lifei Wei, Kim Kwang Raymond Choo

Research output: Contribution to journalArticleScientificpeer-review

8 Citations (Scopus)


Secure cloud storage, an emerging cloud service, guarantees the confidentiality of outsourced data while providing flexible data access control for cloud users whose data are out of their physical control. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is one of the promising secure mechanisms to support fine-grained access control on encrypted data in cloud settings. However, due to its inherent "all-or-nothing" decryption control characteristic, there is a risk for the misuse of access credentials. In this paper, we consider the two main types of access credential misuse, namely: semi-trusted authority's illegal access credential (re-)distribution, and cloud user's illegal access credential leakage. To mitigate these two types of access credential misuse, we propose the first accountable authority revokable CP-ABE based cloud storage system with white-box traceability and auditing, referred to as CryptCloud+. We also prove the security of our system and present the experimental results to demonstrate the utility of our system.

Original languageEnglish
JournalIEEE Transactions on Services Computing
Publication statusE-pub ahead of print - 2018
Externally publishedYes


  • Access control
  • Access Credentials Misuse
  • Auditing
  • Ciphertext-Policy Attribute-Based Encryption
  • Cloud computing
  • Data privacy
  • Encryption
  • Organizations
  • Secure Cloud Storage
  • Traceability and Revocation

Fingerprint Dive into the research topics of 'CryptCloud+: Secure and Expressive Data Access Control for Cloud Storage'. Together they form a unique fingerprint.

Cite this