Abstract
Secure cloud storage, an emerging cloud service, guarantees the confidentiality of outsourced data while providing flexible data access control for cloud users whose data are out of their physical control. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is one of the promising secure mechanisms to support fine-grained access control on encrypted data in cloud settings. However, due to its inherent "all-or-nothing" decryption control characteristic, there is a risk for the misuse of access credentials. In this paper, we consider the two main types of access credential misuse, namely: semi-trusted authority's illegal access credential (re-)distribution, and cloud user's illegal access credential leakage. To mitigate these two types of access credential misuse, we propose the first accountable authority revokable CP-ABE based cloud storage system with white-box traceability and auditing, referred to as CryptCloud+. We also prove the security of our system and present the experimental results to demonstrate the utility of our system.
Original language | English |
---|---|
Journal | IEEE Transactions on Services Computing |
DOIs | |
Publication status | E-pub ahead of print - 2018 |
Externally published | Yes |
Keywords
- Access control
- Access Credentials Misuse
- Auditing
- Ciphertext-Policy Attribute-Based Encryption
- Cloud computing
- Data privacy
- Encryption
- Organizations
- Secure Cloud Storage
- Traceability and Revocation