CryptCloud Secure and Expressive Data Access Control for Cloud Storage in Java

CryptCloud Secure and Expressive Data Access Control for Cloud Storage in Java

Abstract:

Secure cloud storage, an emerging cloud service, guarantees the confidentiality of outsourced data while providing flexible data access control for cloud users whose data are out of their physical control. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is one of the promising secure mechanisms to support fine-grained access control on encrypted data in cloud settings. However, due to its inherent "all-or-nothing" decryption control characteristic, there is a risk for the misuse of access credentials. In this paper, we consider the two main types of access credential misuse, namely: semi-trusted authority's illegal access credential (re-)distribution, and cloud user's illegal access credential leakage. To mitigate these two types of access credential misuse, we propose the first accountable authority revokable CP-ABE based cloud storage system with white-box traceability and auditing, referred to as CryptCloud+. We also prove the security of our system and present the experimental results to demonstrate the utility of our system.