vFAC: Fine-Grained Access Control with Versatility for Cloud Storage

TL;DR

The paper introduces vFAC, a versatile, secure, and scalable fine-grained access control scheme for cloud storage using multi-authority CP-ABE, addressing key management, privacy, and revocation challenges.

Contribution

vFAC is the first scheme to combine large universe, no key escrow, online/offline, hidden policies, verifiability, and user revocation in multi-authority CP-ABE for cloud storage.

Findings

vFAC achieves static security under the random oracle model.

Compared to existing schemes, vFAC offers better features, scalability, and lower overhead.

vFAC effectively protects user privacy and supports flexible access control.

Abstract

In recent years, cloud storage technology has been widely used in many fields such as education, business, medical and more because of its convenience and low cost. With the widespread applications of cloud storage technology, data access control methods become more and more important in cloud-based network. The ciphertext policy attribute-based encryption (CP-ABE) scheme is very suitable for access control of data in cloud storage. However, in many practical scenarios, all attributes of a user cannot be managed by one authority, so many multi-authority CP-ABE schemes have emerged. Moreover, cloud servers are usually semi-trusted, which may leak user information. Aiming at the above problems, we propose a fine-grained access control scheme with versatility for cloud storage based on multi-authority CP-ABE, named vFAC. The proposed vFAC has the features of large universe, no key escrow problem, online/offline mechanism, hidden policy, verifiability and user revocation. Finally, we demonstrate vFAC is static security under the random oracle model. Through the comparison of several existing schemes in terms of features, computational overhead and storage cost, we can draw a conclusion that vFAC is more comprehensive and scalable.