Tunable access control for data sharing in cloud

Abstract

Attribute-Based Encryption (ABE) suffers communication and computation overhead due to the linearly varying size of the ciphertext and the secret key, depending on the number of attributes in the access policy. This paper proposes a multilevel attribute-based access control scheme for secure data sharing in the cloud to reduce the overhead. It produces a constant size ciphertext and a compact secret key to efficiently utilize the storage space and reduce the communication cost. This method flexibly shares ciphertext classes among the randomly selected users with a specific set of attributes. All other ciphertext classes outside the set remain confidential. It allows dynamic data updates and provides access control of varying granularity, at user-level, at file-level, and attribute-level. Granularity levels can be chosen based on applications and user demands. This scheme tackles user revocation and attribute revocation problems, and prevents forward and backward secrecy issues. It allows the data owner to revoke a specific user or a group of users. It is very useful for secure data storage and sharing.