Towards efficient update of access control policy for cryptographic cloud storage

Abstract

To protect sensitive data from unauthorized access, encrypting data at the user end before outsourcing them to the cloud storage, has become a common practice. In this case, the access control policy is enforced through assigning proper cryptographic keys among collaborators. However, when the access control policy needs to be updated (e.g. new collaborators join or some collaborators leave), it is very costly for the data owner or other parties to re-encrypt the data with a new key in order to satisfy the new policy. To address this problem, we propose a dual-header structure and batch revocation, which makes the overhead for privileges grant independent of data size and significantly improves the efficiency of privilege revocation by applying lazy revocation to certain groups of revocation requests, respectively.We also analyze the overhead for authorization showing that our approach is able to efficiently manage frequent policy updates.