Affiliations: [a] Department of Information Technology, Mizoram University, Mizoram, India | [b] Department of Information Technology, North Eastern Hill University, Meghalaya, India
Correspondence:
[*]
Corresponding author: Somen Debnath, Department of Information Technology, Mizoram University, Mizoram 796004, India. E-mail: [email protected].
Abstract: Cloud data access control is a very important issue especially when data are outsourced into a third-party cloud server. Recently, some researchers are working to enhance the trust level of cloud users by developing the secured access control to store the data into a third-party server. CP-ABE (Ciphertext-Policy Attribute-Based Encryption) is a very fruitful technology for such situation providing a capability of encrypted data access control. The existing mechanisms for outsourced data access control are mostly centralized, where a single key distribution center works as attribute authority and generates attributes along with corresponding keys for all users. In some cases, multiple key distribution centers used to generate user attributes along with user secret keys to make the system decentralized. However, all such mechanisms are based on small universe CP-ABE, where attribute set need to define in the initial setup phase and therefore public parameters and ciphertext size are increased linearly with attribute numbers in the system. As the attribute numbers in an access control system in the cloud should not be defined initially or if new attribute required to add time to time in the system and the existing attribute may be required to revoke form the system, then small universe enabled CP-ABE is not scalable and efficient compared to large universe system. In a large universe system, initially the size of parameters is large but it makes the size of ciphertext short in the system. In the paper, we proposed an access control scheme using large universe CP-ABE with user revocation and to make more efficient using decryption computation outsourcing into the cloud. The proposed system helps efficiently decrypt the data using a lightweight device. We have analyzed the security, scalability, and performance of our proposed scheme with existing approaches with respect to communication and computation cost.
