Article Preview
TopIntroduction
Cloud computing provides the advantage of storing huge amount of data in cloud servers and the data can be accessed from anywhere through the internet. Thus, data distributers store their sensitive data in cloud computers and it can be accessed by the data users at any time for any purpose. Since the data is private, it is necessary to secure the data from unauthorized entities (Sun et al., 2014). For this purpose, researchers had developed access control techniques to control the access over private data stored in cloud servers. However, providing efficient data security and fine-grained access control are the major issues faced by cloud computing servers. Nowadays, cryptography-based encryption techniques are used to provide data security as well as fine-grained access control for cloud storage environment. Whereas, traditional cryptographic encryption schemes such as symmetric and asymmetric techniques are not preferred because of low efficiency and lack of access control over cloud datasets. Thus, Attribute-Based Encryption (ABE) cryptographic schemes are preferred by cloud data distributors as it provides secured data transfer with fine-grained access control.
In ABE technique, there is a central authority responsible for handling attribute universe of the entire system. Attributes are nothing but piece of information used as an essential information to identify the trusted data users. In the Cloud storage scenario, the plaintext owned by several data distributors are encrypted with attributes, and the resulting ciphertext is stored in the cloud servers. When a user requests a connection, the central authority generates the decryption key and transmits it to the user. The decryption key contains a set of attributes which acts as the identity of user. Therefore, an authorized user is permitted to decrypt the ciphertext only when the attributes in their decryption key matches the attributes encrypted in the ciphertext. Thus, the sensitive data is protected, and the access control providing this kind of data security is termed as fine-grained access control.
ABE technique was first introduced by Sahai and Waters (2005) as Fuzzy identity-based encryption. In this technique, the data user is allowed to access the data when the identity in their private key satisfies the attribute encrypted in the data. ABE schemes are classified as Key-Policy Attribute-Based Encryption (KP-ABE) (Goyal et al., 2006; Han et al., 2012) and Ciphertext-Policy Attribute-Based Encryption (Waters, 2011). In KP-ABE, the user’s decryption key is distributed with an access policy, and the data is encrypted with attributes. On the other hand, in CP-ABE techniques, the user’s decryption key is distributed with attributes, and the data is encrypted with an access policy. Comparing both these techniques, KP-ABE does not provide data access control to data distributors whereas CP-ABE allows the data distributors to control the access over data. Thus CP-ABE techniques are preferred by data providers. This paper is constructed based on CP-ABE technique as it provides fine-grained access control by allowing only the trusted data users to access and modify the cloud data.
Based on the number of attributes used in CP-ABE construction, the attribute universe is categorized into small attribute universe (Gopika & Alex, 2015) and large attribute universe (Fu et al., 2018). In small attribute universe, the attributes used in the CP-ABE technique is fixed during system setup and it remains static. Whereas in large attribute universe-based CP-ABE techniques, the attribute universe is dynamic and its quantity is not fixed at system setup phase. In recent cryptography-based cloud data storage applications, cloud storage environment fully depends upon the data user’s authentication. Therefore, a large number of attributes are required to identify the authorized data users in order to efficiently transfer the data to correct identity. Therefore, the proposed method is constructed based on large universe attribute with an exponential scaling. It allows the central authority to update the attributes used in the system at any time.