Role and Time-Based Access Control with Efficient Revocation for Cloud Storage

摘要

Cloud computing is regarded as a promising computing paradigm. More and more people store their sensitive data on the cloud. While enjoying the provided convenience, users may lose control on their personal data since the ownership of the data is separated from the administration of them. So it is a great challenge for data security and accessing the sensitive data on the cloud. In this paper, we propose a novel access control scheme, termed RTBAC, which achieve role-based, time-release and secure data access in cloud. Our RTBAC simultaneously enjoys the following properties: i) time-release, the sensitive data owner may specify a time instant which means that the receiver can decrypt the ciphertext until a time instant key has been obtained, ii) fine-grained access control, any user with the higher role can access the sensitive data and revoked users cannot access the cloud after they are revoked, iii) provably secure, the proposed scheme is IND-CTCA secure under the q-BDHIP, MBDH assumptions. Thoroughly theoretical analysis and performance evaluation indicate the effectiveness and efficiency of our proposed RTBAC.