A flexible cryptographic approach for secure data storage in the cloud using role-based access control

摘要

There has been a recent trend in storing data in the cloud because of the significant benefits, such as on demand resources and low maintenance costs. However due to the distributed nature of the cloud, access control mechanisms need to be employed to protected the privacy of data stored in cloud. Role-based access control (RBAC) provides a flexible way for users to manage and share their data in the cloud. In this paper, we propose a role-based encryption (RBE) scheme which enforces RBAC policies using cryptographic techniques. In our scheme, an owner of data can encrypt the data to a role in a RBAC system, and only the users who have the permissions of the role in the RBAC system can decrypt the data. Our scheme achieves efficient user management where the manager of a role can easily grant/revoke the membership of the role to/from a user without the needs of other parties' participants. We compare our scheme with other previously published schemes and show that our scheme has better performance in both computation and management.