Premium
Achieving fine‐grained access control for secure data sharing on cloud servers
Author(s) -
Wang Guojun,
Liu Qin,
Wu Jie
Publication year - 2011
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.1698
Subject(s) - computer science , encryption , access control , cloud computing , attribute based encryption , delegation , data sharing , server , client side encryption , ciphertext , computer security , flexibility (engineering) , identity (music) , computer network , on the fly encryption , public key cryptography , operating system , mathematics , medicine , statistics , alternative medicine , physics , acoustics , pathology , political science , law
With more and more enterprises sharing their sensitive data on cloud servers, building a secure cloud environment for data sharing has attracted a lot of attention in both the industry and academic communities. In this paper, we propose a conjunctive precise and fuzzy identity‐based encryption (PFIBE) scheme for secure data sharing on cloud servers, which allows the encryption of data by specifying a recipient identity (ID) set or a disjunctive normal form (DNF) access control policy over attributes, so that only the user whose ID belongs to the ID set or attributes satisfy the DNF access control policy can decrypt the corresponding data. Our design goal is to propose a novel encryption scheme, which simultaneously achieves a fine‐grained access control, flexibility, high performance, and full key delegation, so as to help enterprise users to enjoy more secure, comprehensive, and flexible services. We achieve this goal by first combining the hierarchical identity‐based encryption (HIBE) system and the ciphertext‐policy attribute‐based encryption (CP‐ABE) system, and then marking each user with both an ID and a set of descriptive attributes, finally separating the access control policy into two parts: a recipient ID set and a DNF attribute‐based access control policy. Copyright © 2011 John Wiley & Sons, Ltd.