Re‐definable access control over outsourced data in cloud storage systems

There is an increasing concern for data privacy when people outsource their data to remote cloud storage servers. To secure outsourced data, cloud users are suggested to employ cryptographic encryption to specify access policies such that only users meeting the policies can access the data. After the application of an encryption, however, users are difficult to modify their access policies since the policies were already formulated by the encryption. To address such problem, the authors propose a new approach referred to as re‐definable access control (RDAC). The RDAC utilises identity‐based encryption (IBE) and attribute‐based encryption (ABE) to secure outsourced data and allows users to choose either to achieve access control according to their capability and requirements. Moreover, the RDAC allows users to change simple access policies into fine‐grained access policies by converting IBE encrypted files into ABE encrypted ones, without leaking the underlying data. Surprisingly, the access policy conversion does not require the users to perform any costly computation, nor the storage servers to be disturbed. The authors prove the security of RDAC under a rigorous definition, and empirically show that the introduction of the conversion incurs almost no costs to the outsourcing and access procedures.