An Identity Preserving Access Control Scheme with Flexible System Privilege Revocation in Cloud Computing

The advent of cloud computing motivates business organizations to migrate their complex data management systems from local servers to cloud servers for scalable and durable resources on pay per use basis. Considering enormous users and large amount of documents at cloud servers, there is a requirement of an access control scheme, which supports fine-grained cum flexible access control along with 'Query-Response' mechanism to enable users to efficiently retrieve desired data from cloud servers. In addition, the scheme should support considerable flexibility to revoke system privileges from user, such as to restrict user from sharing or retrieving data or both, i.e., flexible system privilege revocation and most imperatively to preserve the identity of data owner and consumer, while sharing and retrieving data. Most of the access control schemes in cloud computing till date focus on restricting user from accessing data only. In this paper, we propose an identity preserving access control scheme to simultaneously realize the notion of scalability, fine-grained cum flexible access control, efficient data utilization, identity preserving and flexible system privilege revocation. We extend Ciphertext-Policy Attribute-Set-Based Encryption (CPASBE) in a hierarchical structure of users to achieve scalability. In addition, a hybridization of proxy re-encryption and CP-ASBE is introduced to materialize the concept of flexible system privilege revocation. Furthermore, we formally prove the security of our proposed scheme based on decisional bilinear Diffie-Hellman assumption. Efficacy of our scheme is depicted by performing comprehensive experiments.