User Revocation Based On Intermediate Agency In Data Access Control

In the cloud environment, the physical location of user’s data is changed. Now user’s data is stored in the cloud instead of their personal computer, which leads to the problem that user lost the access control of user’s data directly.Any access control of the user’s data has to rely on cloud service providers. In this case, it is necessary to introduce cipher mechanism of access control in order to protect the confidentiality of user’s data. Using traditional symmetric encryption mechanism and asymmetric encryption mechanism to implement access control is feasible, but it is not fine-grained access control.Most importantly,it is not efficient and extensible that it need to encrypt the data and distribute keys when user revocation occured. Attribute-based encryption is the important methods for fine-grained access control.The user revocation is most important part of it. In the existing research, some schemes only encrypt symmetric key but not encrypt original data. Therefore, this can result in the revocation user can still decrypt the cipher text because of he can keep the symmetric key.Therefore,these schemes can not solve the backward security problems. In order to ensure the backward security of user’s data, the another schemes need to update the symmetric key, encrypt the original data and issue the private key. The efficiency is very low, almost can’t use in a practical environment. Therefore, it is urgent to solve the problem in user revocation in the fine-grained access control today.We have carried out a research on user revocation in the fine-grained access, and main contributions are outlined as below:(1) In order to solve the problems that in the user revocation in the fine-grained access control, this paper proposes a user revocation scheme based on intermediate agency. The scheme is the main idea is that the decryption is divided into two steps.The intermediate agency takes first step decryption and then the user finish the next. The intermediate agency make sure that the userc can not decrypt the cipher alone, so there is no need to encrypt original data.Therefore, it is secure and efficient.(2) We also give a extended scheme to be used in the large file scene.In this extended scheme, we user double symmetric encryption instead CP-ABE.The outside key was kept by intermediate agency,and the inside key was kept by user.The efficiency of symmetric encryption makes our scheme better in the large file scene.Theoretical analysis and experimental results show that our scheme is superior than the existed schemes in the fine-grained access control environment.Therefore, it is a secure and efficient solution in the fine-grained access control environment.