Fine-Grained Access Control Systems Suitable for Resource-Constrained Users in Cloud Computing

Authors

  • Yinghui Zhang National Engineering Laboratory for Wireless Security, Xi'an University of Posts and Telecommunications Xi'an 710121 & State Key Laboratory of Cryptology, Beijing 100878
  • Dong Zheng National Engineering Laboratory for Wireless Security, Xi'an University of Posts and Telecommunications Xi'an 710121 & State Key Laboratory of Cryptology, Beijing 100878
  • Rui Guo National Engineering Laboratory for Wireless Security, Xi'an University of Posts and Telecommunications Xi'an 710121
  • Qinglan Zhao National Engineering Laboratory for Wireless Security, Xi'an University of Posts and Telecommunications Xi'an 710121

Keywords:

Attribute-based encryption, constant computation, access control, revocation, cloud computing

Abstract

For the sake of practicability of cloud computing, fine-grained data access is frequently required in the sense that users with different attributes should be granted different levels of access privileges. However, most of existing access control solutions are not suitable for resource-constrained users because of large computation costs, which linearly increase with the complexity of access policies. In this paper, we present an access control system based on ciphertext-policy attribute-based encryption. The proposed access control system enjoys constant computation cost and is proven secure in the random oracle model under the decision Bilinear Diffie-Hellman Exponent assumption. Our access control system supports AND-gate access policies with multiple values and wildcards, and it can efficiently support direct user revocation. Performance comparisons indicate that the proposed solution is suitable for resource-constrained environment.

Downloads

Download data is not yet available.

Downloads

Published

2018-07-03

How to Cite

Zhang, Y., Zheng, D., Guo, R., & Zhao, Q. (2018). Fine-Grained Access Control Systems Suitable for Resource-Constrained Users in Cloud Computing. COMPUTING AND INFORMATICS, 37(2), 327–348. Retrieved from http://www.cai.sk/ojs/index.php/cai/article/view/2018_2_327