A framework for secure data sharing in the cloud
Cloud storage is not a new technology and it is being embraced more every day. Security and privacy concern of the data on the cloud is growing every day, this creates the need for data encryption and access control. Using access policy with specified attributes, although several implementation of access control exists, they require re-encryption of the data when some users’ access has to be restricted. Therefore the focus of this research work is developing a framework that allows user revocation without re-encrypting previous data. The order of operation was split into four – Setup, Keygen, Encryption, and Decryption. In order to provide timely access control, a proxy server was employed. The proxy server checks user’s attribute each time access is made to the data encrypted, using the current users attributes, generated a user key that may decrypt the data to be accessed. In the experiment, the proxy based access control framework was tested in an educational environment using faculty, department and level as attributes. The size of ciphertext was O(n), private key - O(A), encryption time - O(n), and decryption time O(T). In other implementations of cp-abe, cost increase in the multiples of the number of user revocation while only initial cost is incurred in our framework. Our framework was able to remove the cost of re-encryption through the use of proxy based access control leading to reduction in activity without re-encrypting the data.
Keywords: User-revocation, Access Control, proxy server, attributes, encryption.