Multi-authority proxy re-encryption based on CPABE for cloud storage systems

The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems. Traditional encryption technologies are not suitable for data protection in cloud storage systems. A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption (MPRE-CPABE) is proposed for cloud storage systems. MPRE-CPABE requires data owner to split each file into two blocks, one big block and one small block. The small block is used to encrypt the big one as the private key, and then the encrypted big block will be uploaded to the cloud storage system. Even if the uploaded big block of file is stolen, illegal users cannot get the complete information of the file easily. Ciphertext-policy attribute-based encryption (CPABE) is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right. MPRE-CPABE applies CPABE to the multi-authority cloud storage system, and solves the above issues. The weighted access structure (WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments, and reduce the computational cost of key distribution. Meanwhile, MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation. Experiments are implemented on platforms of Ubuntu and CloudSim. Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right. MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman (DBDH).