DAC-MACS : Effective data access control for multiauthority cloud storage systems

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

245 Scopus Citations
View graph of relations


Related Research Unit(s)


Original languageEnglish
Article number6585778
Pages (from-to)1790-1801
Journal / PublicationIEEE Transactions on Information Forensics and Security
Issue number11
Online published23 Aug 2013
Publication statusPublished - Nov 2013


Data access control is an effective way to ensure data security in the cloud. However, due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Existing access control schemes are no longer applicable to cloud storage systems, because they either produce multiple encrypted copies of the same data or require a fully trusted cloud server. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising technique for access control of encrypted data. However, due to the inefficiency of decryption and revocation, existing CP-ABE schemes cannot be directly applied to construct a data access control scheme for multiauthority cloud storage systems, where users may hold attributes from multiple authorities. In this paper, we propose data access control for multiauthority cloud storage (DAC-MACS), an effective and secure data access control scheme with efficient decryption and revocation. Specifically, we construct a new multiauthority CP-ABE scheme with efficient decryption, and also design an efficient attribute revocation method that can achieve both forward security and backward security. We further propose an extensive data access control scheme (EDAC-MACS), which is secure under weaker security assumptions. © 2013 IEEE.

Research Area(s)

  • Access control, attribute revocation, CP-ABE, decryption outsourcing, multiauthority cloud