A Cloud Storage Data Access Control Scheme Based on Attribute-Sets Encryption

  • Lihua Zhang
  • Panpan Jiang
  • Qi Yi
  • Fan Lan
  • Tengfei Jiang
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 960)


In order to solve the data security problem in cloud storage system, an access control scheme which supports for a finer attribute expression for cloud storage data based on CP-ASBE (Ciphertext-Policy Attribute-Sets Based Encryption) is proposed in this paper, which can solve the problem of attribute confusion based on attribute encryption algorithm. A multi-authorization center is used to address single-point security issues. The digest of plaintext is used to encrypt the plaintext, and then the CP-ASBE encryption key is used to improve the efficiency and save the storage space of the cloud storage. In terms of attribute revocation, access control lists are used to handle coarse-grained privilege revocation. For fine-grained attribute revocation, proxy re-encryption is used and the complex calculations are delegated to the computationally powerful DataNode node. The confidentiality, integrity, non-repudiation, availability and security of the scheme are analyzed and proved. The results show that the cloud storage data access control scheme based on CP-ASBE can effectively improve the security of user data in HDFS (Hadoop Distributed File System) cloud storage system.


Access control protocol Cloud storage Attribute set based encryption scheme 


  1. 1.
    Wang, Y.Z., Ji, X.L., Cheng, X.Q.: Network big data: present and future. Chin. J. Comput. 36(6), 1125–1138 (2013)CrossRefGoogle Scholar
  2. 2.
    Liu, Z.H., Zhang, Q.: Research overview of big data technology. J. Zhejiang Univ. (Eng. Sci.) 48(6), 957–972 (2014)zbMATHGoogle Scholar
  3. 3.
    Li, X.L., Gong, H.G.: A survey on big data systems. Sci. Sinica Informationis 45(1), 1–44 (2015)MathSciNetGoogle Scholar
  4. 4.
    Xia, J.B., Wei, Z.K., Fu, K.: Review of research and application on Hadoop in cloud computing. Comput. Sci. 43(11), 6–11 (2016)Google Scholar
  5. 5.
    Li, H., Zhang, M., Feng, D.-G., Hui, Z.: Research on access control of big data. Chin. J. Comput. 1, 72–91 (2017)MathSciNetGoogle Scholar
  6. 6.
    Ijaz, I., Aslam, A., Bukhari, B., et al.: Securing cloud infrastructure through PKI. In: International Conference on Computing, Communication and Networking Technologies, pp. 1–6. IEEE (2014)Google Scholar
  7. 7.
    Ma, Y.: Study of security mechanism based on Hadoop. Inf. Secur. Commun. Priv. 6, 95–98 (2012)Google Scholar
  8. 8.
    Yin, X.C., Liu, Z.G., Lee, H.J.: An efficient and secured data storage scheme in cloud computing using ECC-based PKI. In: International Conference on Advanced Communication Technology, pp. 523–527 IEEE (2014)Google Scholar
  9. 9.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). Scholar
  10. 10.
    Boneh, D., Franklin, M.: Identity based encryption from the weil pairing. SIAM J. Comput. 32(3), 213–229 (2001)MathSciNetzbMATHGoogle Scholar
  11. 11.
    Liu, D., Fan, Y.: Design and implementation on cloud document secure storage management system based on IBE mechanism. Netinfo Secur. 12, 1–7 (2016)Google Scholar
  12. 12.
    Liu, Z.: Research and implementation on cloud computing security based on HDFS. Comput. Model. New Technol. 17(5B), 41–45 (2013)Google Scholar
  13. 13.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). Scholar
  14. 14.
    Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). Scholar
  15. 15.
    Ruj, S., Nayak, A., Stojmenovic, I.: DACC: distributed access control in clouds. In: IEEE, International Conference on Trust, Security and Privacy in Computing and Communications, pp. 91–98. IEEE (2011)Google Scholar
  16. 16.
    Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: ACM Conference on Computer and Communications Security, pp. 121–130. ACM (2009)Google Scholar
  17. 17.
    Kim, S.H., Lee, I.Y.: Study on user authority management for safe data protection in cloud computing environments. Symmetry 7(1), 269–283 (2015)CrossRefGoogle Scholar
  18. 18.
    Müller, S., Katzenbeisser, S., Eckert, C.: Distributed attribute-based encryption. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 20–36. Springer, Heidelberg (2009). Scholar
  19. 19.
    Bobba, R., Khurana, H., Prabhakaran, M.: Attribute-sets: a practically motivated enhancement to attribute-based encryption. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 587–604. Springer, Heidelberg (2009). Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Lihua Zhang
    • 1
  • Panpan Jiang
    • 2
  • Qi Yi
    • 1
  • Fan Lan
    • 1
  • Tengfei Jiang
    • 2
  1. 1.School of SoftwareEast China Jiaotong UniversityNanchangChina
  2. 2.School of Electrical and Automation EngineeringEast China Jiaotong UniversityNanchangChina

Personalised recommendations