A Temporal and Spatial Constrained Attribute-Based Access Control Scheme for Cloud Storage

摘要

Cloud storage service allows data owners to store their (encrypted) data in a remote and may be untrusted cloud server. Attribute-Based Encryption (ABE) provides an excellent and flexible solution for data access control. As more and more applications evolved, ABE schemes may not handle all scenarios, in particular, if the access control has a time and location constraint. Time and location attributes are not as static as other general attributes. Existing ABE schemes cannot efficiently handle the continuous range of an attribute making it impractical for temporal and spatial constraints that are changing dynamically. In this paper, we propose a novel temporal and spatial constrained attribute-based access control (TSC-ABAC) scheme to solve this problem. Our system adopts a redesigned access structure and makes use of multi-dimensional range derivation function to match the time domain. This is the first ABE scheme that can efficiently handle time and location elements simultaneously. We further propose an extended TSC-ABAC scheme, which aims at reducing the decryption cost imposed on user. A thorough security and performance analysis shows that our design is secure and efficient. The result of our work could provide a feasible and practical data access control scheme for cloud storage services.