Achieving Collaborative Cloud Data Storage by Key-Escrow-Free Multi-Authority CP-ABE Scheme with Dual-Revocation

Nowadays, more and more users store their data in cloud storage servers for great convenience and real benefits offered by the service, so cloud data storage becomes one of the desirable services provided by cloud service providers. Multi-Authority Ciphertext-Policy Attribute-Based Encryption (MA-CP-ABE) is an emerging cryptographic solution to data access control for large-scale collaborative cloud storage service, which allows any data owner to outsource the data to cloud data storage in order to enable users from collaborating domains or organizations to access the outsourced data. However, the existing MA-CPABE schemes cannot be directly applied to collaborative cloud storage services as data access control due to the key escrow problem and the absence of dual revocation mechanism (user revocation and attribute revocation). By addressing these issues, this paper presents a Key-EscrowFree Multi-Authority Ciphertext-Policy Attribute-Based Encryption Scheme with Dual-Revocation by introducing “the essential attribute” and making use of a certificate authority apart from attribute authorities. Compared with the existing MA-CP-ABE schemes, the proposed scheme is the most suitable one to enable data access control for collaborative cloud storage systems. Furthermore, the security and performance analysis indicates that our scheme is more secure and reasonably efficient to be applied to practical scenarios as collaborative cloud storage systems.