Efficient Decentralized Attribute Based Access Control for Mobile Clouds

Fine grained access control is a requirement for data stored in untrusted servers like clouds. Owing to the large volume of data, decentralized key management schemes are preferred over centralized ones. Often encryption and decryption are quite expensive and not practical when users access data from resource constrained devices. We propose a decentralized attribute based encryption (ABE) scheme with fast encryption, outsourced decryption and user revocation. Our scheme is very specific to the context of mobile cloud as the storage of encrypted data and the partial decryption of ciphertexts are dependent on the cloud and users with mobile devices can upload data to the cloud or access data from it by incurring very little cost for encryption and decryption respectively. The main idea is to divide the encryption into two phases, offline preprocessing phase which is done when the device is otherwise not in use and an online phase when the data is actually encrypted with the policy. This makes encryption faster and more efficient than existing decentralized ABE schemes. For decryption outsourcing, data users need to generate a transformed version of the decryption key allowing an untrusted proxy server to partially decrypt the ciphertext without gaining any information about the plaintext. Data users can then fully decrypt the partially decrypted ciphertext without performing any costly pairing operations. We also introduce user revocation in this scheme without incurring too much additional cost in the online phase. Comparison with other ABE schemes shows that our scheme significantly reduces computation times for both data owners and data users and highly suitable for use in mobile devices.