Efficient Attribute-Based Access Control With Authorized Search in Cloud Storage

Attribute-based encryption has been widely employed to achieve data confidentiality and fine-grained access control in cloud storage. To enable users to identify accessible data in numerous dataset, clear attributes should be appended to the ciphertext, which results in the exposure of attribute privacy. In this paper, we propose an efficient attribute-based access control with authorized search scheme (EACAS) in cloud storage by extending the anonymous key-policy attribute-based encryption (AKP-ABE) to support fine-grained data retrieval with attribute privacy preservation. Specifically, by integrating the key delegation technique into AKP-ABE, EACAS enables data users to customize search policies based on their access policies, and generate the corresponding trapdoor using the secret key granted by the data owner to retrieve their interesting data. In addition, a virtual attribute with no semantic meaning is utilized in data encryption and trapdoor generation to empower the cloud to perform an attribute-based search on the outsourced ciphertext without knowing the underlying attributes or outsourced data. The data owners can achieve fine-grained access control on their outsourced data, and the data users are flexible to search their interesting data based on protected attributes through customizing the search policies. Finally, we demonstrate that EACAS is more efficient than existing solutions on computation and storage overheads.