A Temporal and Spatial Constrained Attribute-Based Access Control Scheme for Cloud Storage

• Published in: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) pp. 614 - 623
• Main Authors: Liu, Zechao, Jiang, Zoe L., Wang, Xuan, Yiu, S. M., Zhang, Ruoqing, Wu, Yulin
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.08.2018
• Subjects: Access control; Attribute-Based Encryption; Cloud computing; Cloud Storage; Encryption; Servers; Spatial Constraint; Temporal Constraint; Time factors
• ISSN: 2324-9013
• DOI: 10.1109/TrustCom/BigDataSE.2018.00092

Cloud storage service allows data owners to store their (encrypted) data in a remote and may be untrusted cloud server. Attribute-Based Encryption (ABE) provides an excellent and flexible solution for data access control. As more and more applications evolved, ABE schemes may not handle all scenarios, in particular, if the access control has a time and location constraint. Time and location attributes are not as static as other general attributes. Existing ABE schemes cannot efficiently handle the continuous range of an attribute making it impractical for temporal and spatial constraints that are changing dynamically. In this paper, we propose a novel temporal and spatial constrained attribute-based access control (TSC-ABAC) scheme to solve this problem. Our system adopts a redesigned access structure and makes use of multi-dimensional range derivation function to match the time domain. This is the first ABE scheme that can efficiently handle time and location elements simultaneously. We further propose an extended TSC-ABAC scheme, which aims at reducing the decryption cost imposed on user. A thorough security and performance analysis shows that our design is secure and efficient. The result of our work could provide a feasible and practical data access control scheme for cloud storage services.