Secure, efficient and revocable multi-authority access control system in cloud storage

• A multi-authority attribute-based access control system for cloud storage is proposed.
• An adaptively secure multi-authority CP-ABE (MA-CP-ABE) scheme in the standard model.
• A decryption outsourcing method for the proposed MA-CP-ABE scheme.
• An attribute-level revocation approach achieves back secrecy and forward secrecy.

Multi-Authority Attribute-Based Encryption (MA-ABE) is an emerging cryptographic primitive for enforcing fine-grained attribute-based access control on the outsourced data in cloud storage. However, most of the previous multi-authority attribute-based systems are either proven to be secure in a weak model or lack of efficiency in user revocation. In this paper, we propose MAACS (Multi-Authority Access Control System), a novel multi-authority attribute-based data access control system for cloud storage. We construct a new multi-authority ciphertext-policy ABE (MA-CP-ABE) scheme with decryption outsourcing. The decryption overhead for users is largely eliminated by outsourcing the undesirable bilinear pairing operations to the cloud servers. The proposed MA-CP-ABE scheme is proven adaptively secure in the standard model and supports any monotone access policy. We also design an efficient attribute-level user revocation approach with less computation cost. The security analysis, numerical comparisons and implementation results indicate that our MAACS is secure, efficient and scalable.