ICAuth: A secure and scalable owner delegated inter-cloud authorization

This paper proposes a secure inter-cloud authorization scheme using ciphertext-policy attribute-based encryption (CP-ABE). The proposed scheme enables data owners to access files which are stored in cloud storage servers, managed by a service provider, using web applications which may be registered with another service provider. To access the stored files using a web application, the data owner can issue one time access tokens. For issuing the access tokens, the data owner does not need collaboration with any other entities in the cloud environments. In addition, single access token can be used to access several files, which reduces the number of required access tokens. Moreover, ciphertext re-encryption is performed to prevent unauthorized access. The re-encryption is delegated to a cloud storage service provider to reduce overhead on the data owner side. The security analysis of the proposed scheme has been done under the Decisional Bilinear Diffie-Hellman assumption and it is proven to be secure against Chosen Plaintext Attack. Moreover, performance analysis of the proposed scheme shows that it incurs low overhead in terms of communication and storage and it takes minimum delay and computation costs while providing better functionality.