A Cryptographically Enforced Access Control with a Flexible User Revocation on Untrusted Cloud Storage

Jongkil Kim, Surya Nepal

Research output: Contribution to journalArticlepeer-review

17 Scopus citations


Cloud storage services have become ubiquitous. A large number of individuals and organizations are using them to store and share data, taking the benefits of mobility and affordability offered by these services. However, secure management of data in cloud storage services, more specifically supporting multi-party sharing in the context of a collaboration, is a challenging problem. The problem is further exacerbated if the data owner does not have any trust on the cloud storage providers and the data need regular updates from collaborating parties. A number of cryptographically enforced secure cloud storage solutions have been proposed to address this problem. One of the key issues with these solutions is the revocation of access to data for invalid users without moving the data (in the era of big data) and relying on the cloud service providers. In this paper, we introduce a cloud storage system that offers cryptographically enforced security. In contrast to other cryptographically protected cloud storage systems, our system supports a fine-grained access control mechanism and allows flexible revocations of invalid users without moving the data and relying on the cloud service providers. Our system employs an attribute-based encryption technique to support a complex access structure that allows a user to define human readable access policies to the data in the cloud storage. In addition, our system supports a flexible revocation scheme that can revoke invalid users directly by updating the revoked users’ list or indirectly by updating an epoch counter. The system administrator can choose one of these options flexibly depending on the needs. Our system also allows authorized users to update the encrypted data, and any users accessing such updated data in future can verify whether the data are modified by authorized users.

Original languageEnglish
Pages (from-to)149-160
Number of pages12
JournalData Science and Engineering
Issue number3
StatePublished - 1 Sep 2016

Bibliographical note

Publisher Copyright:
© 2016, The Author(s).


  • Access control
  • Attribute-based encryption
  • Cloud storage
  • Revocation


Dive into the research topics of 'A Cryptographically Enforced Access Control with a Flexible User Revocation on Untrusted Cloud Storage'. Together they form a unique fingerprint.

Cite this