A Generic Scheme for Secure Data Sharing in Cloud

Working in various service models ranging from SaaS, PaaS, to IaaS, cloud computing is a new revolution in IT, and could reshape the business model of how the IT industry works today. Storage services are a fundamental component of the cloud computing paradigm. By exploiting the storage services, users outsource their data to the cloud so as to enjoy the reduced upfront maintenance and capital costs. However, a security challenge associated with data outsourcing is how to prevent data abuses by the cloud. It has been commonly accepted that data encryption offers a good solution to this problem. With data encryption, an issue arises when the data owner who outsourced the data wants to revoke some data consumers´ access privileges, which normally involves key re-distribution and data re-encryption. In this work, we propose a generic scheme to enable fine-grained data sharing over the cloud, which does not require key-redistribution and data re-encryption whatsoever. The main primitives we make use of are attribute-based/predicate encryption and proxy re-encryption, but our construction is not restricted to any specific scheme of its kind. Our scheme has a number of advantages over other similar proposals in the literature.