Lightweight Management of Authorization Update on Cloud Data

While outsourcing data to cloud, security and efficiency issues should be taken into account. However, it is very challenging to design a secure and efficient mechanism supporting authorization updates. In this paper, we aim to provide a mechanism supporting authorization updates which only incurs a lightweight cost of authorization updates and meanwhile supports a high level of security. This mechanism is consisted of two encryption schemes performed in different layers. The inner-layer encryption scheme is performed on the original plaintext and the generated cipher text is called inner-layer cipher text, while a part of the inner-layer cipher text is encrypted by the outer-layer encryption scheme to generate cipher text, called out-layer cipher text. These two encryption schemes are both performed by data owner. The inner-layer encryption realizes the initial authorization policy, while the outer-layer encryption reflects the updated authorization policy. We implement the proposed mechanism and conduct extensive experiments. The experimental results demonstrate that the proposed mechanism outperforms previous existing approaches, e.g. single-layer encryption and double-layer encryption.