Achieving fine-grained access control for secure data sharing on cloud servers



With more and more enterprises sharing their sensitive data on cloud servers, building a secure cloud environment for data sharing has attracted a lot of attention in both the industry and academic communities. In this paper, we propose a conjunctive precise and fuzzy identity-based encryption (PFIBE) scheme for secure data sharing on cloud servers, which allows the encryption of data by specifying a recipient identity (ID) set or a disjunctive normal form (DNF) access control policy over attributes, so that only the user whose ID belongs to the ID set or attributes satisfy the DNF access control policy can decrypt the corresponding data. Our design goal is to propose a novel encryption scheme, which simultaneously achieves a fine-grained access control, flexibility, high performance, and full key delegation, so as to help enterprise users to enjoy more secure, comprehensive, and flexible services. We achieve this goal by first combining the hierarchical identity-based encryption (HIBE) system and the ciphertext-policy attribute-based encryption (CP-ABE) system, and then marking each user with both an ID and a set of descriptive attributes, finally separating the access control policy into two parts: a recipient ID set and a DNF attribute-based access control policy. Copyright © 2011 John Wiley & Sons, Ltd.