RWAC: A Self-contained Read and Write Access Control Scheme for Group Collaboration

Abstract

With the development of the Internet and personal digital devices, self-organizing and open-pattern collaborations are becoming popular. In such environments, data are usually outsourced to third-party servers in the cloud, which are out of the control domain of data owners. Hence, traditional access control models, which are enforced relying on data storage servers, will face new security challenges. In this paper, we propose a self- contained read and write access control (RWAC) scheme based on ciphertext-policy attribute-based encryption (CP-ABE) and attribute-based group signature (ABGS) mechanism. By adopting a two-step encryption strategy using CP-ABE and utilizing the write control policy as the signature policy in ABGS, RWAC ensures that fine-grained read and write access control can be enforced during decryption and signature generation without dependence on any third parties. To prevent privacy leakage from RWAC policies, we adopt a CP-ABE scheme with hidden policy. Then, we introduce the policy hiding method into ABGS and propose an ABGS scheme with hidden policy. Moreover, users can trace the edit history of each data object with the signature or a write list. The security analysis indicates that RWAC is able to enforce fine-grained read and write access controls for group collaborations while also ensuring data confidentiality and integrity.