EACSIP: Extendable Access Control System with Integrity Protection for Enhancing Collaboration in the Cloud

It is widely acknowledged that the collaborations with more users increase productivity. Secure cloud storage is a promising tool to enhance such a collaboration. Access control system can be enabled with attribute-based encryption. In this system, a user encrypts and uploads his/her data to the cloud with an access policy, such that only people who satisfy that access policy can decrypt the data. When a recipient would like to enable another person who is originally unauthorized by the original access policy, this recipient will need to extend the access policy by adding a new policy that includes the new person hence, the notion of extendable access control system. Admitting new users to access the uploaded data is an important requirement in enhancing collaborations. The main issue is with regards to the integrity protection during the process of extending the access policy. When a new access policy is added, the cloud has to be sure that the extended access policy remains guarding the same encrypted data as the original access policy, even though the cloud cannot decrypt this ciphertext, which is a challenging problem to solve. In this paper, we answer the above problem affirmatively by introducing an extendable access control system with Integrity Protection (EACSIP), which is suitable to enhance collaboration in the cloud. The construction of EACSIP is built on top of a novel cryptographic primitive, namely functional key encapsulation with equality testing. The security proof and the performance evaluation of EACSIP are provided in this paper.