Revocable and Privacy-Preserving Bilateral Access Control for Cloud Data Sharing

In this paper, we propose a revocable and privacy-preserving bilateral access control scheme (named PriBAC) for general cloud data sharing (i.e., end-cloud-based data sharing). PriBAC ensures that preference matching is successful only when both parties' preferences are satisfied simultaneously. Otherwise, nothing is leaked beyond whether the preference matching occurs. There are three challenges in designing PriBAC. The first challenge is protecting matching information, i.e., concealing two preference matching processes, in a single cloud server. The second challenge is protecting preference content while preventing receivers from receiving much useless information. The third challenge is how to integrate efficient user revocation mechanisms into bilateral access control to handle frequent user revocation cases in practical cloud data sharing applications. To address the above challenges, the punchline in PriBAC is to leverage Newton's interpolation formula-based secret sharing to enrich the matchmaking encryption technique for constructing a privacy-preserving preference matching mechanism. To achieve efficient user revocation, we integrate a unique symbol into each user's keys and efficiently revoke users by invaliding the corresponding keys. Security analysis proves that PriBAC can resist the chosen-ciphertext attack and preserves preference privacy and matching privacy. Experiments show that PriBAC achieves approximately 3times user performance improvement compared with current state-of-the-art related schemes.