A Generic, Scalable and Fine-Grained Data Access System for Sharing Digital Objects in Honest but Curious Cloud Environments

This paper presents a generic, scalable and fine-grained data access system that realizes the main challenges which hinder the growth of using storage-as-a-service for sharing digital objects offered by honest but curious cloud environments. These main challenges are maintaining data confidentiality, enforcing fine-grained data access control, applying efficient user revocation mechanism, preventing the collusion between users to access unauthorized digital objects, achieving scalability and possessing generic construction desirable feature. In addition, the proposed system avails digital passport which is presented by the user to be granted access to any digital object in the cloud environment. The usage of digital passport minimizes the number of transactions needed to authenticate the specified user. Moreover, the digital passport simplifies the data management for users since the user has to keep his passport only to use it to access the cloud. Furthermore, the digital passport prevents a rejoined user who possesses different attributes to access his previously authorized data. Additionally, the digital passport prohibits the collusion between an authorized user and a revoked one to own the access privileges once assigned to the revoked user. The proposed system exploits public key infrastructure (PKI) to capitalize the usage of offline operations to enhance system performance and to secure the transmission of private data as well as defending man in the middle attack. It should be noted that the implementation of the proposed system has showed the system computational validity.