A Role-Based Encryption Scheme for Securing Outsourced Cloud Data in a Multi-Organization Context

Role-Based Access Control (RBAC) is a popular model which maps roles to access permissions for resources and then roles to the users to provide access control. Role-Based Encryption (RBE) is a cryptographic form of RBAC model that integrates traditional RBAC with the cryptographic encryption method, where RBAC access policies are embedded in encrypted data itself so that any user holding a qualified role can access the data by decrypting it. However, the existing RBE schemes have been focusing on the single-organization cloud storage system, where the stored data can be accessed by users of the same organization. This paper presents a novel RBE scheme with efficient user revocation for the multi-organization cloud storage system, where the data from multiple independent organizations are stored and can be accessed by the authorized users from any other organization. Additionally, an outsourced decryption mechanism is introduced which enables the users to delegate expensive cryptographic operations to the cloud, thereby reducing the overhead on the end-users. Security and performance analyses of the proposed scheme demonstrate that it is provably secure against Chosen Plaintext Attack and can be useful for practical applications due to its low computation overhead.