Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption

  • September 22, 2015
  • Blog
No Comments

Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption


Cloud computing is a revolutionary computing paradigm, which enables flexible, on-demand, and low-cost usage of computing resources, but the data is outsourced to some cloud servers, and various privacy concerns emerge from it. Various schemes based on the attribute-based encryption have been proposed to secure the cloud storage. However, most work focuses on the data contents privacy and the access control, while less attention is paid to the privilege control and the identity privacy. In this paper, we present a semi-anonymous privilege control scheme AnonyControl to address not only the data privacy, but also the user identity privacy in existing access control schemes. AnonyControl decentralizes the central authority to limit the identity leakage and thus achieves semianonymity. Besides, it also generalizes the file access control to the privilege control, by which privileges of all operations on the cloud data can be managed in a fine-grained manner. Subsequently, we present the AnonyControl-F, which fully prevents the identity leakage and achieve the full anonymity. Our security analysis shows that both AnonyControl and AnonyControl-F are secure under the decisional bilinear Diffie–Hellman assumption, and our performance evaluation exhibits the feasibility of our schemes.


  • Various techniques have been proposed to protect the data contents privacy via access control. Identity-based encryption (IBE) was first introduced by Shamir, in which the sender of a message can specify an identity such that only a receiver with matching identity can decrypt it.
  • Few years later, Fuzzy Identity-Based Encryption is proposed, which is also known as Attribute-Based Encryption (ABE).
  • The work by Lewko et al. and Muller et al. are the most similar ones to ours in that they also tried to decentralize the central authority in the CP-ABE into multiple ones.
  • Lewko et al. use a LSSS matrix as an access structure, but their scheme only converts the AND, OR gates to the LSSS matrix, which limits their encryption policy to boolean formula, while we inherit the flexibility of the access tree having threshold gates.
  • Muller et al. also supports only Disjunctive Normal Form (DNF) in their encryption policy.


  • The identity is authenticated based on his information for the purpose of access control (or privilege control in this paper).
  • Preferably, any authority or server alone should not know any client’s personal information.
  • The users in the same system must have their private keys re-issued so as to gain access to the re-encrypted files, and this process causes considerable problems in implementation.


  • The data confidentiality, less effort is paid to protect users’ identity privacy during those interactive protocols. Users’ identities, which are described with their attributes, are generally disclosed to key issuers, and the issuers issue private keys according to their attributes.
  • We propose AnonyControl and AnonyControl-Fallow cloud servers to control users’ access privileges without knowing their identity information. In this setting, each authority knows only a part of any user’s attributes, which are not enough to figure out the user’s identity. The scheme proposed by Chase et al. considered the basic threshold-based KP-ABE. Many attribute based encryption schemes having multiple authorities have been proposed afterwards.
  • In our system, there are four types of entities: N Attribute Authorities (denoted as A), Cloud Server, Data Owners and Data Consumers. A user can be a Data Owner and a Data Consumer simultaneously.
  • Authorities are assumed to have powerful computation abilities, and they are supervised by government offices because some attributes partially contain users’ personally identifiable information. The whole attribute set is divided into N is joint sets and controlled by each authority, therefore each authority is aware of only part of attributes.


  • The proposed schemes are able to protect user’s privacy against each single authority. Partial information is disclosed in AnonyControl and no information is disclosed in AnonyControl-F.
  • The proposed schemes are tolerant against authority compromise, and compromising of up to (N −2) authorities does not bring the whole system down.
  • We provide detailed analysis on security and performance to show feasibility of the scheme AnonyControl and AnonyControl-F.
  • We firstly implement the real toolkit of a multiauthority based encryption scheme AnonyControl and AnonyControl-F.





  • System :         Pentium IV 2.4 GHz.
  • Hard Disk :         40 GB.
  • Floppy Drive : 44 Mb.
  • Monitor : 15 VGA Colour.
  • Mouse :
  • Ram : 512 Mb.


  • Operating system : Windows XP/7.
  • Coding Language : net,
  • Tool : Visual Studio 2010
  • Database : SQL SERVER 2008


Taeho Jung, Xiang-Yang Li, Senior Member, IEEE, Zhiguo Wan, and Meng Wan, Member, IEEE, “Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption”, IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 10, NO. 1, JANUARY 2015.

Contact Form

Fields marked with an * are required