Achieving fine-grained access control for secure data sharing on cloud servers

With more and more enterprises sharing their sensitive data on cloud servers, building a secure cloud environment for data sharing has attracted a lot of attention in both industry and academic communities. In this paper, we propose a conjunctive precise and fuzzy identity-based encryption (PFIBE) scheme for secure data sharing on cloud servers, which allows the encryption of data by specifying a recipient identity (ID) set, or a disjunctive normal form (DNF) access control policy over attributes, so that only the user whose ID belonging to the ID set or attributes satisfying the DNF access control policy can decrypt the corresponding data. Our design goal is to propose a novel encryption scheme, which simultaneously achieves a fine-grained access control, flexibility, high performance, and full key delegation, so as to help enterprise users to enjoy more secure, comprehensive, and flexible services. We achieve this goal by first combining the hierarchical identity-based encryption (HIBE) system and the ciphertextpolicy attribute-based encryption (CP-ABE) system, and then marking each user with both an ID and a set of descriptive attributes, finally separating the access control policy into two parts: a recipient ID set and a DNF attribute-based access control policy.