By leveraging and modifying Ciphertext-Policy Attribute Based Encryption (CP-ABE) and OAuth, we propose a new authorization scheme, called fuzzy authorization, to facilitate an application registered with one cloud party to access data residing in another cloud party. The new proposed scheme enables the fuzziness of authorization to enhance the scalability and flexibility of file sharing by taking advantage of the one-to-one correspondence between Linear Secret-Sharing Scheme (LSSS) and generalized Reed Solomon (GRS) code. Furthermore, by conducting attribute distance checking and distance adjustment, operations like sending attribute sets and satisfying an access tree are eliminated. In addition, the automatic revocation is realized with update of TimeSlot attribute when data owner modifies the data. The security of the fuzzy authorization is proved under the d-BDHE assumption. In order to measure and estimate the performance of our scheme, we have implemented the protocol flow of fuzzy authorization with OMNET++ 4.2.2 and realized the cryptographic part with Pairing-Based Cryptography (PBC) library. Experimental results show that fuzzy authorization can achieve fuzziness of authorization among heterogeneous clouds with security and efficiency.
Guang Gong, "Fuzzy Authorization for Cloud Storage", IEEE Transactions on Cloud Computing, , no. 1, pp. 1, PrePrints PrePrints, doi:10.1109/TCC.2014.2338324