ISSN 2319-8885 Vol.04,Issue.22, July-2015, Pages:4195-4200 www.ijsetr.com Efficient Anonymous Authentication of Data Stored in Clouds Based On Decentralized Access Control Techniques B. SOUBHAGYAVATHI 1, K. MAHESH BABU 2 1 PG Scholar, Dept of CSE, Kottam Karunakara Reddy Institute of Technology, Kurnool, AP, India, Email: b.soubhagyargm@gmail.com. 2 Associate Professor, Dept of CSE, Kottam Karunakara Reddy Institute of Technology, Kurnool, AP, India. Abstract: The proposed Architecture aims in providing a new technique for access of data from decentralized servers with anonymous authentication. The proposed system provides a cloud server with verifies and authenticity of series without knowing the identity of user before storing data. The proposed scheme also has the added new additional feature of data access control in which only valid cloud users are able to decrypt the stored information from decentralized servers. In the proposed architecture provides a new scheme technique with protecting attacks and supports creation, modification, and reading data stored in the cloud. We also address user revocation. Moreover, our authentication and access control scheme is decentralized and robust, unlike other access control schemes designed for clouds which are centralized. The communication, computation, and storage overheads are comparable to centralized approaches. Keywords: Access Control, Authentication, Attribute-Based Signatures, Attribute-Based Encryption, Cloud Storage. I. INTRODUCTION In cloud computing is receiving a lot of attention from both academic and industrial worlds. In cloud computing, users can subcontract their computation and storage to servers using Internet. This frees users from the hassles of maintaining properties on-site. Clouds can provide several types of services like applications infrastructures, and platforms to help developers write applications. Much of the data stored in clouds is vastly complex, for Sample, medical records and social networks. Security and Privacy are, thus, very important issues in cloud computing. In one hand, the user should authenticate itself before initiating any transaction, and on the other hand, it must be confirmed that the cloud does not interfere with the data that is outsourced. User privacy is also required so that the cloud or other users do not know the identity of the user. The cloud can hold the user accountable for the data it outsources, and similarly, the cloud is itself accountable for the services it provides. The validity of the user who stores the data is also verified. Apart from the technical solutions to ensure security and privacy, there is also a need for law implementation. Recently Wang et al. addressed secure and dependable cloud storage. Cloud servers disposed to Secretive failure, where a storage server can fail in uninformed ways. The cloud is also prone to data modification and server colluding attacks. In server colluding attack, the opposition can compromise storage servers, so that it can modify data files as long as they are internally consistent. To deliver secure data storage, the data needs to be encrypted. However, the data is frequently modified and this dynamic property needs to be taken into account while scheming efficient secure storage methods. Proficient search on encrypted data is also an important concern in clouds. The clouds should not know the query but should be intelligent to return the records that satisfy the query. This is achieved by means of searchable encryption. The keywords are sent to the cloud encrypted, and the cloud returns the result without knowing the real keyword for the search. The problem here is that the data records should have keywords linked with them tenable the search. The correct records are returned only when searched with the exact keywords. Safety and privacy safety in clouds are being explored by many scientists. Wang et al. Addressed storage security using Stem-Solomon erasure-correcting codes. Authentication of users using public key cryptographic methods has been studied in next sections. Various homomorphic encryption techniques have been suggested to ensure that the cloud is not able to read the data while performing computations on them. Using homomorphic encryption, the cloud receives cipher text of the data and performs computations on the cipher text and returns the encrypted value of the result. The user is able to decrypt the result, but the cloud does not know what data it has operated on. In such conditions, it must be possible for the user to verify that the cloud returns correct results. Accountability of clouds is a very exciting task and involves technical issues and law enforcement. Neither clouds nor users should disagree any operations performed or wished. It is important to have log of the transactions performed, Copyright @ 2015 IJSETR. All rights reserved.
however, it is an important concern to decide how much information to keep in the log. Accountability has been addressed in Trust Cloud. Secure source has been studied in next. Considering the following situation: A law student, Siva, wants to send a chains of reports about some misuses by authorities of University Z to all the professors of University Z, research seats of universities in the country, and students belonging to Law department in all universities in the area. He wants to continue anonymous while publishing all evidence of misuse. He stores the information in the cloud. Access control is important in such case, so that only authorized users can access the data. It is also important to verify that the information derives from a consistent source. The problems of access control, authentication, and privacy protection should be solved concurrently. We address this problem in its entirety in this scheme. Access control in clouds is fast attention because it is important that only authorized users have access to valid facility. A vast amount of information is being stored in the cloud, and much of this is sensitive information. Maintenance should be taken to ensure access control of this sensitive information which can often be related to health, important documents (as in Google Docs or Dropbox) or even personal information (as in social networking). There are generally three types of access control: user-based access control, role-based access control, and attribute-based access control. In User-based access control, the access control slope contains the list of users who are authorized to access data. This is not possible in clouds where there are many users. In Role-based access control, users are classified based on their different roles. Data can be accessed by users who have same roles. The roles are defined by the system. For example, only genius members and senior administrators might have access to data but not the junior administrators. Attribute-based access control is extra extended in possibility, in which users are given attributes, and the data has attached access policy. Only users with valid set of attributes, satisfying the access policy, can access the data. For example, in the above example certain records might be accessible by genius members with more than 10 years of research experience or by senior administrators with more than8 years experience. The authorities and scams of RBAC and ABAC are discussed in the above. There has been some work on ABAC in clouds. All these work use a cryptographic primitive known as attribute based encryption. The extensible access control markup language has been planned for ABAC in clouds. An area where access control is commonly being used is health care. Clouds are being used to store sensitive information about patients to enable access to medical specialists, hospital staff, researchers, and policy makers. It is important to control the access of data so that only authorized users can access the data. Using ABE, the records are encrypted under some access policy and stored in the cloud. Users are given groups of attributes and corresponding keys. Only when the users have corresponding set of attributes, can they decrypt the records stored inthe cloud. Access control is also purchase importance in online social networking where users store their personal information, pictures, and videos and share them with particular groups of B. SOUBHAGYAVATHI, K. MAHESH BABU users or societies they belong to. Access control in online social networking has been studied in the following. Such data are being stored in clouds. It is very important that only the authorized users are given access to those information. A related situation arises when data is stored in clouds, for example, in Dropbox, and shared with certain groups of people. It is just not sufficient to store the contents securely in the cloud but it might also be required to ensure privacy of the user. For example, a user would like to store some sensitive information but does not want to be acknowledged. The user might want to post a comment on an article, but does not want his/her identity to be released. However, the user should be able to verify to the other users that he/she is a valid user who stored the information without revealing the identity. There are cryptographic protocols like Signatures. The signatures are categorized into three types, they are: Ring signatures, Mesh signatures, Group signatures, which can be used in these conditions. Ring signature is not a reasonable option for clouds where there are a large number of users. Group signatures assume the preexistence of a group which might not be likely in clouds. Mesh signatures do not guarantee if the message is from single user or many users colluding together. For these reasons, a new protocol known as attribute-based signature(abs) has been applied. ABS was proposed by Maji et al. In ABS, users have a claim base associated with message. Table1. Existing Techniques with work SNO TECHNIQUE EXISTING WORK 1 Approach Centralized 2 Key Encryption Use Attribute Based Encryption(ABE) for Secret Key 3 Authentication Does not Provide Authentication 4 Type of Key Symmetric Key Approach 5 Attack Model Resistant to Reply Attacks The claim base helps to identify the user as an authorized one, without opening its identity. Other users or the cloud can verify the user and the validity of the message stored. ABS can be pooled with ABE to succeed authenticated access control without disclosing the identity of the user to the cloud. Existing work on access control in cloud are centralized in nature. Except this scheme and all other schemes use ABE. The scheme in uses asymmetric key approach and does not support authentication. The schemes do not support authentication as well. Earlier work by Zhao et al. provides privacy preserving authenticated access control in cloud. However, the authors take a centralized approach where a single key distribution center (KDC) distributes secret keys and attributes to all users. Unfortunately, a single KDC isnot only a single idea of failure but hard to maintain because of the large number of users that are supported in a cloud environment. We, consequently, emphasize that cloud should take a decentralized approach while distributing secret keys and attributes to users. It is also quite natural for clouds to have many KDCs in different locations in the world. While Yang et al. proposed a decentralized approach, their
Efficient Anonymous Authentication of Data Stored in Clouds Based On Decentralized Access Control Techniques method does not authenticate users, who want to remain anonymous while accessing the cloud. In an previous work, Ruj et al. proposed a distributed access control scheme in clouds. However, the scheme did not provide user validation. The other drawback was that a user can create and store a file and other users can only read the file. Write access was not acceptable to users other than the creator. In the primary version of this scheme, we extend our previous work with added features that enables to authenticate the validity of the message without trevealing the identity of the user who has Stored information in the cloud. In this description we also address user cancellation that was not addressed in Previous. We use ABS scheme to succeed authenticity and privacy. Unlike, our scheme is strong to replay attacks, in which a user can replace new data with old data from a previous write, even if it no longer has valid claim policy. This is an important property because a user, revoked of its attributes, might no longer be able to write to the cloud. We, therefore, add this extra feature in our scheme and modify properly. Our system also allows writing multiple times which was not permitted in our previous work. A. Our Contributions The main contributions of this Scheme are the following: 1. Distributed access control of data stored in cloud so that only authorized users with valid attributes can access them. 2. Validation of users who store and modify their data on the cloud. 3. The identity of the user is secure from the cloud during validation. 4. The architecture is decentralized, meaning that there can be several KDCs for key managing. 5. The access control and validation are bothcollusion strong, meaning that no two users cancollude and access data or validate themselves,if they are independently not authorized. 6. Cancelled users cannot access data after they have been revoked. 7. The proposed scheme is hardy to replay attacks. A writer whose attributes and keys have been revoked cannot write back stale information. 8. The protocol supports multiple read and write on the data stored in the cloud. 9. The costs are comparable to the existing centralized approaches, and the expensive operations are mostly done by the cloud II. RELATED WORK In ABE, a user has a set of attributes in addition to its single ID. There are two classes of ABEs. In key-policy ABE or KP- ABE, the sender has an access policy to encrypt data. A writer whose attributes and keys have been revoked cannot write back old information. The receiver receives attributes and secret keys from the attribute expert and is able to decrypt information if it has same attributes. In Cipher text-policy, CP- ABE, the receiver has the access policy in the method of a tree, with attributes as leaves and monotonic access structure with AND, OR and other threshold gates. All the approaches take a centralized approach and allow only one KDC, which is a single idea of failure. Chase proposed a multi authority ABE, in which there are several KDC authorities which distribute attributes and secret keys to users. Multi authority ABE protocol was studied in above and, which essential no reliable authority which require severy user to have attributes from at all the KDCs. Newly, Lewko and Waters proposed a completely decentralized ABE where users could have zero or more attributes from each specialist and did not require a trusted server. In all these cases, decryption at user s end is calculation intensive. So, this method might be inefficient when users access using their mobile devices. To get over this problem, Green et al. proposed to outsource the decryption task to a proxy server, so that the user can calculate with minimum assets. However, the existence of one proxy and one KDC makes it less strong than decentralized approaches. Both these approaches had no way to authenticate users, anonymously. Yang et al. presented a modification of, authenticate users, who want to continue anonymous while accessing the cloud. To certify anonymous user authentication ABSs were introduced by Maji et al. This was also a centralized approach. A recent scheme by Maji et al. takes a decentralized approach and offers authentication without revealing the identity of the users. However, as stated earlier in the earlier section it is disposed to replay attack. III. BACKGROUND In this section, present our cloud storage model, challenger model and the expectations we have made in the scheme. Table 1 presents the notations used throughout the scheme. We also define mathematical background used in our proposed answer. A. Expectations 1. We make the following expectations in our work: The cloud is honest-but-curious, which means that the cloud managers can be interested in viewing user s content, but cannot modify it. This is a valid assumption that has been made. Honest-but-curious model of challengers do not tamper with data so that they can keep the system functioning normally and remain unnoticed. 2. Users can have either read or write or both accesses to a file stored in the cloud. 3. All communications between users/clouds are protected by secure shell protocol, SSH. B. Strategies of Access Policies Access rules can be in any of the following formats: Boolean functions of attributes Linear secret sharing scheme (LSSS) matrix Monotone span programs. Any access structure can be transformed into a Boolean function. C. Mathematical Background We will use bi-linear combinations on elliptic curves. Let G be acyclic group of prime order q generated by g. Let GT be a group of order q. We can define the map e: G *G G T.The map satisfies the following properties: 1. e(ap,bq)=e(p,q) ab for all P;Q G and a; ZZq= {0,1, 2,..., q 1}. 2. No degenerate: e(g, g) 1.
Table2. Notations B. SOUBHAGYAVATHI, K. MAHESH BABU 3. Encryption by Sender The encryption function is ABE, Encrypt (MSG; X). Sender chooses about the access tree Y. LSSS matrix R can be derived as described in Section 3.2. Sender encrypts message MSG as follows: 1. Choose a random seed S Zq and a random vector v Z h q, with s as its first entry; h is the number of leaves in the access tree. 2. Calculate λx=rx. v, where Rx is a row of R. 3. Choose a random vector w Z h q with 0 as the first entry. 4. Calculate wx ¼ Rx, w. 5. For each row Rx of R, choose a random px Zq. 6. The following limitations are calculated: C 0 = MSGe(g, g) s C 1,x = e(g, g) x e(g, g) απ(x)px, vx, (4) C 2,x = g px vx, C 3,x = g yπ(x)px g wx vx, Where π(x) is mapping from Rx to the attribute i that is placed at the corresponding leaf of the access tree. 7. The cipher text C is sent by the sender C = [R,π,C 0, {C 1,x, C 2,x, C 3,x,V x }] (5) Bilinear combination on elliptic curves groups is used. We do not discuss the pairing functions which mainly use Weil and Tate combinations and calculated using Miller s algorithm. The optimal of curve is an important respect because it determines the complexity of pairing operations. D. Attribute-Based Encryption ABE with multiple specialists as proposed by Lewko and Waters continues as follows: 1 System Initialization Select a prime q, generator g of G0, groups G0 and GT of order q, a map e: G 0 G 0 G T. and a hash function H: {0,1} / G 0. That maps the identities of users to G0. The Hash function used here is SHA-1. Each KDC Aj A has a Set of characteristics Lj. The characteristics disjoint (Li Lj =ᶲ fori j). Each KDC also chooses two random exponents α i, y i i Zq. The secret key of KDC Aj is SK[j] = {α i,y i,i L j }, (1) The public key of KDC Aj is printed PK[j] = {e (g, g) α i, g th, i L j }, (2) 2. Key Generation and Distribution by KDCs User Uu receives a set of characteristics I[j,u]from KDC Aj, and matching secret key ski;u for each I I[j,u] SK i,u = g α i H(u) y i, (3) Note that all keys are delivered to the user securely using the user s public key, such that only that user can decrypt it using its secret key. 4. Decryption by Receiver The decryption function is ABE. Decrypt(C, {sk i,u }), where C is given by (5). Receiver Uu takes as input cipher text C, secret keys {sk i,u }, group G0, and outputs message msg. Itfinds the access matrix R and planning π from C. It then finishes the following steps: 1. Uu calculates the set of attributes {π(x): x X} I u that are common to itself and the access matrix. X is the set of rows of R. 2. For each of these attributes, it checks if there is asubset Y of rows of R, such that the vector (0, 1, 2 0)their linear arrangement. If not, Decryption is difficult. If yes, it computes constantscx Zq, such that x X, C x, R x = (0,1,.,0). 3. Decryption proceeds as follows: a. For each x X,dec(x)=C 1,x e(h(u),c 3,x )/ e(sk π(x),u,c 2,x ) b. Uu computes MSG = C0/π x X dec(x). E. Attribute-Based Signature Scheme ABS scheme has the following steps. 1. System Initialization Select a prime q, and groups G1 and G2, which are of orderq. We define the planning G1 G1 G2. Let g1; g2 becreators of G1 and hj be creators of G2, for j [t max ],for random tmax. Let H be a hash function. Let A0 = h 0 a0,where a0 Zq is chosen at random. (TSig,TV er) meantsig is the private key with which a message is signed andtv er is the public key used for confirmation. The secret key for the trustee is TSK = (a 0,TSig) and public key istpk =(G1,G2,H,g1,A0, h0, h1,...,h tmax, g2, TV er). 2. User Registration For a user with identity Uu the KDC draws at random K base G. Let K 0 = K 1/a0 base. The following token ᴦ is output ᴦ = (u,kbase,k0,p) (6) Where p is signature on u//kbase using the signing key TSig.
Efficient Anonymous Authentication of Data Stored in Clouds Based On Decentralized Access Control Techniques 3. KDC Setup Choose a; b Zq casually and calculate: Aij h a j,bij h b j, for Ai AA, j [tmax]. The private key of ith KDC is ASK[i]=(a; b) and public key APK[i]=(Aij;Bijjj [tmax]). access policy, then it decrypts the information stored in the cloud. 4. Attribute Generation The token verification algorithm verifies the signature checked in ᴦ using the signature verification key TV er in TPK. This algorithm extracts Kbase from ᴦ using (a,b) from ASK [i] and computes Kx =K 1/(a+b ) base, x J[I, u]. Thekey Kx can be checked for reliability using algorithm ABS.KeyCheck(TPK,APK[i],ᴦ,Kx), which checks E (K x,a ij B ij) = e (K base,h j ) 5. Sign The algorithm ABS.Sign(TPK,{APK[i]: I AT[u]},ᴦ, {K x J u }, MSG,y), has input the public key of the trustee, the secret key of thesigner, the message to be signed and the policy statementy. The policystatement is first converted into the span program M ZZ l t q, with rows categorized with attributes. Mx meansrow x of M. Let π represent the mapping from rows to theattributes. So, π (x) is the mapping from Mx to attribute x. Avector v is calculated that satisfies the assignment {x : x J[I, u]}. Compute µ=h(msg//y). Select r0 ZZqand ri ZZq; i Ju, and calculate: Y = K r0 base,s i = (K vi i) r0.(g 2 g 1 µ ) ri (vi J u ), (7) W=K 0 r0,p j =π i AT(u) (A ij Bij π (i) ) Mijri (v j [t]). (8) The signature is considered as Σ=(Y,W,S 1, S 2, S i,p 1,P 2,...,P i ) (9) IV. PROPOSED PRIVACY PRESERVING VALID ACCESS CONTROL SCHEME In this division, we propose our privacy preserving authenticated access control scheme. According to our scheme a user can create a file and store it strongly in the cloud. This scheme consists of use of the two protocols ABE and ABS, as discussed in above, correspondingly. I will first discuss our scheme in details and then providea real example to validate how it works. We mention to the Fig.1. There are three users, a creator, a reader, and writer. Creator Siva receives a token from the trustee, who is assumed to be truthful. A trustee can be someone like the central government who manages social protection numbers etc. On donating her id, details, the trustee gives her a token γ. There are multiple KDCs, which can be spread. For example, these can be servers in different parts of the world. A creator on offering the token to one or more KDCs receives keys for encryption/decryption and signing. In the The message MSG is encrypted under the access policy Y. The access policy decides who can access the data stored in the cloud. The cipher text C with signature is c, and issent to the cloud. The cloud verifies the signature and stores the cipher text C. When a reader wants to read, the cloudsends C. If the user has attributes same with accesspolicy, it can decrypt and get back original message. Write proceeds in the similar way as file creation. By defining the verification process to the cloud, it releases the individual users from time reducing verifications. When a reader wants to read some data stored in the cloud, it tries to decrypt it using the secret keys it receives from the KDCs. If it has sufficient attributes matching with the Fig.1. Our secure cloud storage model. A. Reading from the Cloud When a user needs data from the cloud, the cloud sends the cipher text C using SSH protocol. Decryption proceeds using algorithm ABE:Decrypt(C,{SK i,u }) and the message MSG is calculated as given in Section above. B. Writing to the Cloud To write to an previously existing file, the user must send its message with the right policy as done during file creation. The cloud verifies the right policy, and only if the user is reliable, is allowed to write on the file. C. User Revocation We have just argued how to check replay attacks. We will now discuss how to handle user revocation. It should be confirmed that users must not have the facility to access data, even if they have same set of attributes. For this reason, the owners should modification the stored data and send updated information to other users. The set of attributes Iu overcome by the canceled user Uu is noted and all users change their stored data that have attributes i Iu. In [13], cancelation involved changing the public and secret keys of the least set of attributes which are required to decrypt the data. We do not consider this method because here different data are encrypted by the same set of attributes, so such a least set of attributes is different for different users. Consequently, this does not apply to our model. Once the attributes Iu are recognized, all data that have the attributes are collected. For each such data record, the following steps are then carried out: 1. A new value of S, Snew ZZq is selected. 2. The first entry of vector Vnew is changed to new Snew. 3. C 1,x is recalculated for x. 4. New value of C1,x is securely transferred to the cloud. 5. Fresh value of C1,x is not stored with the data, but is transferred to users, who wish to decrypt the data. We note here that the fresh value of C1,x is not stored in the cloud but transferred to the nonrevoked users who have attribute equivalent to x. This checks a revoked user to decrypt the new value of C0 and get back the message.
V. CONTRAST WITH OTHER ACCESS CONTROL SYSTEMS IN CLOUD We compare our system with other access control systems and show that our scheme supports many Contrast of Our Scheme with Existing Access Control Systems Contrast of Calculation and Size of Cipher text Although Creating a File Contrast of Calculation throughout Read and Write by User and Cloud structures that the other structures did not support. 1-W-M-Rmeans that only one user can write while many users can read. M-W-M-R means that many users can write and read. We see that most structures do not support many writes which is supported by our system. Our structure is strong and decentralized, most of the others are centralized. Our system also supports privacy preserving authentication, which is not supported by others. Most of the structures do not support user cancelation, which our scheme does. We associate the calculation and communication costs experienced by the users and clouds and display that our distributed method has similar costs to centralized approaches. The most luxurious operations including combinations and is done by the cloud. If we associate the calculation load of user during read we see that our system has comparable costs. Our system also compares well with the other authenticated system of above. VI. CONCLUSION We have presented a Secure Cloud Data Access from Decentralized Servers with Access Control Using Anonymous Technique, which provides user cancelation and checks replay attacks. The cloud does not know the identity of the user who stores information, but only confirms the user s identifications. Key distribution is done in a decentralized way. One drawback is that the cloud knows the access policy for each record stored in the cloud. In upcoming, we would like to hide the attributes and access rule of a user. VII. REFERENCES [1] S. Ruj, M. Stojmenovic, and A. Nayak, Privacy Preserving Access Control with Authentication for Securing Data in Clouds, Proc.IEEE/ACM Int l Symp. Cluster, Cloud and Grid Computing, pp. 556-563, 2012. [2] C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, Toward Secure and Dependable Storage Services in Cloud Computing, IEEE Trans. Services Computing, vol. 5, no. 2, pp. 220-232, Apr.-June 2012. [3] Li, Q. Wang, C. Wang, N. Cao, K. Ren, and W. Lou, Fuzzy Keyword Search Over Encrypted Data in Cloud Computing, Proc. IEEE INFOCOM, pp. 441-445, 2010. [4] H. Li, Y. Dai, L. Tian, and H. Yang, Identity-Based Authentication for Cloud Computing, Proc. First Int l Conf. Cloud Computing (CloudCom), pp. 157-166, 2009. [5] H.K. Maji, M. Prabhakaran, and M. Rosulek, Attribute- Based Signatures, Topics in Cryptology - CT-RSA, vol. 6558, pp. 376-392, 2011. [6] A. Sahai and B. Waters, Fuzzy Identity-Based Encryption, Proc.Ann. Int l Conf. Advances in Cryptology (EUROCRYPT), pp. 457-473,2005. [7] V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute- Based Encryption for Fine-Grained Access Control of Encrypted Data, Proc. ACM Conf. Computer and Comm. Security, pp. 89-98, 2006. B. SOUBHAGYAVATHI, K. MAHESH BABU [8] J. Bethencourt, A. Sahai, and B. Waters, Ciphertext- Policy Attribute-Based Encryption, Proc. IEEE Symp. Security and Privacy, pp. 321-334, 2007. [9] M. Chase, Multi-Authority Attribute Based Encryption, Proc. Fourth Conf. Theory of Cryptography (TCC), pp. 515-534, 2007. [10] M. Chase and S.S.M. Chow, Improving Privacy and Security in Multi-Authority Attribute-Based Encryption, Proc. ACM Conf. Computer and Comm. Security, pp. 121-130, 2009. [11] A.B. Lewko and B. Waters, Decentralizing Attribute- Based Encryption, Proc. Ann. Int l Conf. Advances in Cryptology (EUROCRYPT), pp. 568-588, 2011. [12]J. Hur and D. Kun Noh, Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems, IEEE Trans. Parallel and Distributed Systems, vol. 22, no. 7, pp. 1214-1221, July 2011.