Privacy Protection Based Access Control Scheme in Cloud-Based Services

Privacy Protection based Access Control Scheme in Cloud-based Services

Privacy Protection Based Access Control Scheme in Cloud-Based Services


Cloud-Based services have become a hot topic with rapid development of computer technology. Not only do they provide convenience for users, they also bring many security issues, such as data sharing and privacy issues. We present an access control system with privilege separation based on privacy protection (PS-ACS) in this Privacy Protection based Access Control Scheme in Cloud-based Services paper. We logically divide users in the PS-ACS scheme into private domain (PRD) and public domain (PUD).

Privacy Protection based Access Control Scheme in Cloud-Based Services In PRD, we adopt the Key-Aggregate Encryption (KAE) and the Improved Attribute-based Signature (IABS) respectively to achieve read access permission and write access permission. In PUD, we are building a new multi-authority ciphertext policy attribute-based encryption (CP-ABE) scheme with efficient decryption to avoid the issues of single point failure and complicated key distribution, and designing an efficient attribute revocation method for it.


  • In this paper, we present a more systematic, flexible and efficient access control scheme.
  • We provide a thorough analysis of security and complexity of our proposed PS-ACS scheme. The functionality and simulation results provide data security in acceptable performance impact, and prove the feasibility of the scheme.
  • The evaluation results show the high efficiency of our scheme.


  • The traditional access control strategy cannot effectively solve the security problems that exist in data sharing.
  • This scheme does not consider the revocation of access permissions.
  • It can easily cause key escrow issue.
  • These existing schemes only focus on one aspect of the research, and do not have a strict uniform standards either.

System Configuration

H/W System Configuration

Speed                   : 1.1 GHz
RAM                      : 256 MB(min)
Hard Disk              : 20 GB
Floppy Drive          : 1.44 MB
Key Board             : Standard Windows Keyboard
Mouse                  : Two or Three Button Mouse
Monitor                : SVGA
S/W System Configuration
Platform                     :  cloud computing
Operating system       : Windows Xp,7,
Server                       : WAMP/Apache
Working on                : Browser Like Firefox, IE


We proposed an access control system (PS-ACS) in this paper, which is privilege separation based on protection of privacy. Through cloud environment analysis and user characteristics, we logically divide users into personal domain (PRD) and public domain (PUD). In PRD, we set permissions for users to read and write access respectively. The KAE scheme, which can improve access effi ciency, is adopted to achieve read access permission. A high degree of patient privacy is guaranteed simultaneously by using IABS scheme which can determine the written permission of users.