Temporal Access Control with User Revocation for Cloud Data

We propose a temporal access control scheme to protect and selectively access data in clouds. In many applications like healthcare, online tests, social networks, data should be accessed within a certain period of time. Although access control has been widely studied, temporal access control has not received attention. Ours is the first scheme on temporal access control with user revocation. Our scheme encrypts and stores data in clouds in such a way that only authorized users are able to decrypt it within a specified time period. We use a new variant of attribute-based encryption in order to achieve our objective. To reduce computational load during decryption, we partially outsource the decryption to a proxy server, who can gain no information about the data. We analytically show that our scheme has comparable computation and communication costs, but also supports revocation, which was not present in previous schemes.