We consider potential attackers in the collaborative cloud data sharing system as follows:
\textbf{1)} The CA and each AA are assumed to be honest, such that each of them does not collude with any other entity. However, the CA or any AA can be corrupted by attackers, and also it should be prevented from decrypting any ciphertexts individually. \textbf{2)} The CS is assumed to be minimally trusted. It might attempt to obtain the content of the encrypted data although it correctly performs the tasks assigned by legitimate entities. \textbf{3)} Each DU is assumed to be dishonest and malicious, and he/she might attempt to obtain access to data beyond his/her access privilege. To simplicity, we classify dishonest and malicious DUs in the system into three categories: …show more content…
The ${\cal A}$ makes secret key queries by submitting ${\cal S}_{gid}=\bigcup_{\theta \in {\cal N}-{\cal C}} S_{gid,\theta}$, where ${\cal S}_{gid}\cup \bigcup_{\theta \in {\cal C}} U_{\theta}$ does not satisfy the challenge access structure. The ${\cal B}$ responds to each query by returning a user-central-key $G_{gid}$ along with set of user-attribute-keys $\{AK_{gid,\theta}\}_{\theta\in {\cal N}-{\cal C}}$. \item Key-update-key queries: The ${\cal A}$ makes key-update-key queries by submitting $(x_{\theta}, G_{gid})$ along with a version number $ver_{x_{\theta}}$ for the attribute $x_{\theta}$, where $x_{\theta}$ must be in $S_{gid}=\bigcup_{\theta\in {\cal N}-{\cal C}} S_{gid,\theta}$ and $2\leq ver_{x_{\theta}}\leq ver_{x_{\theta}}^*$. The ${\cal B}$ responds by returning the corresponding key-update-key $uk_{gid, x_{\theta}}^{h(ver_{x_{\theta}})}$ to the ${\cal A}$.