RRMAC: A Multi-data Owner Access Control Scheme with Robust Revocation for Co-owned Data Sharing

Due to the rising requirement for data sharing, multi-data owner access control schemes have emerged, where a single data file is jointly owned by multiple data owners. Since the shared files contain information from multiple data owners, it is crucial to revoke malicious users to minimize harm when data leakage occurs. However, current multi-data owner solutions typically rely on a single data owner to encrypt and share data and fail to provide robust user revocation. When revocation is managed by a single entity, it may fail to protect the rights of all data owners and can introduce a single point of failure in multi-data owner settings. On the other hand, if revocation requires the participation of all data owners, user access may fail if some owners are offline or compromised. To address these issues, we propose a robust multi-data owner access control scheme with efficient user revocation. We construct a secret resharing protocol based on secret sharing technology and proposed a multi-data owner access control scheme. Only users who obtain a sufficient number of private keys can decrypt the ciphertext. To achieve multi-owner controlled revocation, we use key splitting to divide the user's private key into an authorization key and an update key and embed a period into the update keys. During user revocation, the cloud updates the ciphertext and the data user can decrypt the ciphertext without obtaining the update keys of all data owners. The thorough performance analysis shows that the overhead of the proposed scheme is acceptable. Specifically, the proposed scheme takes approximately 0.5 seconds to encrypt, and with preprocessing, this time is reduced to 0.06 seconds, while decryption requires around 0.15 seconds on the Raspberry Pi.