Abstract: Cloud computing represents a transformative paradigm in the realm of computing, facilitating flexible, on-demand, and cost-effective access to computing resources. However, this model involves outsourcing data to cloud servers, which raises significant privacy concerns. Numerous strategies utilizing attribute-based encryption have been developed to enhance the security of cloud storage. Nonetheless, the majority of existing research primarily concentrates on the privacy of data contents and access control, while insufficient emphasis is placed on privilege control and identity privacy. In this paper, we introduce a semi-anonymous privilege control scheme, termed AnonyControl, which aims to safeguard not only data privacy but also user identity privacy within current access control frameworks. AnonyControl mitigates identity leakage by decentralizing the central authority, thereby achieving a level of semianonymity. Furthermore, it expands the concept of file access control to encompass privilege control, allowing for meticulous management of all operational privileges concerning cloud data. Additionally, we present AnonyControl-F, which effectively eliminates identity leakage and ensures complete anonymity. Our security analysis confirms that both AnonyControl and AnonyControl-F maintain security under the decisional bilinear Diffie–Hellman assumption, while our performance evaluation demonstrates the practicality of our proposed schemes.

Keywords: Cloud Computing, privacy, encryption, access control.