Secure Cloud Storage with Attribute-Based Encryption and Audit Logs

Abstract

This manuscript presents a robust framework for secure cloud storage by integrating Ciphertext-Policy Attribute-Based Encryption (CP-ABE) with immutable audit logs, thereby achieving both expressive, fine-grained access control and comprehensive accountability. Data owners define rich access policies—arbitrary Boolean formulas over user attributes—and encrypt files under these policies using CP-ABE. A semi-trusted Attribute Authority (AA) issues private attribute keys to users following credential verification. The cloud server, modeled as honest-but-curious, stores encrypted data and an append-only audit log: every access request (granted or denied) is recorded in tamper-evident fashion via hash chaining. We formally analyze confidentiality, collusion resistance, and log integrity under standard bilinear Diffie-Hellman assumptions. 

To evaluate practicality, we implement a prototype using Charm-Crypto and simulate a range of workloads: policy sizes (5–20 attributes), file sizes (100 KB–5 MB), and concurrent users. We measure encryption/decryption latency, storage overhead, and log-generation time. Results demonstrate that even complex policies (20 attributes) incur encryption times under 200 ms and decryption times under 150 ms; ciphertext expansion remains below 1% of file size, and each log append takes less than 50 ms. Concurrent logging sustains over 200 records/s without integrity loss. These findings confirm the scheme’s suitability for real-world deployments requiring stringent confidentiality and auditability, such as healthcare, finance, and government archives.