—Cloud storage is an application of clouds that liberates
organizations from establishing in-house data storage systems.
However, cloud storage gives rise to security concerns. In
case of group-shared data, the data face both cloud-specific and
conventional insider threats. Secure data sharing among a group
that counters insider threats of legitimate yet malicious users is
an important research issue. In this paper, we propose the Secure
Data Sharing in Clouds (SeDaSC) methodology that provides:
1) data confidentiality and integrity; 2) access control; 3) data
sharing (forwarding) without using compute-intensive reencryption;
4) insider threat security; and 5) forward and backward access
control. The SeDaSC methodology encrypts a file with a single
encryption key. Two different key shares for each of the users are
generated, with the user only getting one share. The possession of
a single share of a key allows the SeDaSC methodology to counter
the insider threats. The other key share is stored by a trusted
third party, which is called the cryptographic server. The SeDaSC
methodology is applicable to conventional and mobile cloud computing
environments. We implement a working prototype of the
SeDaSC methodology and evaluate its performance based on the
time consumed during various operations. We formally verify
the working of SeDaSC by using high-level Petri nets, the Satisfiability
Modulo Theories Library, and a Z3 solver. The results
proved to be encouraging and show that SeDaSC has the potential
to be effectively used for secure data sharing in the cloud