PreBAC: a novel Access Control scheme based Proxy Re-Encryption for cloud computing

Abstract

Cloud computing is widely used in information spreading and processing, which has provided a easy and quick way for users to access data and retrieve service. Generally, in order to prevent the leakage of the information, the data in cloud is transferred in the encrypted form. As one of the traditional security technologies, access control is an important part for cloud security. However, the current access control schemes are not suitable for cloud, thus, it is a vital problem to design an access control scheme which should take account of complex factors to satisfy the various requirements for cipher text protection. We present a novel access control scheme based on proxy re-encryption(PRE) technology (PreBAC) for cipher text. It will suitable for the protection of data confidently and information privacy. At first, We will give the motivations and related works, and then specify system model for our scheme. Secondly, the algorithms are given and security of our scheme is proved. Finally, the comparisons between other schemes are made to show the advantages of PreBAC.

1. Introduction

With the developments of related technologyies, cloud computing provides a crucial important support for spreading of information. The users can obtain the service and data by the renting way. More and more information has appeared in cloud including some confidential data and personal privacy. The user expects to benefit from cloud without leaking their information. Thus, it is an hot topic of cloud security to keep the data and privacy from stealing and destroying [1]. However, cloud possesses characteristic traits that set apart and distinguish it from other information systems. First, the cloud needs to process an extreme volume of data and users; secondly, the relationship between the users and data are complicated. Thirdly, there are variable services in cloud, including the software, platform and infrastructure; Finally, the forms of cloud deploying are complicated. All of them bring a serious situation to cloud security, which could be summarized as followed.

1) A plenty of the cloud service providers adopt the "username-password" to realize the access control and attestation, which is not enough for the complex environment. The schemes for data management should take consideration of multi-factor including the identity and role of subject or the temporal and environmental states.

2) The data will be control by cloud service provider instead of its owner. The user' sprivacy might be dangerous in the plain text form of their data. Therefore, the data in cloud should be encrypted and the schemes for data protection should be designed for the cipher text.

3) There are not enough schemes designed for both multi-factor and cipher text.

To protect the information in cloud, a plenty of the traditional technologies are applied incloud, such as access control. Access control is mainly used for confidentiality and availability of information and system. Therefore, some researchers have paid attentions to describe the time and location factors, and there appeared a lot of corresponding models and schemes. For instants, Jha et al[2] proposed the Temporal Role-Based Access Control (TRBAC), which describe the time factor based RBAC. It is be beneficial to time-based cloud services. Li atal[5] presented a SecLoc scheme, which offers protection for cloud data following the storage location restrictions. And some works focus on refining the role factors, Yang et al[3] presents the CARBAC model. This model defines the roles in cloud as two parts, including the data generator and users, which makes the roles administration more reasonably. But it requires the data owner to pay more resource to generate and manage the information and roles, which will be a waste of the ability of cloud servers. Some researchers take the other factors to access control in cloud, such as trust [4]. However it is also an important problem to combine the multi-factor and cryptography together. A series of literature have shown some cryptography based access control schemes, for instant, Zhou et al[6] [7] designed JBE. And IBE and ABEare common used in cloud.

However, to realized the schemes in cloud, the data owners are responsible for the information generation and encryption, which will spend a plenty of resource and time. Meanwhile the work above should not be assigned to cloud servers for the information security and privacy. Thus, if we take the multi-factor to cloud access control, there will be a huge cost for the common users who are lack of resource.

Based on the above researches and problems, we will propose a novel access control scheme based on PRE technology (PreBAC). Firstly, we will analyze the motivations for the new scheme, and then describe the system model based the related works. Our scheme will be shown as tow parts, one is data creation, and the other one is data access. Secondly, the algorithm will be constructed based PRE, and the how to generate the re-encryption key based on the multi-factor of access control will be explain. Thirdly, we will prove the security of the scheme. Finally, the comparisons between PreBAC and other works will be made.

The rest of this paper is organized as follows: The motivations and related work are shown in Section 2 and 3 respectively. The aims and assumptions of PreBAC scheme are described in Section 4, and the system models, main stages and algorithms of it in Section 5. Security proof and properties analysis are discussed in Section 6, the concluding remarks are in Section 7.

2. Motivations

In this section we will show the motivations by an example. It represents a subset of a practical system. The example should be deployed in public cloud. Here we define individual users of the system "Alice","Bob" and "Carl". Among them "Alice" is the data owner, who wants to generate and share the data "Alice_data";"Bob" and "Carl" are the users, who will access control the "Alice_data", and they are assigned the different access permissions as follows.

For user "Bob", he could access the "Alice_data" during 9:00-12:00 in his office.

For user "Carl", she could access the "Alice_data" during 15:00-19:00 without the location constrain. "Alice" wants to keep the information from stealing and destroying. Therefore, she submits the "Alice_data" in the encrypted form. And to share with other "Bob" and "Carl", she needs to generate different ciphertext of "Alice_data" for them. The cloud service provider is honest but curious, who will finish your task for your paid and also be interested in your privacy. So, "Alice" could only finish the work of data generation by herself in the traditional system, which will be a huge work for the complex cloud environment. Our work will focus on how to reduce "Alice’s" cost as well as protect the information.

3. State-of-the-art

PRE is a novel cryptographic technology, which proposed from the public-key ideal, according to which a user could encrypt the information with the public key of himself and obtians the cipher text which could be decrypted by his private key. Then he submits this cipher text to the PRE server for re-encryption. The server will finish re-encryption with there-encryption keys list and get the new cipher text for the other user. Based on PRE, the data owner only needs to generate the original cipher text of the information, and the PRE server will be responsible for re-encryption and sharing instead of the data owner. The server finish its work based on the cipher text, thus it is security and suitable for the data managing for cloud, which also could be useful for personal users to reduce the cost.

However, the PRE cannot be used for cloud independently, and it should be realized with other technologies, such as with IBE and ABE[8][9] .But the descriptions of the attribute and identity are complicated, the certificate is appeared and PRE scheme based on certificate is proposed [10]. During to the time factor of access control, Liu et al. [11] gave a time based PREscheme. Meanwhile, location, role or other factors of access control are also important for the PRE scheme. Yang et al. [12] proposed the PRE based on conditions. In the previous work, we have proposed a PRE scheme by describing more access conditions [14]. The works above focus on the subject’s conditions. For the fine-grained management for objects, Tang et al.[13] take the ciphertext type as the factor for PRE scheme, but the users should use different keys for different cipher text. It will be a huge and terrible work for common users. Our work will propose PreBAC based on [13][14].

4. Aims and Assumptions

4.1 System aims

The PreBAC we proposed in this paper will base on the works above, and aim at the goals as followed:

1) Complex access control factors description for cipher text: PreBAC will aim to the multiply access control factors description for the cipher text in cloud.

2) Fine-grained data management: PreBAC will satisfy the demand for fine-grained management for ciphertext.

3) User-centered design: PreBAC will decrease the users' computational requirements and reduce the cost for the tenants to use and store the keys.

4) Resistance to attacks: PreBAC will prevent the hackers from attacking the system, for example, brute force, statistical attack and collusion attack.

4.2 System asumptions

PreBAC system is designed and realized under the assumptions as follows.

1) Network connection: All the users can connect to the network freely, and they will pay to the cloud server and submit or access data.

2) Trusted parts in the system: there are three trusted parts, including KGC(Key Generation Centre), data creators and common users, they will not lose the information and their keys actively.

3) Half-trusted parts in the system: there are three trusted parts, including PRE(Proxyre-encryption server), KM(Key management serve), PM(Policy management server) , which are the HBC(honest but curious) systems.

4) Untrusted parts in the system: the cloud data servers are untrusted.

5. PreBAC Scheme

5.1 system model

The notations in PreBAC are shown as follow.

Table 1. notations in PreBAC

 

 

Fig. 1. system model of PreBAC

In order to show the PreBAC scheme, we will show the system model at first (see Fig. 1.).

The entities in the system are shown as follows

1) Creator A: She is the data owner, who will generate the data M its ciphertext. And then she will submit the ciphertext to cloud for sharing;

2)User U: He plans to access the data M;

3)Data servers in cloud: Servers of cloud to store the ciphertext of data M;

4)Access control servers: It is not the name for one kind of server. There are three parts: policy managing server(PM), key managing server(KM) and proxy re-encryption server(PRE). They are responsible for data permission management.

5)Hackers: There might be some hackers, who has no permission to access the data in cloud, but they are trying to get it by some network attack means.

5.2 System Stages

PreBAC includes two stages: data uploading and data downloading.

1) Information uploading

This stage is started by data creator A. In this stage, A will generate the data M and encrypt it by symmetric algorithm. And then A will encrypt the symmetric key by her public key. Finally, she will submit all the data to cloud server. The detail is shown in Fig. 2.

Step1: A uses the symmetric method to generate K(M) by the k;

Step2: A submits K(M) to data centre in cloud;

Step3: A encrypts k in Step1 by public cryptographic technology based her public key.

Step3-1: A sets the system initiations and key generation instruction to KGC by submitting the parameter q. 

Step3-2: KGC obtains A's instruction and parameter q, and generate the security parameter list \(\text {param}\)by the method  \(\operatorname{Set} u p(q)\).

Step3-3: KGC generates \(\left(p k_{A}, s k_{A}\right)\)by the method \(KeyGen (param)\)for A.

Step3-4: A generates the orignal cipher text of k and \(\operatorname{para}_{A}\) for permission assignment by the method \(\text {First_Enc}\left(K, p k_{A}\right)\), and returns \(E(K)_{A}\) and \(\operatorname{para}_{A}\) to KM.

Step4: A submits the policy for M permission assignment to PM.

 

Fig. 2. Information uploading stage

2) Information downloading

This stage is started by data common user U. In this stage, U will submit the requirement for data accessing and obtain the information he wants. The detail is shown in Fig. 3.

Step1: U sends the requirement of K(M) to data servers in cloud and download it;

Step2: U submits the requirement for \(E(K)_{U}\) to KM and download it

Step2-1: U gives the certification including his public key to KM;

Step 2-2: U submits the requirement for data accessing to PM;

Step2-3: PM gets U 's accessing requirement, then collects U's accessing conditions. After that, PM compares the conditions with P_MFAC. If the description in P_MFAC includes the conditions, PM will return the parameter \(\left(U, C o n_{U}\right)\) to KM. 

Step2-4: KM gets the PM's parameter, and searches the A's and U 's certifications respectively, based on which KM generates the re-encryption key and sends to PRE function \(ReKeyGen(Para_A, Para_U, Con_U)\).

Step2-5: PRE generates the \(E(K)_{U}\) by function \(\operatorname{Re} \operatorname{Enc}\left(E(K)_{A}, r k_{A \rightarrow U}\right)\) based on KM’s information, and sends it to PM. 

Step 2-6: PM gives \(\left(E(K) U, C o n_{U}\right)\) to U.

Step3: U obtains M

Step3-1: U decrypts the \(E(K)_{U}\) for symmetric key k by function \(\operatorname{Dec}_{2}\left(\operatorname{sk}_{U}, E(K)_{U}, \operatorname{con}_{U}\right)\).

Step3-2: U decrypts the \(K(M)_{k}\) to get M.

 

Fig. 3. Information downloading stage

5.3 Description of the access control policy (P_MFAC)

In order to implement the access control based on PRE, the data creators have submitted the access control policy to the PM in the form of P_MFAC. The P_MFAC is defined as a two-tuples \(\left(I D_{O}, P-c o n_{U}\right)\). ID_O is the ID of the object in cloud, \(P-c o n_{U}\) is the constraint to the user who will access the object. ID_O is assigned by the cloud servers. \(P-c o n_{U}\) is consisted of several parts, including the user’s ID, name, role, temporal state, location or the operation to the objects, such as, “read”, “write” or “append”.

When an information system will apply the PreBAC, the access conditions would be described based the XML language, and then access conditions could be generated the P-con Ubased on some hash function.

Here is an example of the description of the access condition.In the example, User’s name is “Li Lei”, he is a student, and he will read the object of No.2 from 2018 Nov. 6^th to 7^th in the class room.

5.4 Algorithm

There are seven functions in algorithms of PreBAC.

1) \(\operatorname{Setup}(q) \rightarrow \text { param }\)

2) \(\text {KeyGen(param)} \rightarrow\left(s k_{i}, p k_{i}\right)\)

3) \(\text {First_Enc}\left(k, p k_{A}\right) \rightarrow E(k)_{A}\)

4) \(\text {ReKeyGen(para_, para_,conv) } \rightarrow \mathrm{rk}_{A \rightarrow U}\)

5) \(R e \operatorname{Enc}\left(E(k)_{A}, r k_{A \rightarrow U}\right) \rightarrow E(k)_{U}\)

6) \(\operatorname{Dec}_{1}\left(s k_{A}, E(k)_{A}\right) \rightarrow k\)

7) \(\operatorname{Dec}_{2}\left(s k_{U}, E(k)_{U}, \operatorname{con}_{U}\right) \rightarrow k,\)

6. Discussion

6.1 Properties

PreBAC has combined PRE and access control together. Based on PreBAC, if a data owner wants to share data M, she should encrypt M for one time instead of encrypt for each common users. She will upload the permission assignment to server in cloud and the servers are on duty for data re-encryption. The common user, who wants to access the data M, will obtain the M with his only private key instead of different keys for each kind of ciphertext. The system will finish the permission assignment based on the common user’s current access condition. In this section, we will analyze the properties of our work by comparing with other works, the detail will be shown in Table 2.

Table 2. properties analysis of our work

 

The properties of PreBAC are as follows.

1) Could be used for ciphertext fine-grained management or not?

JBE [7] , CPRE[8] and ACC-PRE[15] have not describe the ciphertext detailed, thus they can not Could be used for ciphertext fine-grained management. Type-PRE[13] and our scheme are suitable for fine-grained management.

2) Could be used for multi-factor or not?

The factors like identity, role,time or environment could be included in the parameter con U. CPRE[8] and our scheme could satisfy this requirement.

3) Is the users' encryption work difficult or not?

The work for data re-encryption is finished by cloud server instead of data owner, thus the users ' encryption work and cost will be reduced.

4) Is users' keys management work difficult or not?

The user will only need to manage his private key instead of different keys for different ciphertext, thus users' keys management work is much easier.

6.2 Security analysis

1) Security proof

(1) Security Model of PreBAC

We will setup the security model Based on [16] and DBDH problem, adversary A can query the oracles such as first round encryption, key generation, re-encryption key generation, re-encryption, and decryption .

Setup: Challenger setups system parameters \(param\).

Phase 1: Adversary could query one of the oracles including \(First\text{_}Enc, KeyGen, ReKeyGen, ReEnc, Dec_{1} and Dec_{2}.\)

During the querying of \(First\text{_}Enc, KeyGen, ReKeyGen, ReEnc, Dec_{1}, Dec_{2},\) A^'s private key is generated by \(KeyGen\).

Challenge: After A finishing Phase 1, the challenger picks \(m_{0}, m_{1} \in M\) , the multi-factor \(\mathrm{con}_{U} \mathrm{*}\)and public key \(p k^{*}\) which is also generated by \(KeyGen\) and corresponding private key is not disclosed. While A is querying \(ReKeyGen\) with \(\left(p k^{*}, p k^{\prime}, \operatorname{con}_U*\right),\) the corresponding private key of \(p k^{\prime}\) could not be disclosed. Challenger picks \(b \in\{0,1\}\) randomly and gets \(C_{b}=\text {First. } E n c\left(m_{b}, p k^{*}\right)\) as the challenge to A.

Phase 2: A is allowed to query the oracles as similar as Phase 1. While we need the constraints as follows..

a. If A queries \(ReKeyGen\) with \(\left(p k^{*}, p k^{\prime}, \operatorname{con}_{U}^{*}\right)\), the private key corresponding with \(p k^{\prime}\)is undisclosed.

b. If A queries \(ReEnc\) with \(\left(C_{h}, p k^{*}, p k^{\prime}, \operatorname{con}_{U}^{*}\right)\) , the private key corresponding with \(p k^{\prime}\) is undisclosed.

c. A cannot query \(D e c_{1}\) with \(\left(C_{h}, p k^{*}\right)\) directly.

d. If A queries \(ReKeyGen\) with \(\left(p k^{*}, p k^{\prime}, \operatorname{con}_{U}^{*}\right)\), A cannot query \(D e c_{2}\) with \(C_{b}^{\prime}\), where \(C_{b}^{\prime}\) is valid.

Guess: A gives a guess \(b^{\prime} \in\{0,1\}\), if \(b^{\prime}=b\), it will success.

Theorem: For assumption, we define the advantage of A to success as \(\epsilon\), and \(\varepsilon=\left|\operatorname{Pr}\left[b^{\prime}=b\right]-\frac{1}{2}\right|\). If \(\epsilon\) could be negligible, then A fail, It means that PreBAC is CCA security.

If DBDH assumption holds in groups \(\left(G_{1}, G_{2}\right)\), then \(\epsilon\) could be negligible and PreBAC is CCA security based on random oracle model.

(2) Proof scheme

Let us define challenging games set as \(\mathcal{G}_{i}(i=1, \cdots, 6)\), challenger as \(B\), and \(T_{i}\) as the event which will happen when \(b^{\prime}=b\) in \(\mathcal{G}_{i}\).

(a) \(\mathcal{G}_{0}\): The challenger\(B\) faithfully responses the oracle queries from \(A\). Meanwhile, \(B\) Setups \(H_{i}^{l i s t}(i=1, \cdots, 4)\) by selecting \(\pi_{1}, \pi_{4} \in G_{1}, \pi_{2} \in Z_{p}^{*}, \pi_{3} \in\{0,1\}^{l}\) and setting \(\left(p k_{i}, \pi_{1}\right),\left(m, k, \pi_{2}\right),\left(k, \pi_{3}\right),\left(c_{1}, c_{2}, c_{3}, c_{4}, \pi_{4}\right)\) in \(H_{i}^{l i s t}(i=1, \cdots, 4)\). Let \(\delta_{0}=\operatorname{Pr}\left[b^{\prime}=b\right]\), then \(\left|\delta_{0}-\frac{1}{2}\right|=\varepsilon\).

(b) \(\mathcal{G}_{1}\): Challenger \(B\) does in the same as \(\mathcal{G}_{0}\), except the following: \(B\) randomly picks up \(\tau \in\{1,2, \cdots, p+1\}\) to query \(H_{1}\) in \(\tau\) times. When \(B\) receives the challenge from \(A\) to query \(H_{1}\), \(B\) will aborts this game. Thus, the probability of \(B\) to succeed is at least \(\frac{1}{p+1}\). \(\delta_{1}=\operatorname{Pr}\left[b^{\prime}=b\right]\) in \(\mathcal{G}_{1}\), and then \(\operatorname{Pr}\left[T_{1}\right]=\frac{\delta_{1}}{p+1}\).

(c) \(\mathcal{G}_2\): Challenger \(B\) does as similar as \(\mathcal{G}_{1}\), besides conflicting \(H_{i}\). For hashes are defined under the random oracles, thus \(\left|\operatorname{Pr}\left[T_{1}\right]-\operatorname{Pr}\left[T_{2}\right]\right|\) could be negligible.

(d) \(\mathcal{G}_{3}\): Challenger \(B\) does as similar as \(\mathcal{G}_{2}\), besides the query of \(D e c_{2}\). In the oracle of \(D e c_{2}\) querying, if the input is \(\left(C, p k^{*}, \operatorname{con}_{U}^{*}\right)\) and \(A\) has not queried \(H_{1}\) with \(\left(p k^{*} \| \operatorname{con}_{U}^{*}\right)\), then \(B\) will abort this game, or \(B\) will return the ciphertext to \(A\). Because the hash functions are defined under the standard random oracles and the whole cryptography algorithms are certain, \(\left|\operatorname{Pr}\left[T_{2}\right]-\operatorname{Pr}\left[T_{3}\right]\right|\) is also negligible.

(e) \(\mathcal{G}_{4}\):Challenger \(B\) does as similar as \(\mathcal{G}_{3}\), besides the querying of \(D e c_{1}\). If \(A\) has not queried \(H_{2}\) with \(m_{b} \| k^{*}\), there is no differences  between \(\mathcal{G}_{4}\) and \(\mathcal{G}_{3}\). Therefore, \(\left|\operatorname{Pr}\left[T_{3}\right]-\operatorname{Pr}\left[T_{4}\right]\right|\) could be negligible.

(f) \(G_{5}\): Challenger \(B\) does as similar as \(\mathcal{G}_{4}\), besides the querying of \(ReKeyGen\) and \(ReEnc\) . During this query, \(B\) matches re-encryption key list with the condition \(\left(p k_{i}, p k_{j, \operatorname{con}_{U}^{*}}\right)\) proposed by \(A\). If there returns a result of this search, then \(B\) returns \(r k_{i \rightarrow j}\) to \(A\), or \(B\) will goon as follows.

If user \(i^{\prime} s\) private key is corrupted, which means \(s k_{i}=x_{i}\), then \(B\) computes \(r k_{i \rightarrow j}=\left(p k_{j}, p k_{j}^{r}, H_{1}\left(p k_{j} \| \operatorname{con}_{U}\right) \cdot H_{1}\left(p k_{i}\right)^{s k_{i}}, g^{-r}\right)\)

If user \(i^{\prime} s\) private key is uncorrupted, then \(B\) picks \(a \in{G_1}\), set \(s k_{i}=ax_{i}\), and compute \(r k_{i \rightarrow j}=\left(p k_{j}, p k_{j}^{r}, H_{1}\left(p k_{j} \| \operatorname{con}_{U}\right) \cdot H_{1}\left(p k_{i}\right)^{s k_{i}}, g^{-r}\right)\).

If \(j^{\prime} s\) private key is corrupted, \(B\) will abort.

When querying \(ReEnc\), \(B\) will compute re-encrypted cipher text by \(ReEnc\) with \(\left(p k_{i}, p k_{j}, C_{i}\right)\) proposed by \(A\). If it does not hold, \(B\) aborts. Or, \(B\) will search the private keys from the lists of private key and re-encryption key, then he returns cipher text to \(A\). If \(p k_{j}\) is not generated by \(KeyGen\), \(B\) aborts. \(\left|\operatorname{Pr}\left[T_{4}\right]-\operatorname{Pr}\left[T_{5}\right]\right|\) could be negligible.

(g) \(\mathcal{G}_{6}\): Challenger \(B\) does as similar as \(\mathcal{G}_{5}\), besidess the following situations.

When \(B\) gets \(A^{\prime} s\) challenging \(\left(m_{0}, m_{1}, c o n_{U}\right)\), \(B\) decrypts the cipher text, and then picks \(b \in\{0,1\}\) to compute \(k \in G_{2}, \quad r=H_{2}\left(m_{b} \| k\right), \quad c_{1}=g^{\prime}, \quad c_{2}=k \cdot e\left(p k_{i}, H_{1}\left(p k_{i}\right)\right)^{r}, \quad c_{3}=m \oplus H_{3}(k), \quad c_{4}=H_{1}\left(p k_{i}\right), \quad c_{5}=H_{4}\left(c_{1}\left\|c_{2}\right\| c_{3} \| c_{4}\right)^{r}\). Thus, \(\mathcal{G}_{6}\) is different from \(\mathcal{G}_{5}\) based on the querying of \(H_{3}\). The mathematical complexity of querying \(H_{3}\) is as similar as the DBDH problem, therefore \(\left|\operatorname{Pr}\left[T_{5}\right]-\operatorname{Pr}\left[T_{6}\right]\right|\) could be negligible. All the hash functions are defined under random oracles, thus \(\operatorname{Pr}\left[T_{6}\right]=\frac{1}{2(p+1)} \cdot\left|\operatorname{Pr}\left[T_{1}\right]-\operatorname{Pr}\left[T_{6} \|=\left|\operatorname{Pr}\left[T_{1}\right]-\frac{1}{2(p+1)}\right|\right.\right.\) could be negligible by analyzing in (a) to (g), the \(\operatorname{Pr}\left[T_{1}\right]=\frac{\delta_{0}}{p+1}\) and \(\left|\frac{2 \delta_{0}-1}{2(p+1)}\right|=\left|\frac{\delta_{0}-\frac{1}{2}}{(p+1)}\right|=\left|\frac{\varepsilon}{(p+1)}\right|\) could be negligible. Thus, \(\varepsilon\) could be negligible. And our proof scheme is finished.

2) System security analysis

Our scheme has encrypted information M by symmetric method based on traditional algorithms, which can defense the hacker attacking. And the symmetric k for M has been encrypted by the algorithm in Section 5.4, which is proved to be CCA-security.

7. Conclusion

With the development of cloud computing, the methods for data sharing and processing have been improved. The individual users could obtain information, software, platform or even infrastructure in the form of cloud services. However, cloud also brings a serious situation to users' privacy protection. Therefore, how to prevent the user's information from being lost and stolen becomes a vital issue for cloud. Access control is still useful for cloud as the other traditional technologies. For the special situations in cloud, how to design an access control scheme for both multi-factor and cryptographic management will a serious problem to be solved in cloud. We have proposed a PreBAC scheme; firstly, we have shown the motivation by an example. And then, we have given the aims and assumptions. Thirdly, the system model, system stages and algorithms have been explained. Finally, we have discuss the properties of PreBAC and proved the scheme. Our work is suitable for cloud computing without increasing the encryption and key management cost of individual user.