Attribute-based encryption, especially for cipher text-policy attribute-based encryption, can fulfill the
functionality of fine-grained access control in cloud storage systems. Since users’ attributes may be
issued by multiple attribute authorities, multiauthority cipher text-policy attribute based encryption is
an emerging cryptographic primitive for enforcing attribute-based access control on outsourced data.
However, most of the existing multi-authority attribute-based systems are either insecure in attribute-
level revocation or lack of efficiency in communication overhead and computation cost. In this paper,
we propose an attribute-based access control scheme with two-factor protection for multi-authority
cloud storage systems. In our proposed scheme, any user can recover the outsourced data if and only if
this user holds sufficient attribute secret keys with respect to the access policy and authorization key in
regard to the outsourced data. Besides supporting the attribute-level revocation, our proposed scheme
allows data owner to carry out the user-level revocation. Index Terms—Attribute-based encryption,
multi-authority cloud storage, two-factor protection, attribute-level revocation, user-level revocation.