Attribute-based Encryption for Attribute-based Authentication, Authorization, Storage, and Transmission in Distributed Storage Systems

TL;DR

This paper presents a generic, configurable protocol using ciphertext-policy attribute-based encryption (CP-ABE) to enable secure, fine-grained attribute-based authentication, authorization, storage, and transmission in distributed storage systems, addressing security and scalability.

Contribution

It introduces a black-box approach to utilize any CP-ABE system for attribute-based access control in distributed storage environments.

Findings

Developed a stateless protocol for secure attribute-based operations.

Implemented a distributed storage system based on the protocol.

Outlined future research directions enabled by the protocol.

Abstract

Attribute-based encryption is a form of encryption which offers the capacity to encrypt data such that it is only accessible to individuals holding a satisfactory configuration of attributes. As cloud and distributed computing become more pervasive in both private and public spheres, attribute-based encryption holds potential to address the issue of achieving secure authentication, authorization, and transmission in these environments where performance must scale with security while also supporting fine-grained access control among a massively large number of consumers. With this work, we offer an example generic configurable stateless protocol for secure attribute-based authentication, authorization, storage, and transmission in distributed storage systems based upon ciphertext-policy attribute-based encryption (CP-ABE), discuss the experience of implementing a distributed storage system around this protocol, and present future avenues of work enabled by such a protocol. The key contribution of this work is an illustration of a means by which any CP-ABE system may be utilized in a black-box manner for attribute-based authentication and cryptographically enforced attribute-based access control in distributed storage systems.