Attribute-based Encryption for Attribute-based Authentication, Authorization, Storage, and Transmission in Distributed Storage Systems
This addresses security and access control challenges in cloud and distributed computing environments, though it appears incremental as it builds upon existing CP-ABE methods.
The paper tackles the problem of secure authentication, authorization, storage, and transmission in distributed storage systems by proposing a generic configurable stateless protocol based on ciphertext-policy attribute-based encryption (CP-ABE), illustrating how CP-ABE can be used in a black-box manner for these purposes.
Attribute-based encryption is a form of encryption which offers the capacity to encrypt data such that it is only accessible to individuals holding a satisfactory configuration of attributes. As cloud and distributed computing become more pervasive in both private and public spheres, attribute-based encryption holds potential to address the issue of achieving secure authentication, authorization, and transmission in these environments where performance must scale with security while also supporting fine-grained access control among a massively large number of consumers. With this work, we offer an example generic configurable stateless protocol for secure attribute-based authentication, authorization, storage, and transmission in distributed storage systems based upon ciphertext-policy attribute-based encryption (CP-ABE), discuss the experience of implementing a distributed storage system around this protocol, and present future avenues of work enabled by such a protocol. The key contribution of this work is an illustration of a means by which any CP-ABE system may be utilized in a black-box manner for attribute-based authentication and cryptographically enforced attribute-based access control in distributed storage systems.