Attribute-based Encryption for Attribute-based Authentication, Authorization, Storage, and Transmission in Distributed Storage Systems

Abstract: Attribute-based encryption is a form of encryption which offers the capacity to encrypt data such that it is only accessible to individuals holding a satisfactory configuration of attributes. As cloud and distributed computing become more pervasive in both private and public spheres, attribute-based encryption holds potential to address the issue of achieving secure authentication, authorization, and transmission in these environments where performance must scale with security while also supporting fine-grained access control among a massively large number of consumers. With this work, we offer an example generic configurable stateless protocol for secure attribute-based authentication, authorization, storage, and transmission in distributed storage systems based upon ciphertext-policy attribute-based encryption (CP-ABE), discuss the experience of implementing a distributed storage system around this protocol, and present future avenues of work enabled by such a protocol. The key contribution of this work is an illustration of a means by which any CP-ABE system may be utilized in a black-box manner for attribute-based authentication and cryptographically enforced attribute-based access control in distributed storage systems.