Object-Based Security with Attribute-Based Encryption: A feasibility Study

Authors:

  • Lars Westerdahl
  • Amund Gudmundson Hunstad
  • Fredrik Mörnestedt

Publish date: 2014-12-31

Report number: FOI-R--4002--SE

Pages: 52

Written in: English

Keywords:

  • Object-Based Security
  • Attribute-Based Encryption
  • Access Control

Abstract

Object-Based Security (OBS) is a vision of information objects being able to carry with them a protective capability that preserves the properties confidentiality, integrity, and availability. Regular client - server solutions can fulfil the requirements for access control but requires that the consumer of the information is connected to the source of the information object. According to OBS, an access control function should provide service even if there is no connection to such a function. An information object which is transferred to a consumer, for instance via a thumb drive, provides the consumer with access to the actual information object but would, according to OBS, still need to be authorized before accessing the content. In this report, a study of a technical candidate for the fulfilment of OBS is presented. The encryption method Attribute-Based Encryption (ABE) has been analysed through a set of questions which identify the OBS needs. In the report, a conceptual architecture is proposed which shows how ABE can be utilized to achieve an OBS solution.