ABAC Implementation Based on Key Pre-Distribution Scheme

Abstract

Abstract In the article, the KDP key pre-distribution scheme is modified for attribute access control. A scheme for implementing attribute-based access control on symmetric encryption is proposed. There are three participants in the scheme: a key distribution server, a subject, and a storage server. The key distribution server sends key content over secure channels when the system is initialized. The key materials content is determined by the attributes of the object and the subject. The storage server calculates the object ′s encryption key based on the object ′s key materials and attributes. The object is stored encrypted. If the subject has the necessary attributes, it can calculate the encryption key and access to object. If the subject does not have a sufficient set of attributes, the key cannot be computed and access is denied.