TUM Logo

Practical Decentralized Attribute-Based Delegation Using Secure Name Systems

Identity and trust in the modern Internet are centralized around an oligopoly of identity service providers consisting solely of major tech companies. The problem with centralizing trust has become evident in recent discoveries of mass surveillance and censorship programs as well as information leakage through hacking incidents. One approach to decentralizing trust is distributed, attribute-based access control via attribute-based delegation (ABD). Attribute-based delegation allows a large number of cross-domain attribute issuers to be used in making authorization decisions. Attributes are not only issued to identities, but can also be delegated to other attributes issued by different entities in the system. The resulting trust chains can then be resolved by any entity given an appropriate attribute storage and resolution system. While current proposals often fail at the practicability, we show how attribute-based delegation can be realized on top of the secure GNU Name System (GNS) to solve an authorization problem in a real-world scenario.

Practical Decentralized Attribute-Based Delegation Using Secure Name Systems

International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

Authors: Martin Schanzenbach, Christian Banse, and Julian Schütte
Year/month: 2018/8
Booktitle: International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Pages: 244-251
Publisher: IEEE
Fulltext: click here

Abstract

Identity and trust in the modern Internet are centralized around an oligopoly of identity service providers consisting solely of major tech companies. The problem with centralizing trust has become evident in recent discoveries of mass surveillance and censorship programs as well as information leakage through hacking incidents. One approach to decentralizing trust is distributed, attribute-based access control via attribute-based delegation (ABD). Attribute-based delegation allows a large number of cross-domain attribute issuers to be used in making authorization decisions. Attributes are not only issued to identities, but can also be delegated to other attributes issued by different entities in the system. The resulting trust chains can then be resolved by any entity given an appropriate attribute storage and resolution system. While current proposals often fail at the practicability, we show how attribute-based delegation can be realized on top of the secure GNU Name System (GNS) to solve an authorization problem in a real-world scenario.

Bibtex:

@inproceedings { schanzenbach2018abd,
author = { Martin Schanzenbach and Christian Banse and Julian Schütte},
title = { Practical Decentralized Attribute-Based Delegation Using Secure Name Systems },
year = { 2018 },
month = { August },
booktitle = { International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) },
pages = { 244-251 },
publisher = { IEEE },
url = { http://dx.doi.org/10.1109/TrustCom/BigDataSE.2018.00046 },

}