An Implementation of Object-Based Storage System Access Control Based on IBE

Abstract

Object-based Storage System (OBSS) is the ideal solution to improve performance of large-scale storage systems by virtue of distributed storage architecture. However, existing OBSS adopts complex security scheme, and takes little consideration on how to reduce the overhead of storage security. Most of traditional Access Control Based on Certificate (ACBC) will generate abundant certificate, which will lend to the Meta-Data Server (MDS) overload. So we introduce Identity-Based Encryption (IBE) to the OBSS, and proposed a novel Access Control Based on IBE (ACBI). In ACBI the public key can be calculated according with their identity, and need not maintain public key certificate for each entity. Thereby ACBI can significantly reduce the overhead of certificate management. At the same time, ACBI associated the access control list (ACL) with the object, the users will not required to ask the MDS for authorization, they can directly access the storage device. The storage system depends on user’s identity to authenticate user's access permission, which simplifying the access control process. The experiment results demonstrated that security overhead of ACBI on MDS is only 48.7% in comparison to ACBC. Meanwhile, ACBI made the security module load of OBSS only employ 74.5% response time compared to ACBC.