MODEL OF PROTECTED DATA STORAGE IN DISTRIBUTED DATABASES BASED ON ATTRIBUTE ENCRYPTION FOR CRITICAL INFORMATION AND COMMUNICATION SYSTEMS

Abstract

This paper presents a secure data storage model for distributed databases based on attribute-based encryption (ABE), specifically tailored for critical information and communication systems (ICS). The proposed architecture incorporates data fragmentation, hybrid encryption using Ciphertext-Policy Attribute-Based Encryption (CP-ABE) for access keys and symmetric algorithms for message encryption, along with the integration of access control policies within the database management system (DBMS). The model introduces a decentralized access mechanism where access rules are embedded into the ciphertext and verified solely on the client side, eliminating the need for full trust in nodes or centralized authorization servers.

An experimental evaluation in a virtual distributed environment demonstrates the model’s effectiveness in terms of decryption time, ciphertext size, resistance to unauthorized access, and balanced node load. The use of PostgreSQL with Row-Level Security (RLS) policies and the formalization of access control through logical expressions in policy tables ensures end-to-end data protection. Notably, the hybrid scheme reduces computational load by encrypting only the keys, making the model suitable for real-time systems and resource-constrained environments.

The novelty lies in the combination of CP-ABE mechanisms with data fragmentation, dynamic fragment placement, and embedded policy verification within the DBMS. Future research directions include support for dynamically changing attributes (such as situational roles or context), attribute revocation, optimization of fragment distribution based on network topology and load balancing, and blockchain integration to ensure tamper-proof access logging. This work advances secure, scalable, and adaptable data protection in distributed critical infrastructures.