research-article

Context-Aware Attribute Based Access Control for Cloud-based SCADA Systems

Authors:

KASTURI ROUTRAY,

Padmalochan BeraAuthors Info & Claims

IIoT-NETs '23: Proceedings of the 1st Workshop on Enhanced Network Techniques and Technologies for the Industrial IoT to Cloud Continuum

Pages 35 - 40

https://doi.org/10.1145/3609389.3610569

Published: 10 September 2023 Publication History

Abstract

Cloud-based SCADA (Supervisory Control and Data Acquisition) systems enable seamless access to internet of things (IoT) operational data for employees at control facilities and operators working on the field for automated control and monitoring of industrial infrastructure. In this work, we introduced a novel approach based on ciphertext policy attribute-based encryption (CP-ABE) to ensure secure and fine-grained access control over data stored in the cloud. Our proposed scheme considers static and dynamic attributes of the users to devise an access policy. Contextual locks are introduced for defining constraints on dynamic attributes. These locks are independent of the user's attribute sets; thus, they don't require decryption keys to be associated with dynamic attributes. This avoids system overhead with frequent changes in contextual parameters. To protect the confidentiality of the access policy, we obfuscate its attributes during the data-sharing process. Moreover, our proposed scheme prevents key escrow attacks on cloud-stored data. Additionally, fog servers are employed to verify the user's contextual attributes and reduce the computational overhead of decryption for end users. Our scheme enhances the security and integrity of remote process control and monitoring in industrial systems while leveraging the benefits of real-time data analysis and decision-making.

References

[1]

Amel Arfaoui, Soumaya Cherkaoui, Ali Kribeche, and Sidi Mohammed Senouci. 2020. Context-Aware Adaptive Remote Access for IoT Applications. IEEE Internet of Things Journal 7, 1, 786--799.

[2]

Lynn B. 2007. PBC Library: The Pairing-Based Cryptography Library. Available at:https://crypto.stanford.edu/pbc.

[3]

Yaser Baseri, Abdelhakim Hafid, and Soumaya Cherkaoui. 2016. K-anonymous location-based fine-grained access control for mobile cloud. In 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC). 720--725.

Digital Library

[4]

Yaser Baseri, Abdelhakim Hafid, and Soumaya Cherkaoui. 2018. Privacy preserving fine-grained location-based access control for mobile cloud. Computers & Security 73, 249--265.

[5]

John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-Policy Attribute-Based Encryption. In 2007 IEEE Symposium on Security and Privacy (SP '07). 321--334.

Digital Library

[6]

Dan Boneh. 2007. Bilinear Groups of Composite Order. In Pairing-Based Cryptography - Pairing 2007, Tsuyoshi Takagi, Tatsuaki Okamoto, Eiji Okamoto, and Takeshi Okamoto (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 1--1.

[7]

Iwailo Denisow, Sebastian Zickau, Felix Beierle, and Axel Küpper. 2015. Dynamic Location Information in Attribute-Based Encryption Schemes. In 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies. 240--247.

[8]

W. Diffie and M.E. Hellman. 1977. Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard. Computer 10, 6, 74--84.

Digital Library

[9]

Aniket Kate, Greg Zaverucha, and Ian Goldberg. 2007. Pairing-Based Onion Routing. In Privacy Enhancing Technologies, Nikita Borisov and Philippe Golle (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 95--112.

[10]

Zechao Liu, Zoe L. Jiang, Xuan Wang, S. M. Yiu, Ruoqing Zhang, and Yulin Wu. 2018. A Temporal and Spatial Constrained Attribute-Based Access Control Scheme for Cloud Storage. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). 614--623.

[11]

National Institute of Standards and Technology. November 26, 2001. Announcing the Advanced Encryption Standard (AES) (Technical Report), Vol. Processing Standards Publication 197. Federal Information Processing Standards Publications.

[12]

Amit Sahai and Brent Waters. 2005. Fuzzy Identity-Based Encryption. In Advances in Cryptology - EUROCRYPT 2005, Ronald Cramer (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 457--473.

Digital Library

[13]

Anam Sajid, Haider Abbas, and Kashif Saleem. 2016. Cloud-Assisted IoT-Based SCADA Systems Security: A Review of the State of the Art and Future Challenges. IEEE Access 4, 1375--1384.

[14]

Stefan G. Weber. 2009. Securing First Response Coordination with Dynamic Attribute-Based Encryption. In 2009 World Congress on Privacy, Security, Trust and the Management of e-Business. 58--69.

Digital Library

[15]

Stefan G. Weber. 2012. A Hybrid Attribute-Based Encryption Technique Supporting Expressive Policies and Dynamic Attributes. Information Security Journal: A Global Perspective 21, 6 (2012), 297--305.

Digital Library

[16]

Yingjie Xue, Jianan Hong, Wei Li, Kaiping Xue, and Peilin Hong. 2016. LABAC: A Location-Aware Attribute-Based Access Control Scheme for Cloud Storage. In 2016 IEEE Global Communications Conference (GLOBECOM). 1--6.

Digital Library

Cited By

Mondal SChakraborty S(2025)TruChain: A Blockchain-based Access Control to Improve the Security of Smart Water Grid Systems2025 17th International Conference on COMmunication Systems and NETworks (COMSNETS)10.1109/COMSNETS63942.2025.10885771(881-885)Online publication date: 6-Jan-2025
https://doi.org/10.1109/COMSNETS63942.2025.10885771
Wali AAlshehry F(2024)A Survey of Security Challenges in Cloud-Based SCADA SystemsComputers10.3390/computers1304009713:4(97)Online publication date: 11-Apr-2024
https://doi.org/10.3390/computers13040097
Routray KBera P(2024)Risk-Aware Lightweight Data Access Control for Cloud-Assisted IIoT: A Zero-Trust ApproachProceedings of the SIGCOMM Workshop on Zero Trust Architecture for Next Generation Communications10.1145/3672200.3673880(40-42)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672200.3673880

Index Terms

Context-Aware Attribute Based Access Control for Cloud-based SCADA Systems
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy

Index terms have been assigned to the content through auto-classification.

Recommendations

Attribute-based encryption schemes with constant-size ciphertexts

Attribute-based encryption (ABE), as introduced by Sahai and Waters, allows for fine-grained access control on encrypted data. In its key-policy flavor (the dual ciphertext-policy scenario proceeds the other way around), the primitive enables senders to ...
A Cloud-Based Access Control Scheme withźUser Revocation and Attribute Update
Proceedings, Part I, of the 21st Australasian Conference on Information Security and Privacy - Volume 9722

Ciphertext-policy attribute-based encryption CP-ABE is a well-known cryptographic technology for guaranteeing data confidentiality but also fine-grained data access control. It enables data owners to define flexible access policy for cloud-based data ...
Fine-grained user access control in ciphertext-policy attribute-based encryption

Key revocation is one of the most challenging and open issues in attribute-based encryption (ABE). The previous revocable ABE schemes feature a mechanism that revokes the attribute key periodically without any consideration of the user membership ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IIoT-NETs '23: Proceedings of the 1st Workshop on Enhanced Network Techniques and Technologies for the Industrial IoT to Cloud Continuum

September 2023

51 pages

ISBN:9798400703027

DOI:10.1145/3609389

Copyright © 2023 ACM.

Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 September 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

IIoT-NETs '23

Sponsor:

SIGCOMM

IIoT-NETs '23: 1st Workshop on Enhanced Network Techniques and Technologies for the Industrial IoT to Cloud Continuum

September 10, 2023

NY, New York, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
122
Total Downloads

Downloads (Last 12 months)80
Downloads (Last 6 weeks)4

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mondal SChakraborty S(2025)TruChain: A Blockchain-based Access Control to Improve the Security of Smart Water Grid Systems2025 17th International Conference on COMmunication Systems and NETworks (COMSNETS)10.1109/COMSNETS63942.2025.10885771(881-885)Online publication date: 6-Jan-2025
https://doi.org/10.1109/COMSNETS63942.2025.10885771
Wali AAlshehry F(2024)A Survey of Security Challenges in Cloud-Based SCADA SystemsComputers10.3390/computers1304009713:4(97)Online publication date: 11-Apr-2024
https://doi.org/10.3390/computers13040097
Routray KBera P(2024)Risk-Aware Lightweight Data Access Control for Cloud-Assisted IIoT: A Zero-Trust ApproachProceedings of the SIGCOMM Workshop on Zero Trust Architecture for Next Generation Communications10.1145/3672200.3673880(40-42)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672200.3673880

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten