Lightweight and Decentralized Access Control for Cloud-Assisted Industrial Control Systems
Pages 71 - 78
Abstract
Cloud-assisted industrial control systems (CA-ICS ) are increasingly adopted for their ability to enhance efficiency, scalability, and remote access to resources. These systems integrate IoT devices for real-time monitoring and automated control, with the cloud supporting improved functionality and operational effectiveness. While CA-ICS provide several benefits, they face various data security challenges, such as unauthorized access, tampering, and leakage of sensitive data in an untrusted and dynamic cloud environment. In this work, we propose a ciphertext-policy attribute-based encryption (CP-ABE) framework to ensure secure and fine-grained access control on industrial data stored in the cloud. Our approach improves efficiency by replacing computationally intensive bilinear pairing operations with lightweight elliptic curve cryptography (ECC) based scalar multiplication operations. Our scheme utilizes decentralized attribute authorities to independently generate and distribute user private keys, avoiding coordination and preventing key escrow attacks. It uses unique global identifiers to combine key components which are linked to their specific attribute set. and facilitates efficient attribute revocation. Furthermore, our scheme employs fog nodes for partial decryption of ciphertext, which reduces computational overhead and latency for resource-constrained devices, thereby enhancing overall performance and response time. Theoretical analysis validates our proposed CP-ABE scheme's effectiveness and usability in CA-ICS, enhancing both security and the efficiency of remote monitoring and data-driven decision-making.
References
[1]
Riccardo Bacci di Capaci and Claudio Scali. 2020. A cloud-based monitoring system for performance assessment of industrial plants. Industrial & Engineering Chemistry Research, Vol. 59, 6 (2020), 2341--2352.
[2]
Amos Beimel. 2011. Secret-sharing schemes: A survey. In International conference on coding and cryptology. Springer, 11--46.
[3]
J Bethencourt, A Sahai, and B Waters. 2007. Ciphertext-policy attribute-based encryption. In IEEE symposium on security and privacy (SP'07). IEEE, 321--334.
[4]
Deval Bhamare, Maede Zolanvari, Aiman Erbad, Raj Jain, Khaled Khan, and Nader Meskin. 2020. Cybersecurity for industrial control systems: A survey. computers & security, Vol. 89 (2020), 101677.
[5]
Dan Boneh. 2007. Bilinear Groups of Composite Order. In Pairing-Based Cryptography -- Pairing 2007, Tsuyoshi Takagi, Tatsuaki Okamoto, Eiji Okamoto, and Takeshi Okamoto (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 1--1.
[6]
Rui Cheng, Kehe Wu, Yuling Su, Wei Li, Wenchao Cui, and Jie Tong. 2021. An efficient ECC-based CP-ABE scheme for power IoT. Processes, Vol. 9, 7 (2021), 1176.
[7]
Sangjukta Das and Suyel Namasudra. 2023. Multiauthority CP-ABE-based Access Control Model for IoT-enabled Healthcare Infrastructure. IEEE Transactions on Industrial Informatics, Vol. 19, 1 (2023), 821--829. https://doi.org/10.1109/TII.2022.3167842
[8]
Sheng Ding, Chen Li, and Hui Li. 2018. A Novel Efficient Pairing-Free CP-ABE Based on Elliptic Curve Cryptography for IoT. IEEE Access, Vol. 6 (2018), 27336--27345. https://doi.org/10.1109/ACCESS.2018.2836350
[9]
Somchart Fugkeaw. 2021. Secure data sharing with efficient key update for industrial cloud-based access control. IEEE Transactions on Services Computing, Vol. 16, 1 (2021), 575--587.
[10]
Omid Givehchi, Henning Trsek, and Juergen Jasperneite. 2013. Cloud computing for industrial automation systemsA comprehensive overview. In 2013 IEEE 18th Conference on Emerging Technologies & Factory Automation (ETFA). IEEE, 1--4.
[11]
Vipul Goyal, Omkant Pandey, Amit Sahai, and Brent Waters. 2006. Attribute-based encryption for fine-grained access control of encrypted data. In Proceedings of the 13th ACM conference on Computer and communications security. 89--98.
[12]
Darrel Hankerson and Alfred Menezes. 2021. Elliptic curve cryptography. Encyclopedia of Cryptography, Security and Privacy. Springer, 1--2.
[13]
Junbeom Hur, Dongyoung Koo, Seong Oun Hwang, and Kyungtae Kang. 2013. Removing escrow from ciphertext policy attribute-based encryption. Computers & Mathematics with Applications, Vol. 65, 9 (2013), 1310--1317.
[14]
Allison Lewko and Brent Waters. 2011. Decentralizing attribute-based encryption. In Annual international conference on the theory and applications of cryptographic techniques. Springer, 568--588.
[15]
Long Li, Tianlong Gu, Liang Chang, Jingjing Li, and Junyan Qian. 2018. CP-ABE based access control with policy updating and fast decryption for intelligent manufacturing. Journal of Internet Technology, Vol. 19, 3 (2018), 825--836.
[16]
Wei Luo, Ziyi Lv, Laipu Yang, Gang Han, and Xiaoli Zhang. 2024. FOC-PH-CP-ABE: an efficient CP-ABE scheme with fully outsourced computation and policy-hidden in the Industrial Internet of Things. IEEE Sensors Journal (2024).
[17]
Vanga Odelu and Ashok Kumar Das. 2016. Design of a new CP-ABE with constant-size secret keys for lightweight devices using elliptic curve cryptography. Security and Communication Networks, Vol. 9, 17 (2016), 4048--4059.
[18]
Vanga Odelu, Ashok Kumar Das, Muhammad Khurram Khan, Kim-Kwang Raymond Choo, and Minho Jo. 2017. Expressive CP-ABE scheme for mobile devices in IoT satisfying constant-size keys and ciphertexts. IEEE Access, Vol. 5 (2017), 3273--3283.
[19]
Xuanmei Qin, Yongfeng Huang, and Xing Li. 2020. An ECC-based access control scheme with lightweight decryption and conditional authentication for data sharing in vehicular networks. Soft Computing, Vol. 24 (2020), 18881--18891.
[20]
Joseph H Silverman. 2000. The xedni calculus and the elliptic curve discrete logarithm problem. Designs, Codes and Cryptography, Vol. 20, 1 (2000), 5--40.
[21]
K Sowjanya, Mou Dasgupta, and Sangram Ray. 2021. A lightweight key management scheme for key-escrow-free ECC-based CP-ABE for IoT healthcare systems. Journal of Systems Architecture, Vol. 117 (2021), 102108.
[22]
Yuanfei Tu, Qingjian Su, and Yang Geng. 2020. Enabling secure and efficient data sharing and integrity auditing for cloud-assisted industrial control system. In Big Data and Security: First International Conference, ICBDS 2019, Nanjing, China, December 20--22, 2019, Revised Selected Papers 1. Springer, 514--528.
[23]
Yuanfei Tu, Jing Wang, Geng Yang, and Ben Liu. 2021. An efficient attribute-based access control system with break-glass capability for cloud-assisted industrial control system. Mathematical Biosciences and Engineering, Vol. 18, 4 (2021), 3559--3577.
[24]
Xuanxia Yao, Zhi Chen, and Ye Tian. 2015. A lightweight attribute-based encryption scheme for the Internet of Things. Future Generation Computer Systems, Vol. 49 (2015), 104--112.
[25]
Yang Zhao, Mao Ren, Songquan Jiang, Guobin Zhu, and Hu Xiong. 2019. An efficient and revocable storage CP-ABE scheme in the cloud computing. Computing, Vol. 101 (2019), 1041--1065.
[26]
Dominik Ziegler, Josef Sabongui, and Gerald Palfinger. 2019. Fine-grained access control in industrial Internet of Things: evaluating outsourced attribute-based encryption. In ICT Systems Security and Privacy Protection: 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25--27, 2019, Proceedings 34. Springer, 91--104.
Index Terms
- Lightweight and Decentralized Access Control for Cloud-Assisted Industrial Control Systems
Recommendations
Efficiently Attribute-Based Access Control for Mobile Cloud Storage System
TRUSTCOM '14: Proceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and CommunicationsSimilar with other outsourced services, cloud storage faces the serious issue of user data security. To keep data confidential against unauthorized cloud servers and users, Attribute-Based Encryption (ABE) for access control is widely adopted. However, ...
An efficient and revocable storage CP-ABE scheme in the cloud computing
As a special kind of public-key encryption, attribute-based encryption (ABE) is able to achieve fine-grained access control mechanism by offering one-to-many encryption. Due to such unique characteristic, this primitive is widely employed in the cloud ...
CP-ABE with outsourced decryption and directionally hidden policy
Ciphertext-policy attribute-based encryption CP-ABE is a novel cryptographic primitive for access controlling. However, the existing CP-ABE schemes are very inefficient as the decryptions involve many expensive pairing operations. Another drawback is ...
Comments
Information & Contributors
Information
Published In
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 20 November 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CCS '24
Sponsor:
CCS '24: ACM SIGSAC Conference on Computer and Communications Security
October 14 - 18, 2024
UT, Salt Lake City, USA
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 75Total Downloads
- Downloads (Last 12 months)75
- Downloads (Last 6 weeks)24
Reflects downloads up to 25 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in