An efficient attribute-based access control system with break-glass capability for cloud-assisted industrial control system

In the era of Industry4.0, cloud-assisted industrial control system (ICS) is considered to be the most promising technology for industrial processing automation systems. However, the emerging attack techniques targeted at ICS underlines the importance of data security. To protect the data from the unauthorized accesses, attribute-based encryption is utilized to meet the requirement of confidentiality and access control demand of an open network environment. In ICS scenarios, it is critically important to offer the timely and efficient service, especially in the emergency situations. This paper proposes an efficient access control strategy that enables two access modes: attribute-based access and emergency break-glass access. Normally, users can access the encrypted data as long as their attributes satisfy the access policy specified by the data owner. In emergency cases, emergency situation handlers can override the access control policy of the encrypted data by the break-glass access capability. To eliminate the overhead for data consumers, the scheme outsources the data decryption and policy updating to the semi-trusted fog and cloud. The scheme also implements the CP-ABE scheme in terms of an asymmetric Type-3 pairings instead of the symmetric Type-1 pairings, which are inefficient and have security issues. Finally, the paper analyses the security of the scheme, evaluates its performance, and compares it with related works.