Lightweight and Decentralized Access Control for Cloud-Assisted Industrial Control Systems

Cloud-assisted industrial control systems (CA-ICS) are increasingly adopted for their ability to enhance efficiency, scalability, and remote access to resources. These systems integrate IoT devices for real-time monitoring and automated control, with the cloud supporting improved functionality and operational effectiveness. While CA-ICS provide several benefits, they face various data security challenges, such as unauthorized access, tampering, and leakage of sensitive data in an untrusted and dynamic cloud environment. In this work, we propose a ciphertext-policy attribute-based encryption (CP-ABE) framework to ensure secure and fine-grained access control on industrial data stored in the cloud. Our approach improves efficiency by replacing computationally intensive bilinear pairing operations with lightweight elliptic curve cryptography (ECC) based scalar multiplication operations. Our scheme utilizes decentralized attribute authorities to independently generate and distribute user private keys, avoiding coordination and preventing key escrow attacks. It uses unique global identifiers to combine key components which are linked to their specific attribute set. and facilitates efficient attribute revocation. Furthermore, our scheme employs fog nodes for partial decryption of ciphertext, which reduces computational overhead and latency for resource-constrained devices, thereby enhancing overall performance and response time. Theoretical analysis validates our proposed CP-ABE scheme's effectiveness and usability in CA-ICS, enhancing both security and the efficiency of remote monitoring and data-driven decision-making.