In dynamic environments such as disaster management, mechanisms for the controlled override of access restrictions, a.k.a. break-glass need to be supported. These access control mechanisms should ensure access to facilities, for example, an office building, in an emergency situation, without relying on the use of an online authentication server as connectivity might not be available. In this paper, we propose a break-glass access control mechanism based on a novel use of QR codes, Shamir's Secret Sharing Scheme and Attribute Based Encryption. Our proposed solution is such that a secret access key is split using Shamir's secret sharing scheme and encrypted using attribute based encryption, then encoded in a QR code. Subsequently, emergency actors scan the QR code and recover the individual secret key using their attributes satisfying an access policy associated with the ciphertext. The novelty of our solution lies in the fact that a flexible access control is ensured only when a sufficient number of authorized users collaborate to get access to a building without requiring an online third party. In addition, the access secret key is only decrypted by the authorized users thanks to the use of an attribute based encryption scheme. Finally, we demonstrate the feasibility and the efficiency of the solution by implementing a prototype and analysing its performance.

Emergency access control management via attribute based encrypted QR codes

Gochhayat S. P.;Conti M.;
2018

Abstract

In dynamic environments such as disaster management, mechanisms for the controlled override of access restrictions, a.k.a. break-glass need to be supported. These access control mechanisms should ensure access to facilities, for example, an office building, in an emergency situation, without relying on the use of an online authentication server as connectivity might not be available. In this paper, we propose a break-glass access control mechanism based on a novel use of QR codes, Shamir's Secret Sharing Scheme and Attribute Based Encryption. Our proposed solution is such that a secret access key is split using Shamir's secret sharing scheme and encrypted using attribute based encryption, then encoded in a QR code. Subsequently, emergency actors scan the QR code and recover the individual secret key using their attributes satisfying an access policy associated with the ciphertext. The novelty of our solution lies in the fact that a flexible access control is ensured only when a sufficient number of authorized users collaborate to get access to a building without requiring an online third party. In addition, the access secret key is only decrypted by the authorized users thanks to the use of an attribute based encryption scheme. Finally, we demonstrate the feasibility and the efficiency of the solution by implementing a prototype and analysing its performance.
2018
2018 IEEE Conference on Communications and Network Security, CNS 2018
6th IEEE Conference on Communications and Network Security, CNS 2018
978-1-5386-4586-4
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11577/3340666
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? 2
  • OpenAlex ND
social impact