Emergency access control management via attribute based encrypted QR codes

Abstract

In dynamic environments such as disaster management, mechanisms for the controlled override of access
restrictions, a.k.a. break-glass need to be supported. These access control mechanisms should ensure access to facilities, for example, an office building, in an emergency situation, without relying on the use of an online authentication server as connectivity might not be available.
In this paper, we propose a break-glass access control mechanism based on a novel use of QR codes, Shamir’s Secret Sharing
Scheme and Attribute Based Encryption. Our proposed solution
is such that a secret access key is split using Shamir’s secret
sharing scheme and encrypted using attribute based encryption,
then encoded in a QR code. Subsequently, emergency actors
scan the QR code and recover the individual secret key using
their attributes satisfying an access policy associated with the
ciphertext. The novelty of our solution lies in the fact that a
flexible access control is ensured only when a sufficient number
of authorized users collaborate to get access to a building without
requiring an online third party. In addition, the access secret key
is only decrypted by the authorized users thanks to the use of
an attribute based encryption scheme. Finally, we demonstrate
the feasibility and the efficiency of the solution by implementing
a prototype and analysing its performance.