Supporting Internet-Based Location for Location-Based Access Control in Enterprise Cloud Storage Solution
The emergence of the Internet allows the enterprise to implement telework policy in order for the employee to work and access company file anytime, anywhere. But it raises the challenge for the enterprise to enforce physical access control on enterprise’s files to the employee outside the enterprise network. One of the solutions for the enterprise to enforce physical access control of its files is implementing location-based access control (LBAC) model to allow the employee to access a file at the pre-determined location. We propose an extension of the LBAC model to include Internet-based location as an input for location constraint used for the access control decision and authorization where Internet-connected device is mapped into a physical location using the IP geolocation method. Our approach could be used as an alternative user’s location determination and location verification methods, especially for mobile devices with minimum self-geolocation capability. We implement our proposal into proof-of-concept enterprise cloud storage solution called CloudRAID for Business (CfB) by combining Internet-based geolocation service, delay-based measurement technique, and open source information. Our evaluation’s result shows that our implementation is able to grant user access control of the system once the user’s location is in the pre-determined location.
KeywordsLocation-based access control Internet-based geolocation Delay-based measurement GPS WiFi access points Enterprise cloud storage system
We would like to thank Bundesdruckerei GmbH for the support of this paper. We also would like to thank Lasse Jahn, Marco Schaarschmidt, Kerstin Andree, and Niklas Dornick for their help developing the prototype of our approach.
- 1.Ardagna, C.A., Cremonini, M., Damiani, E., di Vimercati, S.D.C., Samarati, P.: Supporting location-based conditions in access control policies. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 212–222. ACM (2006)Google Scholar
- 2.Baracaldo, N., Palanisamy, B., Joshi, J.: Geo-social-RBAC: a location-based socially aware access control framework. In: International Conference on Network and System Security, pp. 501–509. Springer (2014)Google Scholar
- 4.Decker, M.: Requirements for a location-based access control model. In: Proceedings of the 6th International Conference on Advances in Mobile Computing and Multimedia, pp. 346–349. ACM (2008)Google Scholar
- 5.Gharaibeh, M., Shah, A., Huffaker, B., Zhang, H., Ensafi, R., Papadopoulos, C.: A look at router geolocation in public and commercial databases. In: Proceedings of the 2017 Internet Measurement Conference, pp. 463–469. ACM (2017)Google Scholar
- 7.Kirkpatrick, M.S., Ghinita, G., Bertino, E.: Privacy-preserving enforcement of spatially aware rbac. IEEE Trans. Dependable Secure Comput. 9(5), 627–640 (2012)Google Scholar
- 9.Lenders, V., Koukoumidis, E., Zhang, P., Martonosi, M.: Location-based trust for mobile user-generated content: applications, challenges and implementations. In: Proceedings of the 9th Workshop on Mobile Computing Systems and Applications, pp. 60–64. ACM (2008)Google Scholar
- 10.Padmanabhan, R., Dhamdhere, A., Aben, E., Spring, N., et al.: Reasons dynamic addresses change. In: Proceedings of the 2016 Internet Measurement Conference, pp. 183–198. ACM (2016)Google Scholar
- 11.Schnjakin, M., Korsch, D., Schoenberg, M., Meinel, C.: Implementation of a secure and reliable storage above the untrusted clouds. In: 2013 8th International Conference on Computer Science and Education (ICCSE), pp. 347–353. IEEE (2013)Google Scholar
- 12.Souppaya, M., Scarfone, K.: Guide to enterprise telework, remote access, and bring your own device (BYOD) security. NIST Spec. Publ. 800, 46 (2016)Google Scholar
- 13.Sukmana, M.I., Torkura, K.A., Meinel, C., Graupner, H.: Redesign cloudraid for flexible and secure enterprise file sharing over public cloud storage. In: Proceedings of the 10th International Conference on Security of Information and Networks, pp. 3–10. ACM (2017)Google Scholar
- 15.Zhang, F., Kondoro, A., Muftic, S.: Location-based authentication and authorization using smart phones. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 1285–1292. IEEE (2012)Google Scholar