Supporting Internet-Based Location for Location-Based Access Control in Enterprise Cloud Storage Solution

  • Muhammad I. H. SukmanaEmail author
  • Kennedy A. Torkura
  • Hendrik Graupner
  • Ankit Chauhan
  • Feng Cheng
  • Christoph Meinel
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 926)


The emergence of the Internet allows the enterprise to implement telework policy in order for the employee to work and access company file anytime, anywhere. But it raises the challenge for the enterprise to enforce physical access control on enterprise’s files to the employee outside the enterprise network. One of the solutions for the enterprise to enforce physical access control of its files is implementing location-based access control (LBAC) model to allow the employee to access a file at the pre-determined location. We propose an extension of the LBAC model to include Internet-based location as an input for location constraint used for the access control decision and authorization where Internet-connected device is mapped into a physical location using the IP geolocation method. Our approach could be used as an alternative user’s location determination and location verification methods, especially for mobile devices with minimum self-geolocation capability. We implement our proposal into proof-of-concept enterprise cloud storage solution called CloudRAID for Business (CfB) by combining Internet-based geolocation service, delay-based measurement technique, and open source information. Our evaluation’s result shows that our implementation is able to grant user access control of the system once the user’s location is in the pre-determined location.


Location-based access control Internet-based geolocation Delay-based measurement GPS WiFi access points Enterprise cloud storage system 



We would like to thank Bundesdruckerei GmbH for the support of this paper. We also would like to thank Lasse Jahn, Marco Schaarschmidt, Kerstin Andree, and Niklas Dornick for their help developing the prototype of our approach.


  1. 1.
    Ardagna, C.A., Cremonini, M., Damiani, E., di Vimercati, S.D.C., Samarati, P.: Supporting location-based conditions in access control policies. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 212–222. ACM (2006)Google Scholar
  2. 2.
    Baracaldo, N., Palanisamy, B., Joshi, J.: Geo-social-RBAC: a location-based socially aware access control framework. In: International Conference on Network and System Security, pp. 501–509. Springer (2014)Google Scholar
  3. 3.
    Choi, M., Lee, J., Kim, S., Jeong, Y.S., Park, J.H.: Location based authentication scheme using ble for high performance digital content management system. Neurocomputing 209, 25–38 (2016)CrossRefGoogle Scholar
  4. 4.
    Decker, M.: Requirements for a location-based access control model. In: Proceedings of the 6th International Conference on Advances in Mobile Computing and Multimedia, pp. 346–349. ACM (2008)Google Scholar
  5. 5.
    Gharaibeh, M., Shah, A., Huffaker, B., Zhang, H., Ensafi, R., Papadopoulos, C.: A look at router geolocation in public and commercial databases. In: Proceedings of the 2017 Internet Measurement Conference, pp. 463–469. ACM (2017)Google Scholar
  6. 6.
    Gueye, B., Ziviani, A., Crovella, M., Fdida, S.: Constraint-based geolocation of internet hosts. IEEE/ACM Trans. Netw. (TON) 14(6), 1219–1232 (2006)CrossRefGoogle Scholar
  7. 7.
    Kirkpatrick, M.S., Ghinita, G., Bertino, E.: Privacy-preserving enforcement of spatially aware rbac. IEEE Trans. Dependable Secure Comput. 9(5), 627–640 (2012)Google Scholar
  8. 8.
    Konstantinidis, A., Chatzimilioudis, G., Zeinalipour-Yazti, D., Mpeis, P., Pelekis, N., Theodoridis, Y.: Privacy-preserving indoor localization on smartphones. IEEE Trans. Knowl. Data Eng. 27(11), 3042–3055 (2015)CrossRefGoogle Scholar
  9. 9.
    Lenders, V., Koukoumidis, E., Zhang, P., Martonosi, M.: Location-based trust for mobile user-generated content: applications, challenges and implementations. In: Proceedings of the 9th Workshop on Mobile Computing Systems and Applications, pp. 60–64. ACM (2008)Google Scholar
  10. 10.
    Padmanabhan, R., Dhamdhere, A., Aben, E., Spring, N., et al.: Reasons dynamic addresses change. In: Proceedings of the 2016 Internet Measurement Conference, pp. 183–198. ACM (2016)Google Scholar
  11. 11.
    Schnjakin, M., Korsch, D., Schoenberg, M., Meinel, C.: Implementation of a secure and reliable storage above the untrusted clouds. In: 2013 8th International Conference on Computer Science and Education (ICCSE), pp. 347–353. IEEE (2013)Google Scholar
  12. 12.
    Souppaya, M., Scarfone, K.: Guide to enterprise telework, remote access, and bring your own device (BYOD) security. NIST Spec. Publ. 800, 46 (2016)Google Scholar
  13. 13.
    Sukmana, M.I., Torkura, K.A., Meinel, C., Graupner, H.: Redesign cloudraid for flexible and secure enterprise file sharing over public cloud storage. In: Proceedings of the 10th International Conference on Security of Information and Networks, pp. 3–10. ACM (2017)Google Scholar
  14. 14.
    Zandbergen, P.A., Barbeau, S.J.: Positional accuracy of assisted GPS data from high-sensitivity gps-enabled mobile phones. J. Navig. 64(3), 381–399 (2011)CrossRefGoogle Scholar
  15. 15.
    Zhang, F., Kondoro, A., Muftic, S.: Location-based authentication and authorization using smart phones. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 1285–1292. IEEE (2012)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Muhammad I. H. Sukmana
    • 1
    Email author
  • Kennedy A. Torkura
    • 1
  • Hendrik Graupner
    • 1
  • Ankit Chauhan
    • 2
  • Feng Cheng
    • 1
  • Christoph Meinel
    • 1
  1. 1.Hasso-Plattner-Institute (HPI)University of PotsdamPotsdamGermany
  2. 2.GroovyTekCentennialUSA

Personalised recommendations