Abstract
In recent years, the rapid development of mobile Internet services has greatly increased the complexity of network interaction. In the mobile Internet scenario, there are higher requirements for the dynamic and fine-grained access control. However, the existing access control strategy is mainly based on static access control mechanism, which cannot meet its needs. For this reason, this paper proposes a mobile internet access control strategy based on trust perception, which improves the outstanding problems of traditional access control methods such as not supporting dynamic authorization and coarse-grained. This strategy combines the advantages of both the role-based access control (RBAC) model and the attribute-based access control (ABAC) model. And introduce comprehensive trust evaluation to quantify user trust, and realize dynamic authorization and fine-grained access control based on trust perception. User trust consists of two parts: attribute trust and historical trust. Attribute trust is derived based on the user's attributes, and historical trust is calculated based on the user's historical access behavior. Finally, this article simulates the two most common attack methods, bleaching attack and betrayal attack. Comparative experiments show that the method proposed in this paper has better ability to resist bleaching attacks and betrayal attacks.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
QuestMobile China Mobile Internet 2021 Semi-Annual Report (2021). https://www.questmobile.com.cn/research/report-new/164. (in Chinese)
Ferraiolo, D., Cugini, J., Kuhn, D.R.: Role-based access control (RBAC): features and motivations (1995)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services IEEE, pp. 569–572 (2005)
Barkha, P., Sahani, G.: Analysis of various RBAC and ABAC based access control models with their extension. Int. J. Eng. Develop. Res 5(2), 487–492 (2017)
Feng, T., Pei, H., Ma, R., Tian, Y., Feng, X.: Blockchain data privacy access control based on searchable attribute encryption. Comput. Mater. Continua 66(1), 871–890 (2021)
Li, L., Xu, C., Yu, X., Dou, B., Zuo, C.: Searchable encryption with access control on keywords in multi-user setting. J. Cyber Secur. 2(1), 9–23 (2020)
Rajkumar, V., Prakash, M., Vennila, V.: Secure data sharing with confidentiality, integrity and access control in cloud environment. Comput. Syst. Sci. Eng. 40(2), 779–793 (2022)
Aftab, M., Qin, Z.: The evaluation and comparative analysis of role based access control and attribute based access control model. In: 15th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP), pp. 79–81 (2018)
Narayana, D.V.S., Kumar, P.V.: Control of data centric through RBAC in clouds. Int. J. Innovat. Eng. Manage. Res. 8(5), 273–279 (2019)
Kuhn, D.: Adding attributes to role-based access control. Computer 43(6), 79–81 (2010)
Coyne, E., Weil, T.R.: ABAC and RBAC: scalable, flexible, and auditable access management. IT Professional 15, 14–16 (2013)
Ullah, I., Zahid, H., Khan, M.A.: An access control scheme using heterogeneous signcryption for IoT environments. Comput. Mater. Continua 70(3), 4307–4321 (2022)
Xin, J., Sandhu, R., Krishnan, R.: RABAC: role-centric attribute-based access control. In: Proceedings of the 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security: Computer Network Security, vol. 7531, pp. 84–96 (2012)
Thakare, A., Lee, E., Kumar, A., Nikam, V.B., Kim, Y.G.: PARBAC: priority-attribute based RBAC model for azure IoT cloud. IEEE Internet Things J. 7(4), 2890–2900 (2020)
Cai, T., Jian, Z., Xing, D.: A hybrid attribute based RBAC model. Int. J. Secur. Applicat. 9(7), 317–328 (2015)
Xiong, H.R., Chen, X.Y., Fei, X.F., Gui, H.R.: Hybrid extended access control model based on attributes and RBAC. Comput. Applicat. Res. 33(7), 2162–6169 (2016)
Singh, M.P., Sural, S., Vaidya, J., Atluri, V.: Managing attribute-based access control policies in a unified framework using data warehousing and in-memory database. Comput. Secur. 86, 183–205 (2019)
Singh, M.P.: A role-based administrative model for administration of heterogeneous access control policies and its security analysis. Inf. Syst. Front. 1–18 (2021)
R, N., Raj, D.P.: Enhanced trust based access control for multi-cloud environment. Comput. Mater. Continua 69(3), 3079–3093 (2021)
Chakraborty, S., Ray, I.: TrustBAC: integrating trust relationships into the RBAC model for access control in open systems. In: Proceedings of the ACM Symposium on Access Control Models & Technologies. lake Tahoe, vol. 18, no. 37, pp. 49–58 (2016)
Liu, W., Duan, H.X., Zhang, H., Ren, P., Wu, J.P.: TRBAC: trust-based access control model. Comput. Res. Dev. 48(8), 1414–1420 (2011)
Shao, J.Y., Chen, F.Z., Qin, P.Y., Chen, J.J.: Research on access control method based on dynamic trust value in mobile internet environment. Inf. Netw. Secur. 30(8), 46–53 (2016)
Kang, K.: Research on Access Control Model in Mobile Environment. Xi’an University of Science and Technology, China (2018)
Liu, H.Y., Yan, J.Z., Ma, J.F.: A fine-grained RBAC access control model framework based on credibility. J. Communicat. 30(1), 51–57 (2009)
Funding
This work is supported by the science and technology project of State Grid Corporation of China Funding Item: “Research on Dynamic Access Authentication and Trust Evaluation Technology of Power Mobile Internet Services Based on Zero Trust” (Grand No. 5700-202158183A-0-0-00).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Ethics declarations
The authors declare that they have no conflicts of interest to report regarding the present study.
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, L. et al. (2022). Mobile Internet Access Control Strategy Based on Trust Perception. In: Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2022. Lecture Notes in Computer Science, vol 13340. Springer, Cham. https://doi.org/10.1007/978-3-031-06791-4_47
Download citation
DOI: https://doi.org/10.1007/978-3-031-06791-4_47
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06790-7
Online ISBN: 978-3-031-06791-4
eBook Packages: Computer ScienceComputer Science (R0)