skip to main content
10.1145/2914642.2914648acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

A Context-Aware System to Secure Enterprise Content

Published: 06 June 2016 Publication History

Abstract

In this paper, we present an architecture and implementation of a secure, automated, proximity-based access control that we refer to as Context-Aware System to Secure Enterprise Content (CASSEC). Using the pervasive WiFi and Bluetooth wireless devices as components in our underlying positioning infrastructure, CASSEC addresses two proximity-based scenarios often encountered in enterprise environments: Separation of Duty and Absence of Other Users. The first scenario is achieved by using Bluetooth MAC addresses of nearby occupants as authentication tokens. The second scenario exploits the interference of WiFi received signal strength when an occupant crosses the line of sight (LOS). Regardless of the scenario, information about the occupancy of a particular location is periodically extracted to support continuous authentication. To the best of our knowledge, our approach is the first to incorporate WiFi signal interference caused by occupants as part of proximity-based access control system. Our results demonstrate that it is feasible to achieve great accuracy in localization of occupants in a monitored room.

References

[1]
F. Adib and D. Katabi. See through walls with wifi!, volume 43. ACM, 2013.
[2]
S. Aich, S. Sural, and A. K. Majumdar. Starbac: Spatiotemporal role based access control. In On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS, pages 1567--1582. Springer, 2007.
[3]
A. Anderson. Xacml profile for role based access control (rbac). OASIS Access Control TC committee draft, 1:13, 2004.
[4]
N. Baccour, A. Koubâa, L. Mottola, M. A. Zúniga, H. Youssef, C. A. Boano, and M. Alves. Radio link quality estimation in wireless sensor networks: a survey. ACM Transactions on Sensor Networks (TOSN), 8(4):34, 2012.
[5]
B. Balaji, J. Xu, A. Nwokafor, R. Gupta, and Y. Agarwal. Sentinel: occupancy based hvac actuation using existing wifi infrastructure within commercial buildings. In Proceedings of the 11th ACM Conference on Embedded Networked Sensor Systems, page 17. ACM, 2013.
[6]
M. Baldauf, S. Dustdar, and F. Rosenberg. A survey on context-aware systems. International Journal of Ad Hoc and Ubiquitous Computing, 2(4):263--277, 2007.
[7]
A. Banerjee, D. Maas, M. Bocca, N. Patwari, and S. Kasera. Violating privacy through walls by passive monitoring of radio windows. In Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks, pages 69--80. ACM, 2014.
[8]
S. Banerjee and V. Brik. Wireless device fingerprinting. In Encyclopedia of Cryptography and Security, pages 1388--1390. Springer, 2011.
[9]
E. Bertino, B. Catania, M. L. Damiani, and P. Perlasca. Geo-rbac: a spatially aware rbac. In Proceedings of the tenth ACM symposium on Access control models and technologies, pages 29--37. ACM, 2005.
[10]
M. Bocca, O. Kaltiokallio, and N. Patwari. Radio tomographic imaging for ambient assisted living. In Evaluating AAL Systems Through Competitive Benchmarking, pages 108--130. Springer, 2012.
[11]
R. Bruno and F. Delmastro. Personal Wireless Communications: IFIP-TC6 8th International Conference, PWC 2003, Venice, Italy, September 23-25, 2003. Proceedings, chapter Design and Analysis of a Bluetooth-Based Indoor Localization System, pages 711--725. Springer Berlin Heidelberg, Berlin, Heidelberg, 2003.
[12]
S. M. Chandran and J. B. Joshi. Lot-rbac: a location and time-based rbac model. In Web Information Systems Engineering--WISE 2005, pages 361--375. Springer, 2005.
[13]
L. C. C. Desmond, C. C. Yuan, T. C. Pheng, and R. S. Lee. Identifying unique devices through wireless fingerprinting. In Proceedings of the first ACM conference on Wireless network security, pages 46--55. ACM, 2008.
[14]
J. El-Sobhy, S. Zickau, and A. Kupper. Proximity-based services in mobile cloud scenarios using extended communication models. In Cloud Networking (CloudNet), 2015 IEEE 4th International Conference on, pages 125--131. IEEE, 2015.
[15]
D. Ferraiolo, D. R. Kuhn, and R. Chandramouli. Role-based access control. Artech House, 2003.
[16]
S. K. Ghai, L. V. Thanayankizil, D. P. Seetharam, and D. Chakraborty. Occupancy detection in commercial buildings using opportunistic context sources. In Pervasive Computing and Communications Workshops (PERCOM Workshops), 2012 IEEE International Conference on, pages 463--466. IEEE, 2012.
[17]
A. Gupta, M. S. Kirkpatrick, and E. Bertino. A formal proximity model for rbac systems. Computers & Security, 41:52--67, 2014.
[18]
S. K. Gupta, T. Mukheriee, K. Venkatasubramanian, and T. Taylor. Proximity based access control in smart-emergency departments. In Pervasive Computing and Communications Workshops, 2006. PerCom Workshops 2006. Fourth Annual IEEE International Conference on, pages 5--pp. IEEE, 2006.
[19]
D. Hardt. The oauth 2.0 authorization framework. 2012.
[20]
Y. Jiang, X. Pan, K. Li, Q. Lv, R. P. Dick, M. Hannigan, and L. Shang. Ariel: Automatic wi-fi based room fingerprinting for indoor localization. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pages 441--450. ACM, 2012.
[21]
M. S. Kirkpatrick and E. Bertino. Enforcing spatial constraints for mobile rbac systems. In Proceedings of the 15th ACM symposium on Access control models and technologies, pages 99--108. ACM, 2010.
[22]
M. S. Kirkpatrick, M. L. Damiani, and E. Bertino. Prox-rbac: a proximity-based spatially aware rbac. In Proceedings of the 19th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems, pages 339--348. ACM, 2011.
[23]
A. Larchikov, S. Panasenko, A. V. Pimenov, and P. Timofeev. Combining rfid-based physical access control systems with digital signature systems to increase their security. In Software, Telecommunications and Computer Networks (SoftCOM), 2014 22nd International Conference on, pages 100--103. IEEE, 2014.
[24]
M. Moreno, J. L. Hernandez, and A. F. Skarmeta. A new location-aware authorization mechanism for indoor environments. In Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on, pages 791--796. IEEE, 2014.
[25]
T. Moses et al. Extensible access control markup language (xacml) version 2.0. Oasis Standard, 200502, 2005.
[26]
B. C. Neuman and T. Ts' O. Kerberos: An authentication service for computer networks. Communications Magazine, IEEE, 32(9):33--38, 1994.
[27]
O. Oluwatimi, D. Midi, and E. Bertino. Overview of mobile containerization approaches and open research directions. Under submission, 2016.
[28]
J. Park and R. Sandhu. The ucon abc usage control model. ACM Transactions on Information and System Security (TISSEC), 7(1):128--174, 2004.
[29]
K. B. Rasmussen, C. Castelluccia, T. S. Heydt-Benjamin, and S. Capkun. Proximity-based access control for implantable medical devices. In Proceedings of the 16th ACM conference on Computer and communications security, pages 410--419. ACM, 2009.
[30]
T. Saelim, P. Chumchu, and T. Mayteevarunyoo. Design and performance evaluation of novel location-based access control algorithm using ieee 802.11 r. Journal of Convergence Information Technology, 10(4):33, 2015.
[31]
B. Shebaro, O. Oluwatimi, and E. Bertino. Context-based access control systems for mobile devices. Dependable and Secure Computing, IEEE Transactions on, 12(2):150--163, 2015.
[32]
M. Vossiek, L. Wiebking, P. Gulden, J. Wieghardt, C. Hoffmann, and P. Heide. Wireless local positioning. Microwave Magazine, IEEE, 4(4):77--86, 2003.
[33]
G. Wang, Y. Zou, Z. Zhou, K. Wu, and L. M. Ni. We can hear you with wi-fi! In Proceedings of the 20th annual international conference on Mobile computing and networking, pages 593--604. ACM, 2014.
[34]
W. Wang, A. X. Liu, M. Shahzad, K. Ling, and S. Lu. Understanding and modeling of wifi signal based human activity recognition. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, pages 65--76. ACM, 2015.
[35]
W. Wang, A. X. Liu, M. Shahzad, K. Ling, and S. Lu. Understanding and modeling of wifi signal based human activity recognition. In Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, pages 65--76. ACM, 2015.
[36]
Y. Wang, J. Liu, Y. Chen, M. Gruteser, J. Yang, and H. Liu. E-eyes: device-free location-oriented activity identification using fine-grained wifi signatures. In Proceedings of the 20th annual international conference on Mobile computing and networking, pages 617--628. ACM, 2014.
[37]
Q. Xu, R. Zheng, W. Saad, and Z. Han. Device fingerprinting in wireless networks: Challenges and opportunities. 2015.
[38]
F. Zafari, I. Papapanagiotou, and K. Christidis. Micro-location for internet of things equipped smart buildings. 2015.

Cited By

View all
  • (2023)ICMS: A Flexible Location-Based Access Control System for Mobile DevicesIEEE Systems Journal10.1109/JSYST.2022.320269817:1(1536-1547)Online publication date: Mar-2023
  • (2023)State of the art on quality control for data streams: A systematic literature reviewComputer Science Review10.1016/j.cosrev.2023.10055448(100554)Online publication date: May-2023
  • (2019)Context-Aware Authentication Using Co-Located Devices2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)10.1109/TrustCom/BigDataSE.2019.00048(304-311)Online publication date: Aug-2019
  • Show More Cited By

Index Terms

  1. A Context-Aware System to Secure Enterprise Content

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      SACMAT '16: Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies
      June 2016
      248 pages
      ISBN:9781450338028
      DOI:10.1145/2914642
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 06 June 2016

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. access control
      2. context awareness
      3. mobility
      4. security

      Qualifiers

      • Research-article

      Funding Sources

      • NSF

      Conference

      SACMAT 2016
      Sponsor:

      Acceptance Rates

      SACMAT '16 Paper Acceptance Rate 18 of 55 submissions, 33%;
      Overall Acceptance Rate 177 of 597 submissions, 30%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)4
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 26 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2023)ICMS: A Flexible Location-Based Access Control System for Mobile DevicesIEEE Systems Journal10.1109/JSYST.2022.320269817:1(1536-1547)Online publication date: Mar-2023
      • (2023)State of the art on quality control for data streams: A systematic literature reviewComputer Science Review10.1016/j.cosrev.2023.10055448(100554)Online publication date: May-2023
      • (2019)Context-Aware Authentication Using Co-Located Devices2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)10.1109/TrustCom/BigDataSE.2019.00048(304-311)Online publication date: Aug-2019
      • (2018)A Multi-Enterprise Containerization Approach with an Interoperable Position-Based SystemProceedings of the Eighth ACM Conference on Data and Application Security and Privacy10.1145/3176258.3176311(256-266)Online publication date: 13-Mar-2018

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media