Advertisement

Wireless Personal Communications

, Volume 97, Issue 3, pp 4587–4619 | Cite as

Spatial and Temporal Organization Based Access Control for Wireless Network as a Component of Security Requirements

  • Chaimaa BelberguiEmail author
  • Najib Elkamoun
  • Rachid Hilal
Article
  • 82 Downloads

Abstract

The standard wireless local area network is the technology of connecting computers and myriad electronic devices to each other and to the Internet. The three major benefits that Wi-Fi networks offer are; global accessibility, ease of communication and cost effective. In such infrastructures, there is no physical method to restrict a system in radio range to be a member of a wireless network. For this reason, the definition of a security policy is required and must be able to meet a range of requirements, including those related to access control. In this paper, we propose an application of the “organization based access control model” (OrBAC) in the context of Wi-Fi networks, a case study and a simulation for an organization “faculty”. The use of OrBAC with location and temporal constraints allows to control access to resources or services via wireless network, based on the requester’s role in the Organization, his location and the time of the access request. The proposed solution limits the possibilities of attacks because each user has only access rights allowing him to perform his tasks within the organization.

Keywords

Wi-Fi Security Access control OrBAC Spatial and temporal contexts 

References

  1. 1.
    Anzevui, J. (2006). Les réseaux sans fil. In Proj. Semest. Univ. Genève (Vol. 2007).Google Scholar
  2. 2.
    Ministre, P. (2013). Note technique, Recommandations de sécurité relatives aux réseaux Wi-Fi, 2013 (pp. 1–12).Google Scholar
  3. 3.
    Asip, S. (2014). Guide pratique spécifique pour la mise en place d’un accès Wifi. Mai 2014-V1.0 (pp. 1–12).Google Scholar
  4. 4.
    Fathy, M., Azer, M., Bahgat, M., & Yehia, A. (2013). Security access control research trends. In Wireless and mobile networking conference (WMNC), 2013 6th joint IFIP, 2013 (pp. 1–6).Google Scholar
  5. 5.
    Ferraiolo, D. F., & Kuhn, D. R. (2009). Role-based access controls. ArXiv Prepr. ArXiv09032171.Google Scholar
  6. 6.
    Hansen, F. & Oleshchuk, V. (2003). Application of role-based access control in wireless healthcare information systems. In Scandinavian conference in health informatics, 2003 (pp. 30–33).Google Scholar
  7. 7.
    Hansen, F., & Oleshchuk, V. (2003). Spatial role-based access control model for wireless networks. In Proceedings of the 58th IEEE vehicular technology conference (VTC’03), 2003 (Vol. 3). IEEE Computer Society.Google Scholar
  8. 8.
    Tomur, E., Deregozu, R., & Genc, T. (2006). A wireless secure remote access architecture implementing role based access control: WiSeR. In Proceedings of world academy of science, engineering and technology.Google Scholar
  9. 9.
    Tomur, E., & Erten, Y. M. (2006). Application of temporal and spatial role based access control in 802.11 wireless networks. Computers & Securit, 25(6), 452–458.CrossRefGoogle Scholar
  10. 10.
    Chen, H. C. (2015, September). A negotiated virtual role solution in RBAC scheme for group-based heterogeneous wireless networks. In Network-Based Information Systems (NBiS), 2015 18th International Conference on IEEE (pp. 146–150).Google Scholar
  11. 11.
    Kalam, A. A. E., Baida, R. E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., & Trouessin, G. (2003). Organization based access control. In IEEE 4th international workshop on policies for distributed systems and networks, 2003. Proceedings. POLICY 2003 (pp. 120–131).Google Scholar
  12. 12.
    Ouaddah, A., Bouij-Pasquier, I., Abou Elkalam, A., & Ouahman, A. A. (2015). Security analysis and proposal of new access control model in the internet of thing. In 2015 international conference on electrical and information technologies (ICEIT) (pp. 30–35).Google Scholar
  13. 13.
    Preda, S., Cuppens, F., Cuppens-Boulahia, N., Garcia-Alfaro, J., & Toutain, L. (2011). Dynamic deployment of context-aware access control policies for constrained security devices. Journal of Systems and Software, 84(7), 1144–1159.CrossRefGoogle Scholar
  14. 14.
    Strassner, J. (2004). Policy-based network management: Solutions for the next generation. Amsterdam: Morgan Kaufmann Publishers.Google Scholar
  15. 15.
    Autrel, F., Cuppens, F., Cuppens-Boulahia, N., & Coma, C. (2008). MotOrBAC 2: A security policy tool. In 3rd conference on security in network architectures and information systems (SAR-SSI 2008) (pp. 273–288), Loctudy, France.Google Scholar
  16. 16.
    Bertino, E., Catania, B., Damiani, M. L., Perlasca, P. (2005). GEO-RBAC: A spatially aware RBAC. In SACMAT’05: Proceedings of the tenth ACM symposium on Access control models and technologies (pp. 29–37). New York: ACM Press.Google Scholar
  17. 17.
    Ray, I., Kumar, M., Yu, L. (2006). LRBAC: A location-aware role-based access control model. In Proceedings of the 2nd international conference on information systems security (pp. 147–161), Kolkata, India.Google Scholar
  18. 18.
    Bertino, E., Catania, B., Damiani, M. L., Perlasca, P. (2005). GEO-RBAC: A spatially aware RBAC. In SACMAT’05: Proceedings of the tenth ACM symposium on access control models and technologies (pp. 29–37). New York: ACM Press.Google Scholar
  19. 19.
    Joshi, J. B. D., Bertino, E., Latif, U., & Ghafoor, A. (2005). A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering, 17(1), 4–23.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  • Chaimaa Belbergui
    • 1
    Email author
  • Najib Elkamoun
    • 1
  • Rachid Hilal
    • 1
  1. 1.STIC LaboratoryChouaib Doukkali UniversityEl JadidaMorocco

Personalised recommendations