A Dynamic Context-Aware Access Control (CAAC) System Jagadamba G1,∗ and Dr. B Sathish Babu2 1
Assistant Professor, Department of Information Science and Engineering, 2 Professor, Department of Computer Science and Engineering, Siddaganaga Institute of Technology (Autonomous), Tumkur-03, karnataka, India. e-mail:
[email protected],
[email protected]
Abstract. Most of the access control systems are subjective and non context aware in nature with similar security issues in all. When the security issue comes, the system should be context-aware to include ubiquity and mobility. The proposed system considers the appropriate contextual information with minimum user interaction and adapts autonomously to provide appropriate service for a user. The system gathers the context information, analyzes and processes the changes in authorization if desired and reduces the burden of monitoring the system load. The proposed system is capable and intelligent in exploring the requirement of a user by safeguarding a user's privacy in the computing environment. The system also suggests the different procedures while selecting the contextual information from the user who regularly interact with the system. Keywords:
Context-aware, Authentication, Authorization.
1. Introduction The Context Aware System is all about providing the Right Information, at the Right Time, in the Right Place, in the Right Way, to the Right Person [1]. These systems differ from our traditional systems by including the characteristic of heterogeneity, artificial intelligence, high complexity and cost effective. Context has been classified as: terminal context, user context and communication network context. For any given services, systems or applications, these classes can be combined as required and this restriction does not have any effects on the general definition of context. The proposed system considers user context and device context for his analysis and decisions. The term context-awareness in ubiquitous computing was introduced by Schilit in 1994 [2] and referred as a source that computers can both sense, and react based on their environment. Devices may have information about the circumstances under which they are able to operate and based on rules, or on intelligent stimulus, and react accordingly. But access control models[20] defines how the system enforces access of subjects (such as users, computers, applications, and so on) to objects (such as computers, files, directories, applications, servers, and devices) and are categorized in to: the discretionary access control model, the mandatory access control model, and the role-based access control model. The role based access control model is static and not with subject to object. Hence we are stimulated to consider the context in providing a dynamic access control to the changing environment. Thus we considered to design a centralized context aware access control model where a single, central entity makes access control decisions and manages the access control. 1.1 Need of security requirements in context-aware system Concepts like pervasive computing or ubiquitous computing rely on contextual information in order to personalize services provided to their end users. The context aware computing system [9,14] instructs to the security challenges which include authentication, authorization, access control, integrity, confidentiality and availability. The proposed CAAC system concentrates on two risk factors like authentication and authorization. Authentication: Authentication refers to the verification of the user's identity. Where it can be: what you know, what you are or what you have.
© Elsevier Publications 2013.
1
Authorization: After declaring identity at the authentication stage, a user is assigned a set of authorizations which are referred as rights, privileges, or permissions that define what they can do with the resources. These authorizations are defined by the system security policy and are set by the security or system administrator. In the proposed system the privileges like "permi t everything" and "permit anything in between" are considered for user types and may change accordingly to their context. The authentication and authorization stages lead to access control without extracting much user private information. The proposed system uses the rich contexts like location, time, IP Address, MAC, reputations of past and present to authenticate and authorize for accessing resources. Our responsibility depends upon an ability to secure these. These overwhelming problems motivated us in proposing a new dynamic context aware access control system. 1.2 Techniques to secure context-aware system The context aware system should be aware of how much data has to be shared, when and how to integrate the context information. We need a well defined technique to secure these and are challenging tasks for the proposed system. Theses security techniques are provided through appropriate accounting of contextual information. Each and every context data are stored either in a logger or database for accountability. The accounted data helps in providing as a past behavior. The techniques are implemented while sharing through conversion of context data into some numerical values. The representation of numerical values misguides the intruders or malicious user while accessing. These numerical values are defined as checksums and only distributed in the central processing unit. 1.3 About proposed system By identifying the need of security issues and technique in context aware system, the proposed system identifies itself as unique from other access control systems. The accountability technique in the system gets the required data while authenticating the user. The system looks for the user's context and changes to the suitable access control levels if desired. Where the system defines a mechanism and processing stages of determining the user request to access or deny. The permission to control is associated with a user context {User type, location, time}. Example1: Let us consider an organization, which has set a static security policy for accessing the resource depending on the roles the user is playing in the organization and the user access policy will not change in any context. These types of polices block access to some resources completely to avoid miscellaneous use which creates more traffic and leads to imbalance system load. But blocking these resources may hamper some of the work of the organization which may be crucial to use.
In the above example there is a need to identify the user requirement by extracting the context information and adapt the changes in an authorization. So an access control system should be dynamic in nature to identify a user requirement in that context. Meaning a user is belonging to some user type1 at some time t i may belong to some other user type at time Δti depending upon the request and context of the user. The proposed CAAC system works on these, by developing a proactive centralized monitoring system which acts like a context server[8] by acquiring and managing the context information for interpreting and making decisions about context and access permission. The paper is organized as follows: Section 2, discuss about related works in the area of context aware models, section 3 highlights on the proposed CAAC system, section 4 discuss the results and testing and section 5 concludes with future work.
2. Related Works The Role-based Access Control (RBAC)[3] began with multi-user and multi- application on-line systems pioneered in 1970s. The RBAC grants the access permissions based on the roles and various job functions in an organization. The roles for the users can be assigned or reassigned or granted new permissions as new applications and systems are incorporated on their responsibilities and qualifications. RBAC was expanded by providing a more versatile and more expressive framework that incorporates the use of environment and object roles by using the uniform notion of a role to capture user, environmental and resource attributes. This model [4] allows for the definition of context-aware security policies for roles and makes it easy to define and understand complex security policies. A key security challenge in Context-Aware Access Control Model (CAACM) [5] was to design an effective access control model which is aware of context modifications and change authorizations when context get changed. But Roman et al[6] defined a generic context-based software architecture for physical spaces, so-called Gaia. Physical space was a geographic region with limited and well defined boundaries containing physical objects,
© Elsevier Publications 2013.
2
heterogeneous networked devices, and users performing a range of activities. This model uses context of first order logic and boolean algebra, which allowed them to describe easy rules. Cerberus is another framework which included context-aware identification, authentication and access control and reasoning about context but the process was complicated to implement. Kerberos authentication and Gaia [7, 10] respectively focuses on user's identification via user's context information such as fingerprint, voice and face recognition. The Kerberos authentication [11] proposed the process to enable activation or deactivation of roles assigned to a user depending on his/her context. But the system is not concerned for providing some sort of service to a user instead of completely avoiding the access. So these things give an insight to work with access control by adopting the user context and motivated to implement a dynamic access control in the changing context.
3. Context-Aware Control System This section describes about the architecture and working model of the proposed system. 3.1 Architecture The proposed system architecture is given in fig1. The architecture is divided into three units: User context unit, Allocator unit and Validation unit. The user context unit contains all the user's devices like laptop, tabletop PCs, tablets or smart phones, which have registered in the central system maintained in the organization. The user access to the web services are defined through local procedures by identifying the location of these devices either by IP Address or through MAC. Allocator unit manages to define certain credential of context and processing for accessing the resources for the individual. Validation unit is responsible for verifying the authentication and authorization of a user. It extracts all the necessary data from the Allocator unit to act for the required changes. In the process of identification, the Validation unit is responsible for the following tasks.
Receiving request along with contextual information from the user. Processing of all the requests. Converting context information into appropriate formats. Sending request to a database to get threshold values. Receiving the results of the above queries from the database. Checking whether the user is authorized to use the resource. Sending response to the user.
Fig.1. System Architecture of context-aware access control
Fig.2. Process change
The proposed system uses few types of profile data [13] are as follows: User Profile: It is the predefined ''user type''. For example user type may be a student, researcher, guest, teaching faculty, non teaching faculty, administration staff or administration officer’s permanent details while registering to the system. Explicit Profile: This contains the explicit user data collected from past accessing. For example an User-Id/username, password, accessed web services, log details, mobility with the user and device, time and date of log, last level defined. This profile is used to customize and synchronized for future analysis. Implicit Profile: It is the set of all data objects within a system and includes processed user profile and explicit profile data of users for new validations. For example the identified user with his past accessed data.
3.2 Working of the proposed System
© Elsevier Publications 2013.
3
This section describes the working of the proposed CAAC system. Here a user was identified with the user type defined permanently at the time of registering him/her in the central processing system. The user type is authenticated using the regular authentication methodologies like Username, User-Id, PIN etc. and authorized to access the resources under his privilege. The whole process of dynamic change in access control depends on the user context. These changes are identified through the training and retraining process of a user shown in fig.2. The training stage starts with the identification of a user type, where user type is associated with user-Id and privileges. The User-Id and privilege levels become a token of identification of the user type. The User-Id and privilege levels are converted into the ASCI values before proceeding to find a user type to make our calculation easy. The user type for a user U with privilege levels are identified from eqn.(1). Subsequently whenever the user logs from his/her device in the campus, he/she is identified through this user type. User type=UID × pi
(1)
The user has been classified into five user type for our identification purpose. Where the first level of user type will be the students of undergraduate, second level of user type will be postgraduate level students, third level of user type will be the research scholars or faculty members, fourth level of user type will be staff heading some important positions and finally the fifth user type will be the administration officer or head of the institute. The higher the number of user type, higher the privileges. In the same context, privilege values also range from 1 to 5. The first level of privilege have the resources like educational related sites with some download capacity like 2Mbps, Second privilege will include all the resources of first level with technical resources with download capacity of 4Mbps, third privilege level will have all the resources of second with scientific related resources with a download capacity of say 6Mbps, and the fourth level of privileges have all the resources of third level with commercial resources download capacity of about 8Mbps, and the fifth level of privilege don't have any restriction on the resources and download capacity. The whole process of collecting the contextual information for retraining is done by finding the priority with contextual information and fixing the thresholds for accessing each resource. The system process its access control through the following modules. Database: Usually the non web services-based context-aware systems in(2005) [12] uses relational databases to store context information. The database is used for storing all the relevant user data and threshold information necessary for analysis and decision making. The database receives the queries from the validation unit, execute them and return the corresponding results back to the validation unit. Formatter: This module converts the heterogeneous context information into predefined format called Checksum. These received checksums are used in an allocator and assigner by converting them into integer values in the scale of 0-25. Representation in numerical values helps in easy processing of contextual information while sending the data for training and retraining stages. Logger: The whole process of access control is provided by considering the context information. Context information is extracted pertaining to a user and sent to the formatter for further analysis. Before the context data are transferred to formatter, logger process the profile data as mentioned in sec.(3.1). The user profile is extracted from the user device and explicit user profile data from allocator. The logger summarizes both the profile data to prepare an explicit user profile and sent to the formatter for further processing. Assigner: This module is designed for assigning the priority for different contextual information. This contextual information is retrieved from the user device with the request message. Contextual information is assigned a priority level ranging from 1 to 5 as shown in the table.(1). Where 1 represents a lesser priority level and 5 represents a higher priority level and considered in the same format. Theses priority levels are represented in numerals from 1 to 5. The contextual values with priority is defined as a Checksum(CS) for validation and verification. Before we proceed further, let us consider an example 2 which builds the required scenario for our CAAC system. Example 2: let us consider a user is an undergraduate student trying to download any software or videos from his project lab on some date Dec 25th. But according to the access control policy the student belongs to user type1 and don't have the privilege of accessing theses commercial resources. At this situation the context aware system extracts the contextual information related to the user and requesting resource. The system identifies the location of the user as project lab through an IP or MAC. The assigner has a priority level of 4 out of 5 for the project lab and the date and time context has a priority value of 4 out of 5. The combination of theses context checksum values provides a good context values to upgrade the user type to higher level as per the allowable threshold values mentioned in allocator module. At the same time the past history of data also says that, he/she is involved in some research or proactive development work or activities. After identifying this contextual information, training the request for some time interval is required for better analysis. Then the system changes the user type to a new user type in that session temporarily. After completion of the session or if he/she becomes idle for some interval of time, the system is intellect to find that the user is not active in his research work and is able to change the new user type to his predefined permanent user type.
Keeping the above scenario in mind, let us consider Ci and Cj as context data related to a user while requesting for the resource. Where Ci may be location extracted as IP address or a MAC and Cj may be the date and time of the request.
© Elsevier Publications 2013.
4
The combination of these context types can be used or considered as required. These two are enough to verify the considerable change in a user type. The checksum of change detection of user type CS CD is calculated to find what level of change is required from eqn.(2). Whenever the system predicts this change in a user type, the data regarding the change are stored in the logger as past historical data. CSCD = User type×∑Ci,Cj (2) CSRi=Pi× Ri× CSCD
(3)
Allocator: This module verifies the new access permission for a user by collecting the resource R i from the user device. Each and every user is having a set of resources in his privilege and a new resource will be allotted by calculating the dynamic threshold T. The threshold for the new resource are either 0 or 1, where 0 represents resource with high priority and 1 represents a resource with low priority. The threshold value of the individual resource is identified and stored in the logger. The allowable threshold values should be between upper TU(σ +µ) and lower threshold TL(σ-µ).These upper and lower threshold are determined form the resource through standard deviation and mean from eqn.(4) and eqn.(5) respectively. The input to these is the captured value 'y', where 'yi' is for the specific resource among N types. These values are stored in a database as a supporting value while taking the decision with the resources. We require a checksum for serving the resources R 1, R2, R3......Rn in the priority level P1, P2, P3 ......... Pn from eqn.(3). The checksum value from eqn.(2) is validated with the checksum of eqn.(3)and forms a good context data for validation and verification. (4)
(5) The whole analysis depends on how much time has to be considered before allocating to a new user type. In this regard, let us consider a short interval in which number of requests may be x n, with the proportional fraction value t i, where i having the values from 1 to 1440 min(24*60). The different time intervals required for the user U i are found from eqn.(6). ti = xi/min (6) The total time interval t0 for the N entries acts for the past behavior from eqn.(7). Where the total number of N entries in the database required for the interval =N/5( total number of user types and resource type are 5).The checksum for total time interval CSto for the user type using eqn.(8) is calculated and sent to validation unit for deciding issues of resource based on the flags sent by the allocator. These mathematical functions will act as a behavior of the user with a suitable priority from table.1. These extracted context checksum values are overwritten with an old context value by sending back to the logger for validation unit decision. To = ti*(N/5) (7) CSti = ti+ Usertype (8) The overall checksum is found by the formatter for the respective user through eqn.(8) and eqn.(3). A final checksum CSf from eqn.(9) are considered promoting the user to a higher level. Thus a new user type is authenticated in the validation unit with allowable threshold and forwards the access without any interruption or interaction with the user, if not validation unit responses with a suitable message. These procedures made the access control system dynamic in nature to work with the user context. CSf= CSRi + CSti (9)
4. Testing and Results The testing of the proposed system was validated for its efficiency and working. It includes the parameter of its subject to evaluate the system efficiency by discovering the total time required to process the request through integrating test. The system was tested by assuming for ideal conditions by neglecting the occurrence of faults in the network and the system. Through the integration test we are able to get good response time of about 36msec in comparison with similar system [11], which was about 40msec. The system provides evidence that the analysis will be efficient and better if we consider more entries in the log and is shown in the fig.3. From this we are able to determine that the system is efficient in determining a good context aware access control to the user request at any time in an organization without consuming any extra time in evaluating the status with different variable conditions of context. The system was defined to be a light weighted even though we consider the dynamic context for a dynamic access control. While conducting the experiments, we are able to analyze that, the proposed system is adoptable to the following characteristics: Application domain: The proposed system is able to adapt to the specific application or for general. Organization type: The system is deplorable in single or multiple organizational environments. System type: This type defines to be a framework or application, but the frame work forms an analysis part and verified in an application domain, which are mobile in nature. Mobility support: Service is accessed at any location of the organization with any type of mobile devices. Level of service implemented: Partial implementation of design refers to designing for some specific resources, devices,
© Elsevier Publications 2013.
5
environment etc., but the proposed system included all types of resource access and devices. According to our knowledge we are able to define that our proposed CAAC system can be implemented in a high level service. Context Information
Type
Location
Canteen ,Recreation club, stadium and lawn Class rooms, Laboratory Faculty Chambers, research lab and Project lab Heads Chamber and Dreams Principal office, Placements office and administration office Aug. and Feb. Sep. Mar. Oct., Nov., April, and May Dec., and June July and Jan Educational Educational and Technical Educational, Technical and Scientific Educational, Technical, Scientific and Commercial Educational, Technical, Scientific, Commercial and Entertainment
Date and Time
Resources
Fig. 3. Evidence for comparing the tuples closeness
Level of Priority 01 02 03 04 05 01 02 03 04 05 01 02 03 04 05
Table 1. Priority Levels
5. Conclusion A good identification procedure for authentication and authorization using multiple context information strengthens the access control in the system. The verification of checksum provides a better validation process by combining the user type, resource, location, time and past historical data. All these identification tokens determine a good changing level through training and retraining process. The system itself is dynamic, proactive and versatile in providing a controlled access within a context-aware environment without affecting the privacy of the user. The less sensitive context information is used without any extra burden for a user as well for the system in defining the changes in an access control. Quite often many times context is associated with other security parameter like trust. In our future works we are intending to adopt a trust based context-aware access control in the system, as trust enhances the action of the new entity in deciding the activity of the user request.
References [1] Sareh Sadat Emami, MortezaAmini and SaadanZokaei, A Context-Aware Access Control Model for Pervasive Computing Environments,In the proceeding of tnternational conference on ’Intelligent PervasiveComputing’, 2007. [2] A. Dey and G. Abowd, Towards a better understanding of context and context-awareness, Proceedings of the Workshop on the What, Who, Where, When and How of Context-Awareness, affiliated with the CHI 2000 Conf. on Human Factors in Computer Systems, New York,2000. [3]Schilt B, Theimer m, Disseminating active map information to mobile hosts, IEEE, Neyork, 1994. [4] A. Schmidt, K. Aidoo, A. Takaluoma, U. Tuomela, K. Van Laerhoven and W. Van de Velde, Advanced Interaction in Context, 1th International Symposium on Handheld and Ubiquitous Computing (HUC99), Lecture notes in computer science, vol. 1707, Springer, 1999. [5] M. L. Wullems Chris and A. Clark, Toward context-aware security: an authorization architecture for intranet environments,ACM press, Newyork,2004. [6] N. Ryan, J. Pascoe and D. Morse, Enhanced reality fieldwork, the context-aware archaeological assistant, In Gaffney, V. Et al. (Eds.) Computer Applications in Archaeology, 1997. [7] Gerhard Fischer, Context-Aware Systems-The ’Right Information’, at the ’Right Time’, in the ’Right Place’, in the ’Right Way’, to the ’Right Person’ , Center for Life Long Learning and Design (L3D) Department of Computer Science and Institute of Cognitive Science University of Colorado, Boulder USA,2012. [8] B. C. Neuman and T. Ts’o., Kerberos: An authentication service for computer networks, Published in 15th IEEE Computer Security Foundations magazine, Volume 32, Number 9, pages 33-38, September 1994. [9] Karen Henricksen and Jadwiga Indulska. Developing context-aware pervasive computing applications: Models and approach. Journal of Pervasive and Mobile Computing, volume 2(1), pages 37-64. Elsevier, February 2006. [10] Thomos R Peltier, Justin Peltier and Jofn Blackley, Information secuiryt fundamentals, CRC press,ISBN 0-203-48865-2, 2005. [11] Campbell and K. Nahrstedt, Gaia: A middleware infrastructure to enable active spaces, In IEEE Pervasive Computing, pp. 74-83, Oct 2002. [12] Michael J. covingtony, Prahlad Fogla, Zhiyuan Zhan, Mustaquae Ahmad, A context-aware security architecture for emerging applications, in the procedings of 18th international conference of Anual Computer Security Applications, IEEE, 1063-9527/02, 2002 [13] Hong-Linh Truong and Schahram Dustdar,A survey on context-aware web service systems, International Journal of Web Information Systems Vol. 5 No. 1,pp. 5-31 ,Emerald Group Publishing Limited 1744- 0084,2009 [14] Junzhe Hu and Alfred C. Weaver, Dynamic, Context-Aware Access Control for Distributed Healthcare Applications, In the proceeding of conference on Pervasive Security, Privacy and Trust (PSPT2004), Boston, MA, August 2004 [15] Saad Almutairiri, hamza Aldabbas and Ala Abu Samaha, Review on seciruty related issues in context aware system, International journal of wireless and mobile networks, vol 4, No 3, June 2012. [16] A. S. Patrick, A.C. Long and S. Flinn, HCi and security system, proceeding of workshops at CHI, USA, 2003
© Elsevier Publications 2013.
6
