Enhancing Network Security in Mobile Applications with Role-Based Access Control

  • Ezichi Mpamugo Akwa Ibom State University, Nigeria
  • Godwin Ansa Akwa Ibom State University, Nigeria
Keywords: Role-Based Access Control (RBAC), OAuth 2.0, Network Security Access Management, Multi-Factor Authentication, Authorization Protocols

Abstract

In today's dynamic networking environment, securing access to resources has become increasingly challenging due to the growth and progress of connected devices. This study explores the integration of Role-Based Access Control (RBAC) and OAuth 2.0 protocols to enhance network access management and security enforcement in an Android mobile application. The study adopts a waterfall methodology to implement access control mechanisms that govern authentication and authorization. OAuth 2.0, a widely adopted open-standard authorization framework, was implemented to secure user authentication by allowing third-party access without exposing user credentials. Meanwhile, RBAC was leveraged to streamline access permissions based on predefined user roles, ensuring that access privileges are granted according to hierarchical role structures. The main outcomes of this study show significance towards the improvements in security enforcement and user access management. Specifically, the implementation of multi-factor authentication, session timeout mechanisms, and user role-based authorization ensured robust protection of sensitive data while maintaining system usability. RBAC proved effective in controlling access to various system resources, such as database operations which was presented in scenario of physical access to doors, while OAuth 2.0 provided a secure communication channel for authentication events. These protocols, working in tandem, addressed key issues like unauthorized access, data integrity, and scalability in network security policy enforcement. This research deduces that combining RBAC and OAuth 2.0 protocols in mobile applications enhances security posture, simplifies access management, and mitigates evolving threats.

Downloads

Download data is not yet available.

References

B. Carroll, Cisco Access Control Security: AAA Administrative Services. Cisco Press, 2004.

R. Tourani, S. Misra, T. Mick, and G. Panwar, "Security, privacy, and access control in information-centric networking: A survey," IEEE Commun. Surveys Tuts., vol. 20, no. 1, pp. 566-600, 2017.

S. Parhi, "Attacks due to flaws of protocols used in Network Access Control (NAC), their solutions, and issues: A survey," Int. J. Comput. Netw. Inf. Secur., vol. 4, no. 3, pp. 31-42, 2012.

G. L. Kim, J. S. Jang, and S. W. Sohn, "The implementation of policy management tool based on network security policy information model," KIPS Trans. PartC, vol. 9, no. 5, pp. 775-782, 2002.

I. J. Umoren and S. J. Inyang, "Methodical performance modelling of mobile broadband networks with soft computing model," Int. J. Comput. Appl., vol. 174, no. 25, pp. 7-21, 2021.

C. L. Bowser, "Enforce network access control through security policy management process and enforcement," SANS Institute, 2004.

P. K. Sadhu, V. P. Yanambaka, and A. Abdelgawad, "Internet of Things: Security and solutions survey," Sensors (Basel), vol. 22, no. 19, p. 7433, 2022. doi: 10.3390/s22197433.

J. Matias, J. Garay, A. Mendiola, N. Toledo, and E. Jacob, "FlowNAC: Flow-based network access control," in 2014 Third European Workshop on Software Defined Networks, 2014, pp. 79-84.

A. Lakbabi, G. Orhanou, and S. E. Hajji, "Network access control technology—Proposition to contain new security challenges," arXiv preprint arXiv:1304.0807, 2013.

S. Ravidas, A. Lekidis, F. Paci, and N. Zannone, "Access control in Internet-of-Things: A survey," J. Netw. Comput. Appl., vol. 144, pp. 79-101, 2019.

E. Johnson, G. Ansa, H. Cruickshank, and Z. Sun, "Access control framework for delay/disruption tolerant networks," in Personal Satellite Services: Second International ICST Conference, PSATS 2010, Rome, Italy, February 2010 Revised Selected Papers, vol. 2, Springer Berlin Heidelberg, 2010, pp. 249-264.

C. A. Berrick, "Homeland security: DHS’s progress and challenges in key areas of maritime, aviation, and cybersecurity (GAO-10-106)," Government Accountability Office, 2009.

O'Reilly, Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control, 2023.

C. Fisher, "Network access control: Disruptive technology?" Regis University Student Publications, 2007.

M. Alshaikh, S. B. Maynard, A. Ahmad, and S. Chang, "Information security policy: A management practice perspective," arXiv preprint arXiv:1606.00890, 2016.

S. Ramachandran, C. Rao, T. Goles, and G. Dhillon, "Variations in information security cultures across professions: A qualitative study," Commun. Assoc. Inf. Syst., vol. 33, no. 11, pp. 163-204, Dec. 2012.

M. Kamariotou and F. Kitsios, "Information systems strategy and security policy: A conceptual framework," Electronics, vol. 12, no. 2, p. 382, 2023. doi: 10.3390/electronics12020382.

G. Kumar and K. Kumar, "Network security—An updated perspective," Syst. Sci. Control Eng., vol. 2, no. 1, pp. 325-334, 2014.

S. Samonas and D. Coss, "The CIA strikes back: Redefining confidentiality, integrity, and availability in security," J. Inf. Syst. Secur., vol. 10, no. 3, 2014.

H. Dwivedi, C. Clark, and D. V. Thiel, Mobile Application Security. New York: McGraw-Hill, 2010.

E. J. Smith, D. A. Robinson, and S. Elphick, "DER control and management strategies for distribution networks: A review of current practices and future directions," Energies, vol. 17, no. 11, p. 2636, 2024.

Y. Mowafi, I. Dhiah el Diehn, A. Zmily, T. Al-Aqarbeh, M. Abilov, and V. Dmitriyevr, "Exploring a context-based network access control for mobile devices," Procedia Comput. Sci., vol. 62, pp. 547-554, 2015.

Published
2024-09-23
Abstract views: 96 times
Download PDF: 55 times
How to Cite
Mpamugo, E., & Ansa, G. (2024). Enhancing Network Security in Mobile Applications with Role-Based Access Control. Journal of Information Systems and Informatics, 6(3), 1872-1899. https://doi.org/10.51519/journalisi.v6i3.863