Enhancing Network Security in Mobile Applications with Role-Based Access Control

Authors

  • Ezichi Mpamugo Akwa Ibom State University, Nigeria
  • Godwin Ansa Akwa Ibom State University, Nigeria
Pages Icon

DOI:

https://doi.org/10.51519/journalisi.v6i3.863

Keywords:

Role-Based Access Control (RBAC), OAuth 2.0, Network Security Access Management, Multi-Factor Authentication, Authorization Protocols

Abstract

In today's dynamic networking environment, securing access to resources has become increasingly challenging due to the growth and progress of connected devices. This study explores the integration of Role-Based Access Control (RBAC) and OAuth 2.0 protocols to enhance network access management and security enforcement in an Android mobile application. The study adopts a waterfall methodology to implement access control mechanisms that govern authentication and authorization. OAuth 2.0, a widely adopted open-standard authorization framework, was implemented to secure user authentication by allowing third-party access without exposing user credentials. Meanwhile, RBAC was leveraged to streamline access permissions based on predefined user roles, ensuring that access privileges are granted according to hierarchical role structures. The main outcomes of this study show significance towards the improvements in security enforcement and user access management. Specifically, the implementation of multi-factor authentication, session timeout mechanisms, and user role-based authorization ensured robust protection of sensitive data while maintaining system usability. RBAC proved effective in controlling access to various system resources, such as database operations which was presented in scenario of physical access to doors, while OAuth 2.0 provided a secure communication channel for authentication events. These protocols, working in tandem, addressed key issues like unauthorized access, data integrity, and scalability in network security policy enforcement. This research deduces that combining RBAC and OAuth 2.0 protocols in mobile applications enhances security posture, simplifies access management, and mitigates evolving threats.

Downloads

Download data is not yet available.

References

B. Carroll, Cisco Access Control Security: AAA Administrative Services. Cisco Press, 2004.

R. Tourani, S. Misra, T. Mick, and G. Panwar, "Security, privacy, and access control in information-centric networking: A survey," IEEE Commun. Surveys Tuts., vol. 20, no. 1, pp. 566-600, 2017.

S. Parhi, "Attacks due to flaws of protocols used in Network Access Control (NAC), their solutions, and issues: A survey," Int. J. Comput. Netw. Inf. Secur., vol. 4, no. 3, pp. 31-42, 2012.

G. L. Kim, J. S. Jang, and S. W. Sohn, "The implementation of policy management tool based on network security policy information model," KIPS Trans. PartC, vol. 9, no. 5, pp. 775-782, 2002.

I. J. Umoren and S. J. Inyang, "Methodical performance modelling of mobile broadband networks with soft computing model," Int. J. Comput. Appl., vol. 174, no. 25, pp. 7-21, 2021.

C. L. Bowser, "Enforce network access control through security policy management process and enforcement," SANS Institute, 2004.

P. K. Sadhu, V. P. Yanambaka, and A. Abdelgawad, "Internet of Things: Security and solutions survey," Sensors (Basel), vol. 22, no. 19, p. 7433, 2022. doi: 10.3390/s22197433.

J. Matias, J. Garay, A. Mendiola, N. Toledo, and E. Jacob, "FlowNAC: Flow-based network access control," in 2014 Third European Workshop on Software Defined Networks, 2014, pp. 79-84.

A. Lakbabi, G. Orhanou, and S. E. Hajji, "Network access control technology—Proposition to contain new security challenges," arXiv preprint arXiv:1304.0807, 2013.

S. Ravidas, A. Lekidis, F. Paci, and N. Zannone, "Access control in Internet-of-Things: A survey," J. Netw. Comput. Appl., vol. 144, pp. 79-101, 2019.

E. Johnson, G. Ansa, H. Cruickshank, and Z. Sun, "Access control framework for delay/disruption tolerant networks," in Personal Satellite Services: Second International ICST Conference, PSATS 2010, Rome, Italy, February 2010 Revised Selected Papers, vol. 2, Springer Berlin Heidelberg, 2010, pp. 249-264.

C. A. Berrick, "Homeland security: DHS’s progress and challenges in key areas of maritime, aviation, and cybersecurity (GAO-10-106)," Government Accountability Office, 2009.

O'Reilly, Implementing NAP and NAC Security Technologies: The Complete Guide to Network Access Control, 2023.

C. Fisher, "Network access control: Disruptive technology?" Regis University Student Publications, 2007.

M. Alshaikh, S. B. Maynard, A. Ahmad, and S. Chang, "Information security policy: A management practice perspective," arXiv preprint arXiv:1606.00890, 2016.

S. Ramachandran, C. Rao, T. Goles, and G. Dhillon, "Variations in information security cultures across professions: A qualitative study," Commun. Assoc. Inf. Syst., vol. 33, no. 11, pp. 163-204, Dec. 2012.

M. Kamariotou and F. Kitsios, "Information systems strategy and security policy: A conceptual framework," Electronics, vol. 12, no. 2, p. 382, 2023. doi: 10.3390/electronics12020382.

G. Kumar and K. Kumar, "Network security—An updated perspective," Syst. Sci. Control Eng., vol. 2, no. 1, pp. 325-334, 2014.

S. Samonas and D. Coss, "The CIA strikes back: Redefining confidentiality, integrity, and availability in security," J. Inf. Syst. Secur., vol. 10, no. 3, 2014.

H. Dwivedi, C. Clark, and D. V. Thiel, Mobile Application Security. New York: McGraw-Hill, 2010.

E. J. Smith, D. A. Robinson, and S. Elphick, "DER control and management strategies for distribution networks: A review of current practices and future directions," Energies, vol. 17, no. 11, p. 2636, 2024.

Y. Mowafi, I. Dhiah el Diehn, A. Zmily, T. Al-Aqarbeh, M. Abilov, and V. Dmitriyevr, "Exploring a context-based network access control for mobile devices," Procedia Comput. Sci., vol. 62, pp. 547-554, 2015.

Downloads

Published

2024-09-23

Issue

Vol. 6 No. 3 (2024): September

Section

Articles

License

Authors Declaration

  1. The Authors certify that they have read, understood, and agreed to the Journal of Information Systems and Informatics (JournalISI) submission guidelines, policies, and submission declaration. The submission has been prepared using the provided template.
  2. The Authors certify that all authors have approved the publication of this manuscript and that there is no conflict of interest.
  3. The Authors confirm that the manuscript is their original work, has not received prior publication, is not under consideration for publication elsewhere, and has not been previously published.
  4. The Authors confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
  5. The Authors confirm that the manuscript is not copied from or plagiarized from any other published work.
  6. The Authors declare that the manuscript will not be submitted for publication in any other journal or magazine until a decision is made by the journal editors.
  7. If the manuscript is finally accepted for publication, the Authors confirm that they will either proceed with publication immediately or withdraw the manuscript in accordance with the journal’s withdrawal policies.
  8. The Authors agree that, upon publication of the manuscript in this journal, they transfer copyright or assign exclusive rights to the publisher, including commercial rights

How to Cite

[1]
E. Mpamugo and G. Ansa, “Enhancing Network Security in Mobile Applications with Role-Based Access Control”, journalisi, vol. 6, no. 3, pp. 1872–1899, Sep. 2024, doi: 10.51519/journalisi.v6i3.863.

Most read articles by the same author(s)