Multi-Layer Access Control for Bring Your Own Device Environment

Abstract

As a result of several attractive features (portability and access to voice and data services) of mobile devices, People started going to their work place with their mobile devices and connect to their enterprise network to do their official daily job. This has given rise to a policy called Bring Your Own Devices (BYOD). BYOD policy has come with a lot of benefits for both the employees and enterprise. For instance, employer gains access to employee anytime thereby increase productivity of the enterprise. BYOD faces a lot of challenges such as security challenge. To determine who access enterprise resources and how the resources are been access, poses a serious security concerned as both the knowledge and ownership means of authentication in traditional network are not sufficient for BYOD environment. An unauthorized access to enterprise sensitive information through lost mobile device of employee’s, solder surfing password attack and password guessing attack can lead to data leakage. Also, unmonitored employee mobile device when connected to enterprise resources can inadvertently cause malicious application attack on the enterprise network. To address these security issues, this study is proposing a framework for multi-layer access control that will not only authenticate legitimate user of mobile device at point of login to enterprise resource, but also control and monitor the behavior of legitimate mobile device user when connected to the enterprise resources. The multi-layer access control consist of two-factor authentication layer framework and mobile device access monitoring layer. The two-factor authentication framework will combine both the knowledge based and biometrics based authentication technique to form unobtrusive authentication technique for mobile device in BYOD environment. The second layer monitors the behavior of mobile device when connected to enterprise resource. For proper decision in an uncertainty environment like BYOD, Trust-fuzzy algorithm will be developed to form fuzzy inference engine for decision making. The system will be simulated using Matlab. It is expected that the algorithm that relies on trust and fuzzy logic concept will be effective in terms of running-time and throughput.