BYOD NETWORK: Enhancing Security through Trust–Aided Access Control Mechanisms

The growth of mobile devices both in variety and in computational abilities have given birth to a concept in the corporate world known as Bring Your Own Device (BYOD). Under this concept, Employees are allowed to bring personally owned mobile devices for official work. Though relatively new, it has gained up to 53% patronage among organisations, and it is expected to hit 88% in the near future. Its popularity is driven by significant advantages ranging from reduced cost, employee satisfaction to improved productivity. However, the concept also introduces new security challenges; for instance, the organisation looses the ownership of devices used for official work, to the employees. Implying that the employees own and manage the devices they use to work, including seeing to the security needs of such devices. With this development, protecting the corporate network becomes pertinent and even more challenging with an audacious need for outwittingconventional access control mechanisms, giving the highly dynamic nature of mobile devices. Considering the fact that BYOD is also a type of pervasive/dynamic environment, this work studies similar dynamic environments, relating to how their security challenges are addressed, and from such bases a Trust-Aided Dynamic Access Control Approach is proposed for enhancing the security of BYOD devices. Through computational analysis, this scheme has been seen to be security-compliant and could significantly improving the overall security of BYOD networks

An access control system to improve security amongst randomly associated nodes in BYOD network

The growth of mobile devices both in variety and in computational abilities have given birth to a concept in the corporate world known as Bring Your Own Device (BYOD). Employees are allowed under this concept to bring personally owned mobile devices for official work. Though relatively new, it has gained up to 53% patronage among organisations, and it is expected to hit 88% in the near future. Its popularity is driven by the significant advantages it brings along such as reduced cost, employee satisfaction and improved productivity, to mention a few. However, as a relatively new concept, it also introduces new security challenges; for instance, the organisation looses the ownership of devices used for official work, to the employees. Implying that the employees own and manage the devices they use to work, including seeing to the security needs of such devices. With this development, protecting the corporate network becomes more challenging; outsmarting the usual traditional access control mechanisms, owing to the highly dynamic nature of mobile devices. Considering the fact that BYOD is also a type of pervasive/dynamic environment, this work studies similar dynamic environments, relating to how their security challenges are addressed, as bases to propose an algorithm for enhancing the security of BYOD via access control. Various access control mechanisms have also been adequately analyzed as a justification for the proposed approach

Design and implementation of a trust calculation method for network components

Today’s organizations rely on internal or cloud-infrastructures to manage their data and their products. Due to the increasing importance and complexity of these infrastructures, there is the need to implement a reliable way to monitor the trustworthiness of the devices that are part of it. It is important to establish trust within the nodes of a single or multiple security domains to enhance the security of an enterprise’s infrastructure. This thesis aims to develop and evaluate a method to measure and calculate a trust score for each node and security domain of a network infrastructure. This method will be based on a centralized verifier that collects and verifies all the security and performance-based evidence from the nodes that compose the infrastructure. The evidence verification process is based on remote attestation through the use of a hardware root of trust. Moreover, this method allows the exchange of trust scores with other security domains: this enhances inter-domain communication trustworthiness. The main advantages of this method compared to similar ones found in the literature are the possibility of an inter-domain trust exchange, the use of remote attestation, and its adaptability to work with different kinds of infrastructure. Furthermore, the tests confirmed that the method responds quickly in case of a vulnerable node