Keywords

1 Introduction

Significant advancements in mobile technologies have shifted personal computing to pervasive and ubiquitous sphere. Many use their mobile devices for their most daily tasks such as emails, text messaging, documents viewing, mapping, as well as for entertainment. Such value-added services typically require collecting not only users’ personal information, such as location or identification [1], but also gathering and transmitting trust sensitive information [2].

Today, nearly 70 % of the network usage actions generated by third party mobile applications’ services have become invisible to the users [3]. According to [4], most of the current existing mobile platforms (i.e., Android, Apple and iOS) typically leave it to users to specify the permission of mobile applications’ access to users’ personal information. More critically, survey studies report a lack of users’ awareness of privacy breach and security risks associated with installing third party mobile applications [5]. That said, ensuring users’ awareness of trust and security controls needs to start from the mobile devices. For example, [6] proposes leveraging the level of privileges of mobile devices’ owners in terms of trust and security controls, commonly set by default at low levels throughout the installation lifecycle of applications on these devices, to protect users’ information from malicious attacks and/or intrusions. In addition, [7] suggests a framework to shadow users’ personal data in places that users wants to keep private to block network transmissions that contain such data. Similarly, [8, 9] propose just-in-time notifications that appear when users’ personal data is subject to sharing and displays a visual summary of the shared subject data. However, such security control measures and much of the existing security management mechanisms do not take into account the nature of users’ context in mobility.

As research and practice on context-based mobile computing have achieved remarkable success, context-based network access in mobility is still at infancy. The main challenge that renders context-based solutions of ubiquitous computing systems compared to traditional information access systems is that the later handles access threats based on set scenarios of specific protection needs and policies in accordance to those needs. In ubiquitous computing environments, network access alternatives should be supported in the situation where and when the decision is required. Hence, current context needs to be considered to effectively control a given situation. In order to address the aforementioned deterrents, we propose a context-based network access framework for eliciting context information and adapting this information with mobile applications’ network access measure. The network access measure is determined based on both the context information collected from the mobile device sensors and the user’s settings of the mobile application network access. The user settings provide a mechanism to prioritize the importance of contexts towards the network access control of each mobile application. We implement the proposed framework in the Android Operating System (OS) for mobile devices. The remainder of this paper is structured as follows. In Sect. 2, we describe the context-aware network access framework architecture. Section 3 presents the AHP method. In Sect. 4, we present a prototype and evaluation of our network access control mechanism. Section 5 reviews related work. We conclude the paper with final comments.

2 Architectural Design

Our proposed framework extends an earlier proposed architecture [10] that aims to control the communication among mobile applications and mobile device resources at run-time. The framework consists of a mobile application sandbox and a context shadow application. To avoid any changes to mobile OS, the framework component is implemented as a shadow application. The sandbox is built inside the mobile OS. Mobile application data, code execution, and network access are all concealed within the sandbox. Any network access can only go through the sandbox.

When a running mobile application attempts to get a network access, the application sends TCP SYN request as part of a TCP handshake. This triggers a checking request in the sandbox, which in turn triggers a request in the shadow application. The shadow application examines the request based on both the context information collected from the mobile device sensors, and the user configuration of the mobile application network access settings using the Analytic Hierarchy Process method, discussed in Sect. 3, to provide the appropriate network access of allow or restrict recommendation decision. This decision will then be returned to the sandbox.

3 Analytic Hierarchical Process Method

Given that context dynamically combines a variety of heterogeneous context measures. While some measures are tangible and objectively measured, other measures are intangible and subjectively measured. To model the inherent interdependency of such various criteria measures of comprehended sub-problems into a single integrated decision problem, each of which can be evaluated independently. Hence, from a decision making perspective it will be necessary to consolidate these context measure into single integrated decision problem. Such consolidation allows for establishing a multi-criteria decision making (MCDM) [11]. A common methodology for dealing with MCDM problems is the Analytic Hierarchy Process (AHP) method [12]. One advantage of the AHP method that (a) it enables to breakdown unstructured complex decision problems into smaller constituent components in order to construct an integrative hierarchy, and (b) its capability of handling both tangible and intangible criteria that entails a systematic procedure in the thought process. AHP has been widely used in a variety of policy selection and decision making [13], adaptive learning [14], and recommendation and feedback systems [15].

When applied in decision problems, the AHP method assists in describing a general decision operation by decomposing the decision problem into a multi-level hierarchic structure. We apply the AHP method to perform a paired comparison among the contexts (i.e., location, time, and network) to determine the relative weights of the mobile application network access decision alternatives, secure and insecure network access (Fig. 1). The AHP structure represents the problem decision goal (context network access); the decision problem alternatives (secure and insecure) A 1 … A i ; and the decision criteria (Location, Time, Network) C i and Sub-criteria C i,j . The weights ω i and ω ij are determined through a pair-wise comparison of C i and C i,j , respectively. In determining the relative weights of the decision problem alternatives, the AHP applies eigenvalue method to determine a ranking weight for each criterion and its sub-criteria variables using a pair-wise comparison among each alternative, and then consolidate the weighted values of the hierarchy alternatives to create an overall priority value for each alternative relative to the overall decision goal [16].

Fig. 1.
figure 1

The AHP structure

Full size image

Consolidating the weighted values is performed via component measure priorities assigned by the decision maker to create an overall decision value for each alternative. For example, a pair-wise comparison of q elements’ weights, ω 1 , ω 2 ,… ω q is performed via composing the following comparison matrix, every element a ji of each trial is the result of a paired comparison denoting the dominance of element i relative to element j. A comparison is also being made of the j th element with the i th element. This results in the comparison matrix being a reciprocal matrix satisfying a ji  = 1/a ij . The matrix diagonal represents the self-comparisons on the matrix elements.

$$ \left( {\begin{array}{*{20}c} {\frac{{w_{1} }}{{w_{1} }}} & {\frac{{w_{1} }}{{w_{2} }}} & {\frac{{w_{1} }}{{w_{3} }}} & \cdots & {\frac{{w_{1} }}{{w_{q} }}} \\ {\frac{{w_{2} }}{{w_{1} }}} & {\frac{{w_{2} }}{{w_{2} }}} & {\frac{{w_{2} }}{{w_{3} }}} & \cdots & {\frac{{w_{2} }}{{w_{q} }}} \\ \cdots & {} & {} & {} & {} \\ {\frac{{w_{q} }}{{w_{1} }}} & {\frac{{w_{q} }}{{w_{2} }}} & {\frac{{w_{q} }}{{w_{3} }}} & \cdots & {\frac{{w_{q} }}{{w_{q} }}} \\ \end{array} } \right) $$

The association of the overall weighting for each element relative to its immediate above level is attained via priority vector (PV), which represents the eigenvector of the paired comparison matrices’ components. The priorities assigned to the matrix elements reflect the order of their importance with respect to each alternative.

4 Implementation and Evaluation

We developed a prototype application of our proposed network access control mechanism in the Android OS on mobile devices. The application features prompt the execution of the mobile device applications inside a shadow application that controls the network access of these applications. The shadow application utilizes the AHP algorithm to determine the network access decision alternatives, namely secure or insecure. The calculated the AHP network access decision tallies the contexts’ relative weights (location, network type, and time) with respect to the relative weights of their corresponding current states.

The application offers a network access setting interface for the users to prioritize the contexts towards the network access control of the running mobile application, such as Facebook that is used here for illustration (Fig. 2A). This is performed through a series of pair-wise comparisons among the contexts, as conferred in Sect. 2. The lowest network access control alternative is given a weight of 1, while the highest access control alternative is given a weight of 9 (Fig. 2B). These values will be used by the AHP analysis to provide eigenvector for the contexts. In addition, the application allows the users to prioritize the contexts’ states with respect to the level of their network access control. The lowest alternative in terms of network access control is given a weight of 1, while the highest alternative is given a weight of 9 (Fig. 2C). The application settings allow users to add and/or to edit the definition of the contexts’ states of their set locations and Wi-Fi networks (Fig. 2D).

Fig. 2.
figure 2

Screenshot of the shadow application settings

Full size image

Table 1 illustrates the pair-wise comparison matrix of constructed contexts’ security prioritization towards network access. These relative weights are then normalized and aggregated in order to calculate the priority weights defined from the AHP method (Table 2). Similar analysis is performed for the rest of the context sub-criteria states. For example, Table 3 presents the AHP matrix and the priorities for each alternative with respect to the different states of the Network criterion. Similar analysis is performed for the rest of the contexts’ sub-criteria states.

Table 1. The pair-wise comparison matrix of the contexts criteria prioritization
Full size table
Table 2. The normalized weight values for each context criterion
Full size table
Table 3. The normalized weight values with respect to the network context states
Full size table

The application uses the relative weights of the contexts along with the current user’s context states to calculate the decision values of the context network access at run time. The overall weight of the decision values of the context network access is obtained from the sum-product of the normalized priority weights of each context criterion (Table 2) and the corresponding normalized priority weights of the assessed context states (Table 3). Hence, the obtained higher priority value of each alternative of secure or insecure determines the recommended AHP network access level.

For example, Fig. 3A shows a scenario of a network access attempt of launching a mobile application, via the shadow application, at different context states. In this context, location is Public, Wi-Fi network type is Unknown, and time is Afternoon. The shadow application calculates the overall relative weight of the AHP context network access level. This yields a higher relative weight of an “insecure” network access that prompts the user, if decided to continue, to turn the mobile device location (geo-tracking) services off prior to launching the mobile application (Fig. 3B) ─ a feature that uses GPS along with crowd-sourced Wi-Fi hotspot and cell tower locations to determine user’s approximate location.

Fig. 3.
figure 3

Screenshots of the shadow application network access

Full size image

Alternatively, Fig. 3C presents another scenario of network access attempt that is triggered with the launching a mobile application. The user’s location is determined to be at Work, network type is Work, Wi-Fi, and time is Evening. The shadow application recalculates the overall relative weight of the AHP context network access level. This yields a higher relative weight of “secure” network access in this case.

In order to examine our network access control framework performance, we used the general cross-validation evaluation technique to test the power of accuracy of the network access control mechanism alternatives and their associated contexts. The validation of our framework draws on a dataset of nine undergraduate university students affiliated participants (5 males and 4 females). Participants’ age ranged from 19 to 22 years old with a mean age of 21. The participants have been considered as frequent mobile devices users who own the Android mobile devices for an average of more than two years, and considered themselves as frequent users of mobile applications. After installing the framework shadow application on their mobile devices, participants were informed about the shadow application functionality and the network access control mechanism setting. Participants were then instructed to run the logging application at various times and places over a week time period. The application logs this information, along with participants’ feedback options of whether they think that the mobile application launching of network access is secure or not– relevant to the shadow application network access control mechanism recommendation.

The collected data resulted into 118 observations of network access of mobile applications launching attempts via the shadow application, with an average of eight different mobile application network access logged attempts per user per day. The collected data were divided into 80 % of training data, and the remaining 20 % for testing. Table 4 presents the cross validation confusion matrix of network access options accuracy, in pursuit of the context states. The rows present the generated case values and the columns present the predicted values. The results showed a classification accuracy of 91 % with an average Euclidian distance of 0.006. Euclidian distance ranges from 0 for the perfect classifier and square root of 2 for incorrect classification.

Table 4. Confusion matrix of network access alternatives (TP, TN, FP, and FN represent true positive rate, true negative rate, false positive rate, and false negative rate, respectively)
Full size table

Finally, in order to test the possibility and the hypothesis of whether the difference in network access decision values could be resulted from random variation rather than from significant differences between the AHP decision alternatives; we use Analysis of Variance (ANOVA) to assess the differences among the decision values across the observations. Test results (Table 5) indicate that there is a statistically significant difference in the decision values (P-value <0.001).

Table 5. ANOVA test results ANOVA Test
Full size table

5 Related Work

The wide spread use of mobile devices and their integration with personal computing in different domains have shifted the paradigm of how security needs to be handled. For example, [17] proposes TaintDroid to provide real-time analysis of more than 20 mobile applications access to users’ private information. The authors found considerable instances of potential misuse of such applications towards users’ private information. Similarly, [18] investigates how permissions and privacy could play a role in users application selection decisions. The study found that presenting privacy information in a clearer fashion could assist users in choosing applications that request less permission. In addition, [19] proposes a real-time taint aware analysis to detect mobile applications’ vulnerabilities of exchanging data between a single application or among several applications. Earlier, [20] explores retrofitting the Android permissions model to determine third party application extra permissions network access beyond the applications needs.

Various research initiatives have explored the use of security relevant context with focus on delegation of context-based access control rights. For example, [21] proposes an ontology-based frame work that utilizes context information to derive access control measures of mobile devices’ assets, such as messages, based on the confidentiality level of these assets. Others focus efforts on context-based authentication and authorization policies for augmenting network access control in mobile environments. For example, [22] explores context-aware scalable authentication (CASA) as a way of balancing security and usability for authentication by enabling easy access in commonplace everyday situations, such as home; while requiring more secure authentication in less common unidentified places. In addition, [23] proposes a context profiling framework using location Wi-Fi and Bluetooth to infer appropriate access and sharing policies for sensitive data on the mobile device. In our proposed framework, the network type is included along with other contexts to continuously perform network access control measures. In addition, our framework provides a generalized infrastructure that can be configured for different applications.

Finally, [24] proposes a context-aware usage control that takes into account context information, such as the spatial and time data to enforce ongoing policy defined by users during runtime to data access (i.e., data and files) and resource usage (i.e., CPU utilization and battery power). Similarly, [25] explores an access control mechanism that allows users to set configuration policies over applications’ usage of mobile device resources and services when using the device at public places, and re-gain their original privileges when the device is used at private place. In addition, [26] proposes location-based access control mechanism among specified sub-areas via modifying the Android operating system to enforce access control restrictions within the specified locations.

6 Conclusions

In this paper, we proposed a context-based framework that incorporates users’ context, collected from mobile device sensors, with network access control decisions. The framework applies the analytic hierarchy process (AHP) method to dynamically evaluate users’ context, and to provide the appropriate network access control decision in run-time. We validate our proposed framework in the Android OS running on mobile devices. Evaluation results have illustrated the capability of our framework in providing network access control features based on real-time assessment of users’ context.