Application of Geo-Location-Based Access Control in an Enterprise Environment

Abstract

Unauthorized Access has been difficult to stop or prevent in the last few decades using username and password authentication only. For an individual, data breach might just be a simple case of espionage or the loss of private credentials, for an enterprise, this could mean the loss of billions of dollars. Preventing Unauthorized Access to Enterprise Systems Using a Location-based Logical Access Control proposes a framework that uses time and location in preventing and defending against data breaches. The framework was developed using Java with an Eclipse IDE. The database was designed using MySQL and locations were collected using Google Maps API. Users registered at different locations in a university campus were unable to access another’s account in the database because they were both outside the known location and tried to do this at off-work hours. Users were registered with username and password at specified locations. The users are then made to login from same and different locations with correct username and passwords. it was discovered that access to the database was only given when the username and password was correct and location was same as at registered or as allowed by an administrator. The system was found to protect against unauthorized access arising from stolen login credentials and unauthorized remote logins from malicious users.