A mobile role-based access control system using identity-based encryption with zero knowledge proof

Controlled access to confidential information and resources is a critical element in security systems. Role-based access control (RBAC) has gained widespread usage in modern enterprise systems. Extensions have been proposed to RBAC for incorporating spatial constraints into such systems. Several solutions have been proposed for such models and many researchers are now focusing on enforcing system policies. In this paper we propose a security framework for RBAC systems with spatial constraints based on identity-based encryption. In our framework, we use identity-based encryption with zero knowledge proof (ZKP) to provide authentication and information security. We also show how Near Field Communication (NFC) can be used to establish the integrity of a user´s proof of location. Simulation results in Java validate our model. Furthermore, security analysis has been done to show how our framework protects against well-known attacks.