A PKI approach for deploying modern secure distributed e-learning and m-learning environments

Abstract While public key cryptography is continuously evolving and its installed base is growing significantly, recent research works examine its potential use in e-learning or m-learning environments. Public key infrastructure (PKI) and attribute certificates (ACs) can provide the appropriate framework to effectively support authentication and authorization services, offering mutual trust to both learners and service providers. Considering PKI requirements for online distance learning networks, this paper discusses the potential application of ACs in a proposed trust model. Typical e-learning trust interactions between e-learners and providers are presented, demonstrating that robust security mechanisms and effective trust control can be obtained and implemented. The application of ACs to support m-learning is also presented and evaluated through an experimental test-bed setup, using the general packet radio service network. The results showed that AC issuing is attainable in service times while simultaneously can deliver flexible and scalable solutions to both learners and e-learning providers.

[1]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[2]  Bernd J. Krämer,et al.  Mobile Learning: The Next Generation of Learning , 2005 .

[3]  Rolf Oppliger,et al.  Using Attribute Certificates to Implement Role-based Authorization and Access Controls , 2000 .

[4]  F. Graf Secure iLearning , 2001, Communications and Multimedia Security.

[5]  X Itu,et al.  Information technology-open systems interconnection-the directory: Public-key and attribute certific , 2000 .

[6]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[7]  David Richard Moore,et al.  E-Learning and the Science of Instruction: Proven Guidelines for Consumers and Designers of Multimedia Learning , 2006 .

[8]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[9]  Joos Vandewalle,et al.  How role based access control is implemented in SESAME , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[10]  Rolf Oppliger,et al.  Internet And Intranet Security , 1998 .

[11]  William K. Horton,et al.  Designing Web based training: how to teach anyone anything anywhere anytime , 2000 .

[12]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[13]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[14]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[15]  Mike Sharples,et al.  The design of personal mobile technologies for lifelong learning , 2000, Comput. Educ..

[16]  Christoph Busch,et al.  Courseware needs Security , .

[17]  John R. Smith,et al.  Scalable multimedia delivery for pervasive computing , 1999, MULTIMEDIA '99.

[18]  David W. Chadwick,et al.  Experiences of using a public key infrastructure for the preparation of examination papers , 2000, Comput. Educ..

[19]  Andrew Nash,et al.  PKI: Implementing and Managing E-Security , 2001 .

[20]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[21]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2002, SACMAT '02.

[22]  Georgios Kambourakis,et al.  Experimental Analysis of an SSL-Based AKA Mechanism in 3G-and-Beyond Wireless Networks , 2004, Wirel. Pers. Commun..

[23]  Jang-Ping Sheu,et al.  A mobile scaffolding-aid-based bird-watching learning system , 2002, Proceedings. IEEE International Workshop on Wireless and Mobile Technologies in Education.

[24]  Elliot Soloway,et al.  Design guidelines for learner-centered handheld tools , 2004, CHI '04.

[25]  David W. Chadwick,et al.  A Comparison of the Akenti and PERMIS Authorization Infrastructures , 2003 .

[26]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[27]  Charles Adams,et al.  Understanding Public-Key Infra-structure: Concepts, Standards, and Deployment Con-siderations , 1999 .

[28]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[29]  Elliot Soloway,et al.  Supporting learning in context: extending learner-centered design to the development of handheld educational software , 2002, Proceedings. IEEE International Workshop on Wireless and Mobile Technologies in Education.

[30]  Wanli Ma,et al.  On an IT Security Framework , 2005, KES.

[31]  Fachhochschule Darmstadt A security framework for online distance learning and training , 1998 .

[32]  Diomidis Spinellis,et al.  Towards a framework for evaluating certificate status information mechanisms , 2003, Comput. Commun..

[33]  John Viega,et al.  Network Security with OpenSSL , 2002 .

[34]  L. Saunders TOWARDS A FRAMEWORK , 1999 .

[35]  Charlie Kaufman,et al.  Internet Key Exchange (IKEv2) Protocol , 2005, RFC.

[36]  Andrei V. Gurtov,et al.  Measured performance of GSM, HSCSD and GPRS , 2001, ICC 2001. IEEE International Conference on Communications. Conference Record (Cat. No.01CH37240).

[37]  William E. Johnston,et al.  Certificate-based Access Control for Widely Distributed Resources , 1999, USENIX Security Symposium.