Security Issues in a Synchronous e-Training Platform

Synchronous e-training is emerging as an alternative for developing human resources training plans in large organizations. Real-time communications are used to emulate face-to-face interaction that occurs in on-campus learning environments. However, the security concerns that a synchronous e-training platform must face may compromise the integrity, availability and confidentiality of corporate information, which may lead to serious economic and legal consequences. The disclosure of corporate information or the unauthorized participation in e-training activities must be prevented. In this paper, the security issues in synchronous e-training are identified, and the threats to a real e-training platform are analyzed. The platform is organized into four virtual networks with different security requirements and vulnerabilities. The platform assumes that multicast communications are available in the underlying corporate network. The threats affecting each element of the platform and their impact on e-training activities are discussed. Finally, a security scheme is proposed fixing the aforementioned vulnerabilities. Digital certificates and encryption algorithms solve most of the vulnerabilities, but other techniques such as access control lists and user skills on security basics are essential. Most of the proposed scheme is applicable to other real-time communication systems, since the e-training platform is built using standard technologies commonly used in voice over IP systems.

[1]  Driss Benhaddou,et al.  Secure voice over Internet Protocol (voIP) using virtual private networks (VPN) and Internet Protocol Security (IPSec) , 2006, 2006 IEEE Region 5 Conference.

[2]  Juan C. Granda,et al.  Automatic Deployment of a Communication Mesh for Synchronous e-Learning Activities , 2010, 2010 Fifth International Conference on Systems and Networks Communications.

[3]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[4]  Jörg Keller,et al.  A System for Secure IP Telephone Conferences , 2006, Fifth IEEE International Symposium on Network Computing and Applications (NCA'06).

[5]  A.F. Faryar,et al.  Carrier VoIP Security Architecture , 2006, Networks 2006. 12th International Telecommunications Network Strategy and Planning Symposium.

[6]  Carmen Taran Enabling SMEs to Deliver Synchronous Online Training--Practical Guidelines , 2006 .

[7]  Gonzalo Camarillo,et al.  Conference Information Data Model for Centralized Conferencing (XCON) , 2006, RFC.

[8]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[9]  Jinhua Guo,et al.  Security Challenge and Defense in VoIP Infrastructures , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[10]  Mostafa Ammar,et al.  Security issues and solutions in multicast content distribution: a survey , 2003 .

[11]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[12]  Chuang Lin,et al.  VCNF: A Secure Video Conferencing System Based on P2P Technology , 2008, 2008 10th IEEE International Conference on High Performance Computing and Communications.

[13]  Thomas Magedanz,et al.  VoIP defender: highly scalable SIP-based security architecture , 2007, IPTComm '07.

[14]  Mike Adams,et al.  Vulnerabilities of the Real-Time Transport (RTP) Protocol for Voice over IP (VoIP) Traffic , 2009, 2009 6th IEEE Consumer Communications and Networking Conference.

[15]  Francisco J. Suárez,et al.  Networking technique for synchronous e-learning platforms in corporate environments , 2009, 2009 International Symposium on Performance Evaluation of Computer & Telecommunication Systems.