1 / 21

A PKI approach for deploying modern secure distributed e-learning and m-learning environments

A PKI approach for deploying modern secure distributed e-learning and m-learning environments. Source:Computers and Education, Elsevier Science, accepted for publication, 2004 Authors:G. Kambourakis, D.-P. Kontoni, A. Rouskas and S. Gritzalis Speaker: Mei-Yu Lin Date: 2005/10/20. Outline.

albina
Download Presentation

A PKI approach for deploying modern secure distributed e-learning and m-learning environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A PKI approach for deploying modern secure distributed e-learning and m-learning environments Source:Computers and Education, Elsevier Science, accepted for publication, 2004 Authors:G. Kambourakis, D.-P. Kontoni, A. Rouskas and S. Gritzalis Speaker: Mei-Yu Lin Date: 2005/10/20

  2. Outline • Introduction • Architecture • E-learning scenario • Testing ACs performance in a mobile scenario • Conclusions

  3. Introduction 1/6 • user’s motivation or aspiration for learning • protection of user’s privacy • very few papers attempt to blend trust issues with e-learning or m-learning applications • rapid increase of the number of users taking part in e-learning services, results in a many-to-many trust model. • symmetric key techniques are inadequate

  4. Introduction 2/6 • PKI (Public Key Infrastructure) : an all-encompassing security infrastructure, provide • authentication • non-repudiation • integrity • privacy • access control

  5. Introduction 3/6 PKI scheme

  6. Introduction 4/6 • CA: Certification Authority • AA (Attribute Authority) : • bind the characteristics of an entity to that entity by digitally signing the appropriate AC

  7. Introduction 5/6 hierarchical model peer to peer model hybrid model CAs model

  8. Introduction 6/6 • AC (attribute certificates): • controlling access to system resources and employing role-based authorization and access controls policies accordingly. • attributes can specify group membership, role, security clearance, or other authorization information associated with the AC holder

  9. Architecture 1/6

  10. Architecture 2/6 • user agent: requests services bound by the appropriate ACs that he holds. • service agent: provides services requested by the client. • provide multimedia content, file management, web content, discussion groups, course registration etc

  11. Architecture 3/6 • AC & AA agent: issues and signs public key certificates and attribute certificates.

  12. Architecture 4/6 • Other agents: • (a) Creating roles • (b) Assigning roles to each person or entity. • the system must prohibit the same user from being assigned both roles at the same time

  13. Architecture 5/6

  14. Architecture 6/6

  15. E-learning scenario • server agent asks the user to provide the AC corresponding to the requested service. • server agent has to validate the AC(must be signed by an AA that the server agent trusts) • check the certificates time expiration field • check AC is not included in the last retrieved CRL • If ok, the server agent provides the service, • otherwise it can offer the following options to the user: • (1) Allow him change his request. • (2) Allow the provider adjust his role and provide him the appropriate AC at some time later • (3) Allow him request the requisite AC from an AA on-the-fly • AA checks the user credentials by querying the providers users policy DB

  16. Testing ACs performance in a mobile scenario 1/3

  17. Testing ACs performance in a mobile scenario 2/3 • IBM ThinkPad 380 laptop computer • 150 MHz Pentium CPU • uses Windows 95B operating system. • wireless devices are up to 400 MHz • 64 MB RAM and 48 MB ROM • user agent uses a Siemens ME45 mobile phone • in order to connect to the Internet over GPRS. • coding scheme was CS1 (9.05 Kb/s) • wireless network speeds in the range from 27 to 36 Kb/s. • Network speeds for third generation mobile networks (3G) • 144 up to 348 Kb/s for wide • up to 2 Mb/s for low coverage and mobility • IEEE 802.11· (wireless LANs), speed up to 54 Mb/s.

  18. Testing ACs performance in a mobile scenario 3/3 • AA machine • Pentium III 733 MHz processor • 256 MB RAM • Windows 2000 professional SP2 • The applications • developed in Java 2 • employed Apachestyle • Open SSL toolkit in version 0.9.6g to make them public key enabled

  19. Testing ACs performance in a mobile scenario - Measurements results 1/2

  20. Testing ACs performance in a mobile scenario - Measurements results 2/2 • with various values for the arrival rate of ACs requests • The total client’s request size is about 733 bytes • a set of 1000 transactions between the AA server and the client • in different days and hours during a week period and 50% of the measurements were logged during peak hours • Maximum and minimum service time duration was 4.18 and 1.18 s, respectively • average total time of the transaction to complete is about 2.1 s, with a standard deviation of 0.35, which is generally acceptable by a user who demands "a fast and secure service"

  21. Conclusions • PKI can provide strong mutual authentication and fine-grained trust control of common e-learning or m-learning services • provide • authentication, • authorization, • non-repudiation, • message confidentiality and integrity, • tamperproof evaluation of tests, • protection of courseware material, • secure delivery of test material, etc.

More Related