a pki approach for deploying modern secure distributed e-learning and m-learning environments
DESCRIPTION
A PKI approach for deploying modern secure distributed e-learning and m-learning environments. Source:Computers and Education, Elsevier Science, accepted for publication, 2004 Authors:G. Kambourakis, D.-P. Kontoni, A. Rouskas and S. Gritzalis Speaker: Mei-Yu Lin Date: 2005/10/20. Outline. - PowerPoint PPT PresentationTRANSCRIPT
1
A PKI approach for deploying modern secure distributed e-learning and m-learning
environments
Source:Computers and Education, Elsevier Science, accepted for publication, 2004
Authors:G. Kambourakis, D.-P. Kontoni, A. Rouskas and S. Gritzalis
Speaker: Mei-Yu LinDate: 2005/10/20
2
Outline
Introduction Architecture E-learning scenario Testing ACs performance in a mobile scen
ario Conclusions
3
Introduction 1/6
user’s motivation or aspiration for learning protection of user’s privacy very few papers attempt to blend trust
issues with e-learning or m-learning applications
rapid increase of the number of users taking part in e-learning services, results in a many-to-many trust model.
symmetric key techniques are inadequate
4
Introduction 2/6
PKI (Public Key Infrastructure) : an all-encompassing security infrastructure, provide authentication non-repudiation integrity privacy access control
5
Introduction 3/6
PKI scheme
6
Introduction 4/6
CA: Certification Authority AA (Attribute Authority) :
bind the characteristics of an entity to that entity by digitally signing the appropriate AC
7
Introduction 5/6
hierarchical model
peer to peer model
hybrid model
CAs model
8
Introduction 6/6
AC (attribute certificates): controlling access to system resources and employing
role-based authorization and access controls policies accordingly.
attributes can specify group membership, role, security clearance, or other authorization information associated with the AC holder
9
Architecture 1/6
10
Architecture 2/6
user agent: requests services bound by the appropriate ACs that he holds.
service agent: provides services requested by the client.
provide multimedia content, file management, web content, discussion groups, course registration etc
11
Architecture 3/6AC & AA agent: issues and signs public key
certificates and attribute certificates.
12
Architecture 4/6
Other agents:(a) Creating roles(b) Assigning roles to each person or entity.
the system must prohibit the same user from being assigned both roles at the same time
13
Architecture 5/6
14
Architecture 6/6
15
E-learning scenario server agent asks the user to provide the AC correspond
ing to the requested service. server agent has to validate the AC(must be signed by a
n AA that the server agent trusts) check the certificates time expiration field check AC is not included in the last retrieved CRL If ok, the server agent provides the service, otherwise it can offer the following options to the user:
(1) Allow him change his request. (2) Allow the provider adjust his role and provide him the appropr
iate AC at some time later (3) Allow him request the requisite AC from an AA on-the-fly
AA checks the user credentials by querying the providers users policy DB
16
Testing ACs performance in a mobile scenario 1/3
17
Testing ACs performance in a mobile scenario 2/3 IBM ThinkPad 380 laptop computer
150 MHz Pentium CPU uses Windows 95B operating system. wireless devices are up to 400 MHz 64 MB RAM and 48 MB ROM
user agent uses a Siemens ME45 mobile phone in order to connect to the Internet over GPRS.
coding scheme was CS1 (9.05 Kb/s) wireless network speeds in the range from 27 to 36 Kb/s.
Network speeds for third generation mobile networks (3G) 144 up to 348 Kb/s for wide up to 2 Mb/s for low coverage and mobility IEEE 802.11· (wireless LANs), speed up to 54 Mb/s.
18
Testing ACs performance in a mobile scenario 3/3
AA machine Pentium III 733 MHz processor 256 MB RAM Windows 2000 professional SP2
The applications developed in Java 2 employed Apachestyle Open SSL toolkit in version 0.9.6g to make them publi
c key enabled
19
Testing ACs performance in a mobile scenario - Measurements results 1/2
20
Testing ACs performance in a mobile scenario - Measurements results 2/2
with various values for the arrival rate of ACs requests The total client’s request size is about 733 bytes a set of 1000 transactions between the AA server and the client in different days and hours during a week period and 50% of the measu
rements were logged during peak hours Maximum and minimum service time duration was 4.18 and 1.18 s, resp
ectively average total time of the transaction to complete is about 2.1 s, with a st
andard deviation of 0.35, which is generally acceptable by a user who demands "a fast and secure service"
21
Conclusions
PKI can provide strong mutual authentication and fine-grained trust control of common e-learning or m-learning services
provide authentication, authorization, non-repudiation, message confidentiality and integrity, tamperproof evaluation of tests, protection of courseware material, secure delivery of test material, etc.