1

A PKI approach for deploying modern secure distributed e-learning and m-learning

environments

Source:Computers and Education, Elsevier Science, accepted for publication, 2004

Authors:G. Kambourakis, D.-P. Kontoni, A. Rouskas and S. Gritzalis

Speaker: Mei-Yu LinDate: 2005/10/20

2

Outline

Introduction Architecture E-learning scenario Testing ACs performance in a mobile scen

ario Conclusions

3

Introduction 1/6

user’s motivation or aspiration for learning protection of user’s privacy very few papers attempt to blend trust

issues with e-learning or m-learning applications

rapid increase of the number of users taking part in e-learning services, results in a many-to-many trust model.

symmetric key techniques are inadequate

4

Introduction 2/6

PKI (Public Key Infrastructure) : an all-encompassing security infrastructure, provide authentication non-repudiation integrity privacy access control

5

Introduction 3/6

PKI scheme

6

Introduction 4/6

CA: Certification Authority AA (Attribute Authority) :

bind the characteristics of an entity to that entity by digitally signing the appropriate AC

7

Introduction 5/6

hierarchical model

peer to peer model

hybrid model

CAs model

8

Introduction 6/6

AC (attribute certificates): controlling access to system resources and employing

role-based authorization and access controls policies accordingly.

attributes can specify group membership, role, security clearance, or other authorization information associated with the AC holder

9

Architecture 1/6

10

Architecture 2/6

user agent: requests services bound by the appropriate ACs that he holds.

service agent: provides services requested by the client.

provide multimedia content, file management, web content, discussion groups, course registration etc

11

Architecture 3/6AC & AA agent: issues and signs public key

certificates and attribute certificates.

12

Architecture 4/6

Other agents:(a) Creating roles(b) Assigning roles to each person or entity.

the system must prohibit the same user from being assigned both roles at the same time

13

Architecture 5/6

14

Architecture 6/6

15

E-learning scenario server agent asks the user to provide the AC correspond

ing to the requested service. server agent has to validate the AC(must be signed by a

n AA that the server agent trusts) check the certificates time expiration field check AC is not included in the last retrieved CRL If ok, the server agent provides the service, otherwise it can offer the following options to the user:

(1) Allow him change his request. (2) Allow the provider adjust his role and provide him the appropr

iate AC at some time later (3) Allow him request the requisite AC from an AA on-the-fly

AA checks the user credentials by querying the providers users policy DB

16

Testing ACs performance in a mobile scenario 1/3

17

Testing ACs performance in a mobile scenario 2/3 IBM ThinkPad 380 laptop computer

150 MHz Pentium CPU uses Windows 95B operating system. wireless devices are up to 400 MHz 64 MB RAM and 48 MB ROM

user agent uses a Siemens ME45 mobile phone in order to connect to the Internet over GPRS.

coding scheme was CS1 (9.05 Kb/s) wireless network speeds in the range from 27 to 36 Kb/s.

Network speeds for third generation mobile networks (3G) 144 up to 348 Kb/s for wide up to 2 Mb/s for low coverage and mobility IEEE 802.11· (wireless LANs), speed up to 54 Mb/s.

18

Testing ACs performance in a mobile scenario 3/3

AA machine Pentium III 733 MHz processor 256 MB RAM Windows 2000 professional SP2

The applications developed in Java 2 employed Apachestyle Open SSL toolkit in version 0.9.6g to make them publi

c key enabled

19

Testing ACs performance in a mobile scenario - Measurements results 1/2

20

Testing ACs performance in a mobile scenario - Measurements results 2/2

with various values for the arrival rate of ACs requests The total client’s request size is about 733 bytes a set of 1000 transactions between the AA server and the client in different days and hours during a week period and 50% of the measu

rements were logged during peak hours Maximum and minimum service time duration was 4.18 and 1.18 s, resp

ectively average total time of the transaction to complete is about 2.1 s, with a st

andard deviation of 0.35, which is generally acceptable by a user who demands "a fast and secure service"

21

Conclusions

PKI can provide strong mutual authentication and fine-grained trust control of common e-learning or m-learning services

provide authentication, authorization, non-repudiation, message confidentiality and integrity, tamperproof evaluation of tests, protection of courseware material, secure delivery of test material, etc.