22-10-2012, 04:11 PM
Applying Digital Signatures to E-learning System
[attachment=37042]
Introduction
Relevance of the Study
E-learning is attaining significance in the Internet world due to the obvious
advantages of ubiquitous learning, engaging learners - anytime, anywhere, on any
device to reach the unreachable (Babu, 2001).
E-learning can be considered a special form of e-business. E-commerce can be
defined from the several perspectives of e-business such as communication,
commercial, business process, service, learning, collaborative and community. From
learning perspective, e-commerce is an enable of online training and education in
schools, universities and other organizations, including business (Turban et al., 2006).
Look back to the term of e-commerce, e-learning is widely used in different
ways; for example, understands e-learning as “the convergence of the Internet and
learning, or “the use of network technologies to create, foster, deliver, and facilitate
learning, anytime and anywhere” or “the delivery of individualized, comprehensive,
dynamic learning content in real time, adding the development of communities of
knowledge, linking learners and practitioners with experts” (LineZine, 2003).
Clearly, e-commerce mainly refers to commerce conducted via electronic
networks and e-learning therefore has strong ties with communication networks
(Weippl, 2005a).
The growth of e-learning in recent years has not been as robust as expected for
several reasons. One of these is undoubtedly the inability to ensure security and online
authentication in online learning environment (Boaz, 2003). Since the Internet is
prone to various types of security breaches, the discussion of robust and authenticated
e-learning operations are incomplete without consideration of security as a main
aspect of ‘online signature’ or digital signature (Shiralkar, 2003).
Many emerging technologies are being developed to provide online
authentication. One may consider a digital signature as a type of electronic
authentication (Shiralkar, 2003).
Digital signatures enable people to sign digital documents by providing the properties
of a handwritten signature. They must fulfill the five compelling attributes of
handwritten signatures such as authentic, unforgeable, not reusable, unalterable, and
cannot be repudiated (Schneier, 1996). In the case of handwritten signatures, both the
signature and the document are physical things, which make it difficult for the ‘signer’
to claim the signature is not their own. In order to provide a secure digital signature
scheme, these attributes must be satisfied (Tulu et al., 2004).
Transactions between users over the Internet require protocols to provide secrecy
and authentication of both the sender’s identity and the content of the message (Alan,
2007). One issue frequently arises as organizations seek to promote e-learning or ecommerce
is the validity of electronic transactions and other electronic documents.
This issue has some aspects (James, 2003):
1) Is an agreement valid and binding if it is made by e-mail or at a Web site?
In many countries, the law requires contracts or forms must be ‘in writing’ or
must be ‘signed’.
2) How do we ensure that a person we have never met face to face is the person
he claims to be? This is the problem of ‘identification’ or ‘authentication’.
3) How do we ensure that one party (or a hacker in a communications stream)
has not changed the content of a document? This is the question of ‘integrity’.
4) How do we prevent someone from denying an electronic contract by claiming
that he never sent the message, arguing, for example, someone else was
impersonating to be him online? This is the problem of ‘non-repudiation’,
make sure that a party cannot deny or repudiate an agreement.
These problems can be solved by law associated with security technologies.
Back to the e-learning realm today, people immersed in a changing environment
need to adapt rapidly their knowledge. As a result, traditional learning systems must
evolve and readapt to meet social requirements and be able to face an extensive,
massive and diversified learning demand. E-learning could be a solution to this
problem (Núria et al., 2001).
In Vietnam, e-learning is considering as an opportunity to socialize education,
contribute to enhancing intellectual standards of the people, and provide the
manpower for the modernization and industrialization process of the country. Elearning
becomes a channel that supplements and associates with current education
systems. There are many universities, colleges or schools have already established or
in the process of establishing e-learning system.
By establishing a new e-learning system, the National Economics University in
Vietnam (NEU) has been taking advantage of nearly ubiquitous access to personal
computing resources and connectivity provided via Internet. It offers students with
new access to academic programs and student services. The largest remaining problem
with doing serious work in e-learning over Internet that is its current anonymous
nature and the corresponding lack of accountability. Rapid developments in e-learning
pose a growing need for online security and authentication. To be a successful
education platform and meet the university online business goals, the e-learning
system should be a highly secure performance and trusted environment.
Scope of Research
The research is examining security issues on e-learning system that deployed at NEU.
A benefit of this analysis is material that could enhance NEU e-learning environment
more secure by adding up-to-date information and providing real life case studies to
the sub-project “Building and Developing E-learning at the National Economic
University” (Dat, 2006) under the Higher Education Project (HEP)1 - funded by World
Bank, for the project member’s interest and discussion.
Purpose
The objectives of this thesis are to identify the security issues in e-learning so as to
assure that the system will support users’ tasks and make them more secure and trust
by applying digital signature technique via a secure model.
At present, NEU information system and its e-learning environment are facing
some adversities in attempting to secure its computer network infrastructure. There
exists an ever-growing challenge to try keeping pace with the security issues that arise
as technology changes. Even with NEU information systems were considered to
implement based on ISO 17799 (Chang et al., 2006), e-learning system still needs to
apply more security techniques. More and more users are becoming dependant on
computer technology. While this is a positive tool for universities to exchange data in
this manner, it also leaves the teachers and students vulnerable to attacks by malicious
and unauthorized users.
This thesis ponders the problematic area, reviewing the elements of digital
signatures, message authentication and considers the ways in applying digital
signature to NEU e-learning system.
Therefore, this thesis puts forward a digital signature technology solution
associated with the security management of the NEU e-learning system. Once digital
signature was applied to NEU e-learning operations, it will bring in protecting elearning
system against fraudulent transmissions and establish the authenticity of the
e-learning contents. Digital signature also provides a way to guarantee that the sender
of a message cannot later deny having sent the message and that the recipient cannot
refuse having received the message. With digital signature, NEU students have much
more confidence in learning activities when they can rely on the trusted system.
Research Methodology
To be sure, e-learning system is dealing with authorized users; a scheme to identify
oneself in the digital world must exist. Digital signature technology can play this role.
A digital signature is data appended to or included within a message that attests to
both the identity of the document’s sender and the content of the message (Alan,
2007). Digital signature tries to assure both the integrity of a message and also provide
proof that a message came from a specific sender. Digital signatures are implemented
through public key encryption and used to verify the origin and contents of a message.
Two separate but interrelated ‘keys’ carry out this process of encryption and
decryption. One party in the transactions holds the secret key (or private key), and the
other party holds the public key or the key with wide access. A digital signature
satisfies all the functions, such as authenticity, non-repudiation, and security of a
handwritten signature (Gelboard, 2000).
Thus, ‘signature’ can be viewed as a means of authentication and can be owned
by an individual. While using this technology, there must be third party involvement
- 5 -
to handle the liability issues that may be raised by bilateral transactions. However, in
practice, this is very complicated. Among other things, it requires some root of trust:
somewhere in the system, there must be one or more trusted parties that can certify,
using encryption, and others. This trusted party is called Certificate Authority (CA).
Digital certificates provide the basis for secure electronic transactions. As they
enable all participants in a transaction to quickly and easily verify the identity of the
other participants. They are digitally signed and issued by a CA, which verifies that
the public key attached to the certificate belongs to the party stated. Digital signature
can authenticate a person’s identify, bind the identity of a person with the contents of
a document, and prove the integrity of the document that often transmit in an
information system.
Since the Vietnam laws on E-Transactions, the Trade Law and the Civil Code
took effect, a legal framework has been created for electronic transactions and ecommerce
activities to develop positively. With this existing legal framework and the
rapid emergence of technologies, this thesis will focus on the roles of digital signature
in e-learning operations in order to build a secure model for NEU e-learning system.
[attachment=37042]
Introduction
Relevance of the Study
E-learning is attaining significance in the Internet world due to the obvious
advantages of ubiquitous learning, engaging learners - anytime, anywhere, on any
device to reach the unreachable (Babu, 2001).
E-learning can be considered a special form of e-business. E-commerce can be
defined from the several perspectives of e-business such as communication,
commercial, business process, service, learning, collaborative and community. From
learning perspective, e-commerce is an enable of online training and education in
schools, universities and other organizations, including business (Turban et al., 2006).
Look back to the term of e-commerce, e-learning is widely used in different
ways; for example, understands e-learning as “the convergence of the Internet and
learning, or “the use of network technologies to create, foster, deliver, and facilitate
learning, anytime and anywhere” or “the delivery of individualized, comprehensive,
dynamic learning content in real time, adding the development of communities of
knowledge, linking learners and practitioners with experts” (LineZine, 2003).
Clearly, e-commerce mainly refers to commerce conducted via electronic
networks and e-learning therefore has strong ties with communication networks
(Weippl, 2005a).
The growth of e-learning in recent years has not been as robust as expected for
several reasons. One of these is undoubtedly the inability to ensure security and online
authentication in online learning environment (Boaz, 2003). Since the Internet is
prone to various types of security breaches, the discussion of robust and authenticated
e-learning operations are incomplete without consideration of security as a main
aspect of ‘online signature’ or digital signature (Shiralkar, 2003).
Many emerging technologies are being developed to provide online
authentication. One may consider a digital signature as a type of electronic
authentication (Shiralkar, 2003).
Digital signatures enable people to sign digital documents by providing the properties
of a handwritten signature. They must fulfill the five compelling attributes of
handwritten signatures such as authentic, unforgeable, not reusable, unalterable, and
cannot be repudiated (Schneier, 1996). In the case of handwritten signatures, both the
signature and the document are physical things, which make it difficult for the ‘signer’
to claim the signature is not their own. In order to provide a secure digital signature
scheme, these attributes must be satisfied (Tulu et al., 2004).
Transactions between users over the Internet require protocols to provide secrecy
and authentication of both the sender’s identity and the content of the message (Alan,
2007). One issue frequently arises as organizations seek to promote e-learning or ecommerce
is the validity of electronic transactions and other electronic documents.
This issue has some aspects (James, 2003):
1) Is an agreement valid and binding if it is made by e-mail or at a Web site?
In many countries, the law requires contracts or forms must be ‘in writing’ or
must be ‘signed’.
2) How do we ensure that a person we have never met face to face is the person
he claims to be? This is the problem of ‘identification’ or ‘authentication’.
3) How do we ensure that one party (or a hacker in a communications stream)
has not changed the content of a document? This is the question of ‘integrity’.
4) How do we prevent someone from denying an electronic contract by claiming
that he never sent the message, arguing, for example, someone else was
impersonating to be him online? This is the problem of ‘non-repudiation’,
make sure that a party cannot deny or repudiate an agreement.
These problems can be solved by law associated with security technologies.
Back to the e-learning realm today, people immersed in a changing environment
need to adapt rapidly their knowledge. As a result, traditional learning systems must
evolve and readapt to meet social requirements and be able to face an extensive,
massive and diversified learning demand. E-learning could be a solution to this
problem (Núria et al., 2001).
In Vietnam, e-learning is considering as an opportunity to socialize education,
contribute to enhancing intellectual standards of the people, and provide the
manpower for the modernization and industrialization process of the country. Elearning
becomes a channel that supplements and associates with current education
systems. There are many universities, colleges or schools have already established or
in the process of establishing e-learning system.
By establishing a new e-learning system, the National Economics University in
Vietnam (NEU) has been taking advantage of nearly ubiquitous access to personal
computing resources and connectivity provided via Internet. It offers students with
new access to academic programs and student services. The largest remaining problem
with doing serious work in e-learning over Internet that is its current anonymous
nature and the corresponding lack of accountability. Rapid developments in e-learning
pose a growing need for online security and authentication. To be a successful
education platform and meet the university online business goals, the e-learning
system should be a highly secure performance and trusted environment.
Scope of Research
The research is examining security issues on e-learning system that deployed at NEU.
A benefit of this analysis is material that could enhance NEU e-learning environment
more secure by adding up-to-date information and providing real life case studies to
the sub-project “Building and Developing E-learning at the National Economic
University” (Dat, 2006) under the Higher Education Project (HEP)1 - funded by World
Bank, for the project member’s interest and discussion.
Purpose
The objectives of this thesis are to identify the security issues in e-learning so as to
assure that the system will support users’ tasks and make them more secure and trust
by applying digital signature technique via a secure model.
At present, NEU information system and its e-learning environment are facing
some adversities in attempting to secure its computer network infrastructure. There
exists an ever-growing challenge to try keeping pace with the security issues that arise
as technology changes. Even with NEU information systems were considered to
implement based on ISO 17799 (Chang et al., 2006), e-learning system still needs to
apply more security techniques. More and more users are becoming dependant on
computer technology. While this is a positive tool for universities to exchange data in
this manner, it also leaves the teachers and students vulnerable to attacks by malicious
and unauthorized users.
This thesis ponders the problematic area, reviewing the elements of digital
signatures, message authentication and considers the ways in applying digital
signature to NEU e-learning system.
Therefore, this thesis puts forward a digital signature technology solution
associated with the security management of the NEU e-learning system. Once digital
signature was applied to NEU e-learning operations, it will bring in protecting elearning
system against fraudulent transmissions and establish the authenticity of the
e-learning contents. Digital signature also provides a way to guarantee that the sender
of a message cannot later deny having sent the message and that the recipient cannot
refuse having received the message. With digital signature, NEU students have much
more confidence in learning activities when they can rely on the trusted system.
Research Methodology
To be sure, e-learning system is dealing with authorized users; a scheme to identify
oneself in the digital world must exist. Digital signature technology can play this role.
A digital signature is data appended to or included within a message that attests to
both the identity of the document’s sender and the content of the message (Alan,
2007). Digital signature tries to assure both the integrity of a message and also provide
proof that a message came from a specific sender. Digital signatures are implemented
through public key encryption and used to verify the origin and contents of a message.
Two separate but interrelated ‘keys’ carry out this process of encryption and
decryption. One party in the transactions holds the secret key (or private key), and the
other party holds the public key or the key with wide access. A digital signature
satisfies all the functions, such as authenticity, non-repudiation, and security of a
handwritten signature (Gelboard, 2000).
Thus, ‘signature’ can be viewed as a means of authentication and can be owned
by an individual. While using this technology, there must be third party involvement
- 5 -
to handle the liability issues that may be raised by bilateral transactions. However, in
practice, this is very complicated. Among other things, it requires some root of trust:
somewhere in the system, there must be one or more trusted parties that can certify,
using encryption, and others. This trusted party is called Certificate Authority (CA).
Digital certificates provide the basis for secure electronic transactions. As they
enable all participants in a transaction to quickly and easily verify the identity of the
other participants. They are digitally signed and issued by a CA, which verifies that
the public key attached to the certificate belongs to the party stated. Digital signature
can authenticate a person’s identify, bind the identity of a person with the contents of
a document, and prove the integrity of the document that often transmit in an
information system.
Since the Vietnam laws on E-Transactions, the Trade Law and the Civil Code
took effect, a legal framework has been created for electronic transactions and ecommerce
activities to develop positively. With this existing legal framework and the
rapid emergence of technologies, this thesis will focus on the roles of digital signature
in e-learning operations in order to build a secure model for NEU e-learning system.