Information Technology Reference
In-Depth Information
An Approach for Adapting Moodle into a Secure
Infrastructure
Jesus Diaz, David Arroyo, and Francisco B. Rodriguez
Grupo de Neurocomputacion Biologica, Departamento de Ingenieria Informatica,
Escuela Politecnica Superior, Universidad Autonoma de Madrid
{j.diaz,david.arroyo,f.rodriguez}@uam.es
Abstract.
Moodle is one of the most popular open source e-learning
platforms. It makes available a very easy-to-deploy environment, which
once installed, is ready to be used. These two characteristics, make it a
very attractive choice. But regarding information security and privacy,
it presents several and important drawbacks. This is mainly due to the
fact that it leaves the most serious tasks, like server configuration or
access control in the hands of the system administrator or third-party
module developers. This approach is understandable, as is that very fact
what makes Moodle easy and therefore attractive. The aim of this paper
is not to discredit this option, but to enhance it by means of standard
cryptographic and information security infrastructures. We focus in the
registration process, which ends with the distribution of a user certificate.
To link the users' real identity with their virtual one, we have taken an
approach that merges EBIAS (Email Based Identification and Authenti-
cation System) with a kind of challenge-response method involving secure
pseudo random number generation based in a fast chaos-based Pseudo
Random Number Generator.
1
Introduction
Moodle is one of the most popular e-learning platforms, due to its easy installa-
tion and deployment. Nevertheless, a standard Moodle installation encloses some
security and privacy drawbacks (see [21,12]). To avoid them, we present a regis-
tration protocol that allows the incorporation of a PKI into a Moodle platform.
In this scenario, any user can use the cryptographic funcionalities of his/her per-
sonal certificate. Additionally, an important challenge for interactive systems is
to make the underlying security infrastructure as invisible as possible. Indeed,
security cannot be achieved at the cost of ease of use [22, Principle 6]. One could
make a perfectly secure tool, but if the human interface is not easy to use, nobody
will employ it. Even worst, someone could use it incorrectly leading to a false
This work was supported by the UAM projects of Teaching Innovation and the
Spanish Government projects TIN2010-19607. The work of David Arroyo was sup-
ported by a Juan de la Cierva fellowship from the Ministerio de Ciencia e InnovaciĆ³n
of Spain, and by the Ministerio de Ciencia e InnovaciĆ³n of Spain project CUCO
(MTM2008-02194).
Search WWH ::
Custom Search