Information Technology Reference
In-Depth Information
feeling of security. Beyond the problem of usability, the need for security and
privacy improvements in e-learning systems has been studied in the last years
and considered as a very necessary and desirable property. In [19] the benefits of
a secured e-learning system are shown in an empirical test. This work compares
a secure environment against a non-secure one, concluding that a major users'
trust in the secured environment produced a higher participation. Nevertheless,
we want to emphasize that our proposal does not make a so extended Moodle
distribution an impenetrable fortress. However, it will enormously ease the task
of incorporating any cryptographic functionality into the platform. Actually, it
endorses an increase of the overall security of the system information, providing
the basic protocols to implement desired security requirements like demanding
from every user to sign every document he/she uploads to the system.
The rest of the paper is organized as follows: in Sec. 2 we introduce the context
in which our work has been developed, and the requirements to provide cryp-
tographic functionality in a proper way; in Sec. 3 we explain the main protocol
used for remote digital certificate distribution; finally, Sec. 4 will introduce some
basic functionality we have provided to a default Moodle distribution thanks to
the integration with a PKI, concluding with some potentially uses one could give
to it.
2 Description of Moodle's Default Framework and
Proposed Improvements
Moodle is an open source e-learning environment. Although the default distri-
bution comes ready to be used, its modular architecture is what makes it a
powerful and successful tool. This, together with being open source, makes pos-
sible to any third party developer to add new modules and extend Moodle's
functionality without the need of touching its “core”. Just by adding some basic
files and folders, one can add his own contribution to Moodle by copying them
into the corresponding directory. For the registration protocol proposed here, an
authentication module has been created. Also, for testing some basic function-
ality (digital signatures), new upload and quiz modules have been created. For
more information about Moodle's architecture, one can see the ocial Moodle's
webpage
1
or [14].
Regarding the main functionality we are dealing with, which is the regis-
tration process, Moodle has several registration modules available. Maybe, the
most used is the one called
email based authentication
, which allows users to be
registered in the system using their email address as identifier. With a default
Moodle installation, it is possible to enhance security by limiting the valid email
accounts to those pertaining to the organizational domain. A pure Email Based
Identification and Authentication System (EBIAS, see [10]) bases users registra-
tion solely in the assumption that if someone can access an email account, then
he is the legitimate owner of the email account. Its major advantage against
other authentication methods is the ease of use and the familiarity of users with
1
http://moodle.org
Search WWH ::
Custom Search