An Approach for Adapting Moodle into a Secure Infrastructure

  • Jesus Diaz
  • David Arroyo
  • Francisco B. Rodriguez
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6694)

Abstract

Moodle is one of the most popular open source e-learning platforms. It makes available a very easy-to-deploy environment, which once installed, is ready to be used. These two characteristics, make it a very attractive choice. But regarding information security and privacy, it presents several and important drawbacks. This is mainly due to the fact that it leaves the most serious tasks, like server configuration or access control in the hands of the system administrator or third-party module developers. This approach is understandable, as is that very fact what makes Moodle easy and therefore attractive. The aim of this paper is not to discredit this option, but to enhance it by means of standard cryptographic and information security infrastructures. We focus in the registration process, which ends with the distribution of a user certificate. To link the users’ real identity with their virtual one, we have taken an approach that merges EBIAS (Email Based Identification and Authentication System) with a kind of challenge-response method involving secure pseudo random number generation based in a fast chaos-based Pseudo Random Number Generator.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adida, B., Chau, D., Hohenberger, S., Rivest, R.L.: Lightweight email signatures (2006)Google Scholar
  2. 2.
    Aïmeur, E., Hage, H., Onana, F.S.M.: Anonymous credentials for privacy-preserving e-learning. In: Proceedings of the 2008 International MCETECH Conference on e-Technologies, pp. 70–80. IEEE Computer Society, Washington, DC, USA (2008), http://portal.acm.org/citation.cfm?id=1397754.1397777 Google Scholar
  3. 3.
    Alvarez, G., Li, S.: Some basic cryptographic requirements for chaos-based cryptosystems. Int. J. Bifurc. Chaos 16(8), 2129–2151 (2006)MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Amigó, J.M.: Chaos-based cryptography. In: Kocarev, L., Galias, Z., Lian, S. (eds.) Chaos-based cryptography, pp. 291–314. Springer, Heidelberg (2009)Google Scholar
  5. 5.
    Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley Publishing, Chichester (2008)Google Scholar
  6. 6.
    Arroyo, D., Alvarez, G., Amigó, J.M., Li, S.: Cryptanalysis of a family of self-synchronizing chaotic stream ciphers. Communications in Nonlinear Science and Numerical Simulation 16(2), 805–813 (2011), http://arxiv.org/abs/0903.2928 MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Arroyo, D., Rhouma, R., Alvarez, G., Li, S., Fernandez, V.: On the security of a new image encryption scheme based on chaotic map lattices. Chaos: An Interdisciplinary Journal of Nonlinear Science 18, 033112, 7 pages (2008)CrossRefGoogle Scholar
  8. 8.
    Borcea, K., Donker, H., Franz, E., Pfitzmann, A., Wahrig, H.: Towards privacy-aware eLearning. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 167–178. Springer, Heidelberg (2006), http://dx.doi.org/10.1007/11767831_11 CrossRefGoogle Scholar
  9. 9.
    Cross, M.: Web Application Security. Syngress Publishing Inc. (2007)Google Scholar
  10. 10.
    Garfinkel, S.L.: Email-based identification and authentication: An alternative to PKI? IEEE Security and Privacy 1, 20–26 (2003), http://portal.acm.org/citation.cfm?id=1435589.1435788 CrossRefGoogle Scholar
  11. 11.
    Guitart, J., Carrera, D., Beltran, V., Torres, J., Ayguadé, E.: Designing an overload control strategy for secure e-commerce applications. Comput. Netw. 51, 4492–4510 (2007), http://portal.acm.org/citation.cfm?id=1284912.1285118 CrossRefGoogle Scholar
  12. 12.
    Kumar, S., Dutta, K.: Investigation on security in LMS moodle. International Journal of Information Technology and Knowledge Management 4, 223–238 (2011)Google Scholar
  13. 13.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)MATHGoogle Scholar
  14. 14.
    Moore, J., Churchward, M.: Moodle 1.9 Extension Development. Packt Publishing (2010)Google Scholar
  15. 15.
    Oppliger, R.: SSL and TSL: Theory and practice. Arthec House, Boston (2009)Google Scholar
  16. 16.
    Orue, A.B., Álvarez, G., Guerra, A., Pastor, G., Romera, M., Montoya, F.: Trident, a new pseudo random number generator based on coupled chaotic maps. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á., et al. (eds.) Computational Intelligence in Security for Information Systems 2010. Advances in Intelligent and Soft Computing, vol. 85, pp. 183–190. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Pfitzmann, B., Sadeghi, A.-R.: Anonymous fingerprinting with direct non-repudiation. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 401–414. Springer, Heidelberg (2000), http://portal.acm.org/citation.cfm?id=647096.716985 CrossRefGoogle Scholar
  18. 18.
    Pfleeger, C.P., Pfleeger, S.L.: Security in computing, 3rd edn. Pearson Educatin Inc., London (2003)MATHGoogle Scholar
  19. 19.
    Raitman, R., Ngo, L., Augar, N.: Security in the online e-learning environment. In: Proceedings of the Fifth IEEE International Conference on Advanced Learning Technologies, ICALT 2005, pp. 702–706. IEEE Computer Society, Washington, DC, USA (2005), http://dx.doi.org/10.1109/ICALT.2005.236 Google Scholar
  20. 20.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985), http://portal.acm.org/citation.cfm?id=19478.19483 CrossRefGoogle Scholar
  21. 21.
    Stapic, Z., Orehovacki, T., Danic, M.: Determination of optimal security settings for LMS moodle. In: 31st International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO (2008)Google Scholar
  22. 22.
    Stoneburner, G., Hayden, C., Feringa, A.: Nist special publication 800-27: Engineering principles for information technology security (a baseline for achieving security). Tech. rep., National Institute Standards and Technology (2001)Google Scholar
  23. 23.
    Weippl, E.: Security in E-Learning. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Jesus Diaz
    • 1
  • David Arroyo
    • 1
  • Francisco B. Rodriguez
    • 1
  1. 1.Grupo de Neurocomputacion Biologica, Departamento de Ingenieria Informatica, Escuela Politecnica SuperiorUniversidad Autonoma de MadridSpain

Personalised recommendations