Towards a Secure Copyright Protection Infrastructure for e-Education Material: Principles learned from Experience Authors: J. C. K. Yau et al. Submission:

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

Chapter 17: WEB COMPONENTS

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Video Streaming in the Lee Library Present and Future.

Security Issues and Challenges in Cloud Computing

1 Chapter 9 The Internet in Business: Corporations, Businesses, and Entrepreneurs.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

A. Frank 1 Internet Resources Discovery (IRD) Peer-to-Peer (P2P) Technology (1) Thanks to Carmit Valit and Olga Gamayunov.

1 Software Testing and Quality Assurance Lecture 32 – SWE 205 Course Objective: Basics of Programming Languages & Software Construction Techniques.

Virtual Private Networking Karlene R. Samuels COSC513.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Presented By: Andy Balderson – Product Manager Ethernet, Internet, Wireless or Fiber - Distribute your HMI Application Over IP Networks Farther ! The Web.

Internet GIS. A vast network connecting computers throughout the world Computers on the Internet are physically connected Computers on the Internet use.

Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.

Exchange metering information of Elia through FTP or ECP? Why is Elia proposing 2 different protocols and what are the advantages of both protocols.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 5: Multimedia on the Web.

Technology Coordinators Training. Confidential Copyright © 2007 Pearson Education, Inc. and/or one or more of its direct or indirect affiliates. All rights.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

VPN: An Easy Software / Appliance Solution for Remote Access Robert Gulick, EdD DBA/Technology Trainer Parma City School District

Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.

14 Publishing a Web Site Section 14.1 Identify the technical needs of a Web server Evaluate Web hosts Compare and contrast internal and external Web hosting.

Copyright © Allyn & Bacon 2008 POWER PRACTICE Chapter 8 Using the Web for Teaching and Learning START This multimedia product and its contents are protected.

Cloud Computing 1. Outline  Introduction  Evolution  Cloud architecture  Map reduce operation  Platform 2.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Using Virtualization in the Classroom. Using Virtualization in the Classroom Session Objectives Define virtualization Compare major virtualization programs.

In the name of God :).

UEC 01 : Computer Skills & Programming Concepts I 1PUA – Computer Engineering Department – UEC01 – Dr. Mona Abou - Of Lecture 6: Applications Software.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

The Open Source Virtual Lab: a Case Study Authors: E. Damiani, F. Frati, D. Rebeccani, M. Anisetti, V. Bellandi and U. Raimondi University of Milan Department.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 1 1 Browser Basics Introduction to the Web and Web Browser Software Tutorial.

Types of Electronic Infection

Chapter 18 Technology in the Workplace Section 18.2 Internet Basics.

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.

Kiew-Hong Chua a.k.a Francis Computer Network Presentation 12/5/00.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Virtual Machines Created within the Virtualization layer, such as a hypervisor Shares the physical computer's CPU, hard disk, memory, and network interfaces.

Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Access : connection to the Internet account : an arrangement you have with a company or Internet provider to use a service they provide. browse : to look.

Web Design and Development for E-Business By Jensen J. Zhao Copyright 2003 Prentice Hall, Inc. Web Design and Development for E-Business Jensen J. Zhao.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

Microsoft Cloud Solution.  What is the cloud?  Windows Azure  What services does it offer?  How does it all work?  How to go about using it  Further.

Secure Transactions Chapter 17. The user's machine No control over security of user's machine –Might be in very insecure: library, school, &c. Users disable.

Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.

Office 365 is cloud- based productivity, hosted by Microsoft. Business-class Gain large, 50GB mailboxes that can send messages up to 25MB in size,

Page PearsonAccess™ Technology Training Online Test Configuration.

CLOUD COMPUTING When it's smarter to rent than to buy.. Presented by D.Datta Sai Babu 4 th Information Technology Tenali Engineering College.

1 Web Technologies Website Publishing/Going Live! Copyright © Texas Education Agency, All rights reserved.

Applications Software. Is a software used to carry out a particular task e.g. a game or word processor.

Glencoe Introduction to Multimedia Chapter 2 Multimedia Online 1 Internet A huge network that connects computers all over the world. Show Definition.

Unit 3 Virtualization.

Chapter 6: Securing the Cloud

Clinton A Jones Eastern Kentucky University Department of Technology

Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.

FICEER 2017 Docker as a Solution for Data Confidentiality Issues in Learning Management System.

Introduction to Networks

Section 14.1 Section 14.2 Identify the technical needs of a Web server

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

Web Servers (IIS and Apache)

Presentation transcript:

Towards a Secure Copyright Protection Infrastructure for e-Education Material: Principles learned from Experience Authors: J. C. K. Yau et al. Submission: International Journal of Network Security Reporter: Chun-Ta Li

2 2 Outline IntroductionIntroduction Particularities of e-Course DeliveryParticularities of e-Course Delivery Existing Copyright Protection SystemsExisting Copyright Protection Systems Our Copyright Protection Infrastructure – eCXOur Copyright Protection Infrastructure – eCX Security of eCXSecurity of eCX ConclusionConclusion CommentsComments

3 3 Introduction e-Educatione-Education Security concerns of e-EducationSecurity concerns of e-Education –Registered students infringing the copyrights –Confidentiality of user personal information –Course material copyright protection SPACE Online Universal Learning (SOUL) Project (Hong Kong University)SPACE Online Universal Learning (SOUL) Project (Hong Kong University) –e-Course eXchange – eCX infrastructure Present the experience and share with readersPresent the experience and share with readers

4 4 Particularities of e-Course Delivery Download the e-Course material onto student’s computers and view the material offlineDownload the e-Course material onto student’s computers and view the material offline –They are not always connected to the Internet –Many Internet providers are charging their users based on connection time –Not all of the students enjoy high bandwidth It gives great worries to copyright owners of the materialsIt gives great worries to copyright owners of the materials

5 5 Existing Copyright Protection Systems eBook solutionseBook solutions –Support only text-based materials –Offering limited support for graphics –Less support for audio and video materials –Tightly coupled with physical appliances Major computer technology vendors have been joining hands to foster solutions to the problemMajor computer technology vendors have been joining hands to foster solutions to the problem –Mostly for the storage and the transmission of valuable material –Tend to serve contents of specific domains

6 6 Our Copyright Protection Infrastructure – eCX The SOUL PlatformThe SOUL Platform –e-Course is being transmitted between the three software suites –e-Course is stored in the computer of the participants –e-Education participants access the e-Course on their computers Transmission: PKI or SSL AuthorseCX ServerStudents Protection

7 7 Our Copyright Protection Infrastructure – eCX (cont.) What is an e-Course?What is an e-Course? –It includes material of different media types –Web-enabled presentations that involve browser plug-ins (e.g., Flash, Java Applets etc.) –An e-Course should all reside within a single directory tree Personal ClassroomPersonal Classroom –Downloading e-Courses –Viewing e-Courses

8 8 Our Copyright Protection Infrastructure – eCX (cont.) Personal ClassroomPersonal Classroom –e-Course (Offline-online Course) Course Package (encrypted files)Course Package (encrypted files) Course Voucher (decryption key)Course Voucher (decryption key) –Hardware Profile A snapshot of the configuration of the student’s computerA snapshot of the configuration of the student’s computer It is stored in the Computer License of the student’s computerIt is stored in the Computer License of the student’s computer It contains various information including student’s personal informationIt contains various information including student’s personal information

9 9 Our Copyright Protection Infrastructure – eCX (cont.) Personal ClassroomPersonal Classroom –Downloader

10 Our Copyright Protection Infrastructure – eCX (cont.) Personal ClassroomPersonal Classroom –Viewing e-Courses

11 Security of eCX (cont.) The Danger of an Un-secure ReaderThe Danger of an Un-secure Reader –The save function of web browser to obtain copies of the material –eCX built a customized web browser Capturing of Localhost TrafficCapturing of Localhost Traffic –Securing the communication between the customized web browser and the client-side web server –Not all OS permit the capturing of localhost communication –Using some secure communication protocol (SSL or HTTTPS)

12 Security of eCX (cont.) Reverse EngineeringReverse Engineering –Crackers can reverse engineer Personal Classroom and illegally make copies of downloaded e-Courses –The integrity of important file are checked before they are loaded –Sensitive information that must be hard-coded are stored in their encrypted form and decrypted only when they are in use

13 Security of eCX (cont.) Virtual Machine AttackVirtual Machine Attack –Installing the Personal Classroom onto virtual machine –Downloading e-Course onto virtual machine –Adversary can redistribute the whole virtual machine to others –This is in fact a very hard to solve problem –Virtualization software itself is expensive and can’t be easily comprehended by general or inexperienced users

14 Conclusion We introduce our solution, called e-Course eXchange (eCX)We introduce our solution, called e-Course eXchange (eCX) –Local copy of the e-Course material in their own computer –Difficult for making illegal copies of the material –Reverse engineering attacks / Virtual machines

15 Comments Evaluation of PaperEvaluation of Paper –Sound but dull RecommendationRecommendation –Reject How to avoid the attack that a intruder intercepts the data when the student downloads packages from eCX serverHow to avoid the attack that a intruder intercepts the data when the student downloads packages from eCX server It seems no solutions to avoid those attacks in the paperIt seems no solutions to avoid those attacks in the paper It must compare with some security considerations proposed by Furnell et al. to convince that the proposed infrastructure is secure against a variety of attacksIt must compare with some security considerations proposed by Furnell et al. to convince that the proposed infrastructure is secure against a variety of attacks