towards a secure copyright protection infrastructure for e-education material: principles learned...
TRANSCRIPT
Towards a Secure Copyright Protection Towards a Secure Copyright Protection Infrastructure for e-Education Material: Infrastructure for e-Education Material:
Principles learned from ExperiencePrinciples learned from Experience
AuthorsAuthors: J. C. K. Yau : J. C. K. Yau et alet al..
SubmissionSubmission: International Journal of Network Security: International Journal of Network Security
ReporterReporter: Chun-Ta Li: Chun-Ta Li
2 2
Outline
• IntroductionIntroduction
• Particularities of e-Course DeliveryParticularities of e-Course Delivery
• Existing Copyright Protection SystemsExisting Copyright Protection Systems
• Our Copyright Protection Infrastructure – eCXOur Copyright Protection Infrastructure – eCX
• Security of eCXSecurity of eCX
• ConclusionConclusion
• CommentsComments
3 3
IntroductionIntroduction• e-Educatione-Education• Security concerns of e-EducationSecurity concerns of e-Education
– Registered students infringing the copyrightsRegistered students infringing the copyrights– Confidentiality of user personal informationConfidentiality of user personal information– Course material copyright protectionCourse material copyright protection
• SPACE Online Universal Learning (SOUL) Project SPACE Online Universal Learning (SOUL) Project (Hong Kong University)(Hong Kong University)– e-Course eXchange – e-Course eXchange – eCXeCX infrastructure infrastructure
• Present the experience and share with readersPresent the experience and share with readers
4 4
Particularities of e-Course DeliveryParticularities of e-Course Delivery
• Download the e-Course materialDownload the e-Course material onto student’s onto student’s computers and view the material offline computers and view the material offline– They are not always connected to the InternetThey are not always connected to the Internet– Many Internet providers are charging their users Many Internet providers are charging their users
based on connection time based on connection time– Not all of the students enjoy high bandwidthNot all of the students enjoy high bandwidth
• It gives great worries to copyright owners of It gives great worries to copyright owners of the materials the materials
5 5
Existing Copyright Protection SystemsExisting Copyright Protection Systems
• eBook solutionseBook solutions– Support only text-based materialsSupport only text-based materials
– Offering limited support for graphicsOffering limited support for graphics
– Less support for audio and video materialsLess support for audio and video materials
– Tightly coupled with physical appliancesTightly coupled with physical appliances
• Major computer technology vendors have been Major computer technology vendors have been joining hands to foster solutions to the problemjoining hands to foster solutions to the problem– Mostly for the storage and the transmission of valuable Mostly for the storage and the transmission of valuable
material material
– Tend to serve contents of specific domainsTend to serve contents of specific domains
6 6
Our Copyright Protection Infrastructure – eCXOur Copyright Protection Infrastructure – eCX• The SOUL PlatformThe SOUL Platform
– e-Course is being transmitted between the three software suitese-Course is being transmitted between the three software suites
– e-Course is stored in the computer of the participantse-Course is stored in the computer of the participants
– e-Education participants access the e-Course on their computerse-Education participants access the e-Course on their computers
Transmission: PKI or SSL
AuthorseCX ServerStudents
Protection
7 7
Our Copyright Protection Infrastructure – eCX Our Copyright Protection Infrastructure – eCX (cont.)(cont.)
• What is an e-Course?What is an e-Course?– It includes material of different media typesIt includes material of different media types– Web-enabled presentations that involve browser Web-enabled presentations that involve browser
plug-ins (e.g., Flash, Java Applets etc.)plug-ins (e.g., Flash, Java Applets etc.)– An e-Course should all reside within a single An e-Course should all reside within a single
directory tree directory tree• Personal ClassroomPersonal Classroom
– Downloading e-CoursesDownloading e-Courses– Viewing e-CoursesViewing e-Courses
8 8
Our Copyright Protection Infrastructure – eCX Our Copyright Protection Infrastructure – eCX (cont.)(cont.)
• Personal ClassroomPersonal Classroom– e-Course (Offline-online Course)e-Course (Offline-online Course)
• Course Package (encrypted files)Course Package (encrypted files)
• Course Voucher (decryption key)Course Voucher (decryption key)
– Hardware ProfileHardware Profile• A snapshot of the configuration of the student’s computerA snapshot of the configuration of the student’s computer
• It is It is stored in the Computer Licensestored in the Computer License of the student’s computer of the student’s computer
• It contains various information including student’s personal It contains various information including student’s personal information information
9 9
Our Copyright Protection Infrastructure – eCX Our Copyright Protection Infrastructure – eCX (cont.)(cont.)• Personal ClassroomPersonal Classroom
– DownloaderDownloader
10 10
Our Copyright Protection Infrastructure – eCX Our Copyright Protection Infrastructure – eCX (cont.)(cont.)• Personal ClassroomPersonal Classroom
– Viewing e-CoursesViewing e-Courses
11 11
Security of eCX (cont.)Security of eCX (cont.)
• The Danger of an Un-secure ReaderThe Danger of an Un-secure Reader– The save function of web browser to obtain copies of the The save function of web browser to obtain copies of the
material material
– eCX built a eCX built a customized web browsercustomized web browser
• Capturing of Localhost TrafficCapturing of Localhost Traffic– Securing the communication between the customized web Securing the communication between the customized web
browser and the client-side web server browser and the client-side web server
– Not all OS permit the capturing of localhost communicationNot all OS permit the capturing of localhost communication
– Using some secure communication protocol (SSL or Using some secure communication protocol (SSL or HTTTPS)HTTTPS)
12 12
Security of eCX (cont.)Security of eCX (cont.)
• Reverse EngineeringReverse Engineering– Crackers can reverse engineer Personal Classroom Crackers can reverse engineer Personal Classroom
and illegally make copies of downloaded e-Coursesand illegally make copies of downloaded e-Courses– The integrity of important file are checked before The integrity of important file are checked before
they are loaded they are loaded– Sensitive information that must be hard-coded are Sensitive information that must be hard-coded are
stored in their encrypted form and decrypted only stored in their encrypted form and decrypted only when they are in usewhen they are in use
13 13
Security of eCX (cont.)Security of eCX (cont.)
• Virtual Machine AttackVirtual Machine Attack– Installing the Personal Classroom onto virtual Installing the Personal Classroom onto virtual
machine machine– Downloading e-Course onto virtual machineDownloading e-Course onto virtual machine– Adversary can redistribute the whole virtual Adversary can redistribute the whole virtual
machine to others machine to others– This is in fact a very hard to solve problemThis is in fact a very hard to solve problem– Virtualization software itself is expensive and Virtualization software itself is expensive and
can’t be easily comprehended by general or can’t be easily comprehended by general or inexperienced users inexperienced users
14 14
ConclusionConclusion
• We introduce our solution, called e-Course eXchange We introduce our solution, called e-Course eXchange (eCX)(eCX)– Local copy of the e-Course material in their own Local copy of the e-Course material in their own
computer computer– Difficult for making illegal copies of the materialDifficult for making illegal copies of the material– Reverse engineering attacks / Virtual machinesReverse engineering attacks / Virtual machines
15 15
CommentsComments
• Evaluation of PaperEvaluation of Paper– Sound but dullSound but dull
• RecommendationRecommendation– RejectReject
• How to avoid the attack that a intruder intercepts the data How to avoid the attack that a intruder intercepts the data when the student downloads packages from eCX serverwhen the student downloads packages from eCX server
• It seems no solutions to avoid those attacks in the paperIt seems no solutions to avoid those attacks in the paper
• It must compare with some security considerations It must compare with some security considerations proposed by Furnell et al. to convince that the proposed proposed by Furnell et al. to convince that the proposed infrastructure is secure against a variety of attacks infrastructure is secure against a variety of attacks