An information security model based on trustworthiness for enhancing security in on-line collaborative learning

L'objectiu principal d'aquesta tesi és incorporar propietats i serveis de la seguretat en sistemes d'informació en l'aprenentatge col·laboratiu en línia, seguint un model funcional basat en la valoració i predicció de la confiança. Aquesta tesi estableix com a punt de partença el disseny d'una solució de seguretat innovadora, basada en una metodologia pròpia per a oferir als dissenyadors i gestors de l'e-learning les línies mestres per a incorporar mesures de seguretat en l'aprenentatge col·laboratiu en línia. Aquestes guies cobreixen tots els aspectes sobre el disseny i la gestió que s'han de considerar en els processos relatius a l'e-learning, entre altres l'anàlisi de seguretat, el disseny d'activitats d'aprenentatge, la detecció d'accions anòmales o el processament de dades sobre confiança. La temàtica d'aquesta tesi té una naturalesa multidisciplinària i, al seu torn, les diferents disciplines que la formen estan íntimament relacionades. Les principals disciplines de què es tracta en aquesta tesi són l'aprenentatge col·laboratiu en línia, la seguretat en sistemes d'informació, els entorns virtuals d'aprenentatge (EVA) i la valoració i predicció de la confiança. Tenint en compte aquest àmbit d'aplicació, el problema de garantir la seguretat en els processos d'aprenentatge col·laboratiu en línia es resol amb un model híbrid construït sobre la base de solucions funcionals i tecnològiques, concretament modelatge de la confiança i solucions tecnològiques per a la seguretat en sistemes d'informació.El principal objetivo de esta tesis es incorporar propiedades y servicios de la seguridad en sistemas de información en el aprendizaje colaborativo en línea, siguiendo un modelo funcional basado en la valoración y predicción de la confianza. Esta tesis establece como punto de partida el diseño de una solución de seguridad innovadora, basada en una metodología propia para ofrecer a los diseñadores y gestores del e-learning las líneas maestras para incorporar medidas de seguridad en el aprendizaje colaborativo en línea. Estas guías cubren todos los aspectos sobre el diseño y la gestión que hay que considerar en los procesos relativos al e-learning, entre otros el análisis de la seguridad, el diseño de actividades de aprendizaje, la detección de acciones anómalas o el procesamiento de datos sobre confianza. La temática de esta tesis tiene una naturaleza multidisciplinar y, a su vez, las diferentes disciplinas que la forman están íntimamente relacionadas. Las principales disciplinas tratadas en esta tesis son el aprendizaje colaborativo en línea, la seguridad en sistemas de información, los entornos virtuales de aprendizaje (EVA) y la valoración y predicción de la confianza. Teniendo en cuenta este ámbito de aplicación, el problema de garantizar la seguridad en los procesos de aprendizaje colaborativo en línea se resuelve con un modelo híbrido construido en base a soluciones funcionales y tecnológicas, concretamente modelado de la confianza y soluciones tecnológicas para la seguridad en sistemas de información.This thesis' main goal is to incorporate information security properties and services into online collaborative learning using a functional approach based on trustworthiness assessment and prediction. As a result, this thesis aims to design an innovative security solution, based on methodological approaches, to provide e-learning designers and managers with guidelines for incorporating security into online collaborative learning. These guidelines include all processes involved in e-learning design and management, such as security analysis, learning activity design, detection of anomalous actions, trustworthiness data processing, and so on. The subject of this research is multidisciplinary in nature, with the different disciplines comprising it being closely related. The most significant ones are online collaborative learning, information security, learning management systems (LMS), and trustworthiness assessment and prediction models. Against this backdrop, the problem of securing collaborative online learning activities is tackled by a hybrid model based on functional and technological solutions, namely, trustworthiness modelling and information security technologies

A data visualization approach for trustworthiness in social networks for on-line learning

(c) 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.Up to now, the problem of ensuring collaborative activities in e-Learning against dishonest students' behaviour has been mainly tackled with technological security solutions. Over the last years, technological security solutions have evolved from isolated security approaches based on specific properties, such as privacy, to holistic models based on technological security comprehensive solutions, such as public key infrastructures, biometric models and multidisciplinary approaches from different research areas. Current technological security solutions are feasible in many e-Learning scenarios but on-line assessment involves certain requirements that usually bear specific security challenges related to e-Learning design. In this context, even the most advanced and comprehensive technological security solutions cannot cope with the whole scope of e-Learning vulnerabilities. To overcome these deficiencies, our previous research aimed at incorporating information security properties and services into on-line collaborative e-Learning by a functional approach based on trustworthiness assessment and prediction. In this paper, we present a peer-to-peer on-line assessment approach carried out in a real on-line course developed in our real e-Learning context of the Open University of Catalonia. The design presented in this paper is conducted by our trustworthiness security methodology with the aim of building peer-to-peer collaborative activities, which enhances security e-Learning requirements. Eventually, peer-to-peer visualizations methods are proposed to manage security e-Learning events, as well as on-line visualization through peer-to-peer tools, intended to analyse collaborative relationship.Peer Reviewe

Security and Usability of Authentication by Challenge Questions in Online Examination

Online examinations are an integral component of many online learning environments and a high-stake process for students, teachers and educational institutions. They are the target of many security threats, including intrusion by hackers and collusion. Collu-sion happens when a student invites a third party to impersonate him/her in an online test, or to abet with the exam questions. This research proposed a profile-based chal-lenge question approach to create and consolidate a student’s profile during the learning process, to be used for authentication in the examination process. The pro-posed method was investigated in six research studies using a usability test method and a risk-based security assessment method, in order to investigate usability attributes and security threats. The findings of the studies revealed that text-based questions are prone to usability issues such as ambiguity, syntactic variation, and spelling mistakes. The results of a usability analysis suggested that image-based questions are more usable than text-based questions (p < 0.01). The findings identified that dynamic profile questions are more efficient and effective than text-based and image-based questions (p < 0.01). Since text-based questions are associated with an individual’s personal information, they are prone to being shared with impersonators. An increase in the numbers of chal-lenge questions being shared showed a significant linear trend (p < 0.01) and increased the success of an impersonation attack. An increase in the database size decreased the success of an impersonation attack with a significant linear trend (p < 0.01). The security analysis of dynamic profile questions revealed that an impersonation attack was not successful when a student shared credentials using email asynchronously. However, a similar attack was successful when a student and impersonator shared information in real time using mobile phones. The response time in this attack was significantly different when a genuine student responded to his challenge questions (p < 0.01). The security analysis revealed that the use of dynamic profile questions in a proctored exam can influence impersonation and abetting. This view was supported by online programme tutors in a focus group study