Securing Electronic Portfolios
Patrick Lougheed, Robin Johnson, Mayo Jordanov, Brittney Bogyo, Vive
Kumar, and Jane Fee
[email protected]
29 October 2004
SIMON FRASER
UNIVERSITY SURREY
What kinds of security?
o End-to-end security
o Confidentiality of interactions
o Confidentiality of assessment
o Security of published portfolios
o Security of portfolio transfers
o Verification of artifact authenticity
SIMON FRASER
UNIVERSITY SURREY
End-to-end security
o Client <-> Server
o HTTP over SSL
o Server <-> Database
o Database connection over SSL (or SSH tunneled)
o Problem is now security at endpoints
o Client (unable to control)
o Server (able to control)
SIMON FRASER
UNIVERSITY SURREY
Database Security
o Largest vulnerability
o Possibly tens of thousands of users
o Stores assessment data
o Successful attacker can:
o Harvest of data
o Change marks
o Change interactions
o Administrators shouldn’t have access to
confidential data
o Therefore biggest target
SIMON FRASER
UNIVERSITY SURREY
Confidentiality of Interactions
o In assessment systems,
teacher/learner interactions should
be considered private
o Private only between teacher and learner
o Possibly made public upon approval of
both parties
SIMON FRASER
UNIVERSITY SURREY
Confidentiality of Assessment
o Minimally two way, more likely three
way; learner, teacher, person with
responsibility for marks
o An overseer, such as a principal or teacher-incharge
o Always private, never made public
o Marks need to be signed as well as encrypted
o Make sure they’re legitimate
SIMON FRASER
UNIVERSITY SURREY
Security of Published Portfolios
o One person may have multiple
published portfolios
o Presenting different material to different
intended audiences for different purposes
o For example: one published version for a job
application at Sun Microsystems; another for
an application at Microsoft; a third for
assessment purposes
o Need to make sure only certain audiences
can access certain portions
SIMON FRASER
UNIVERSITY SURREY
Security of Portfolio Transfers
o System-to-system direct transfers
o Easily secured
o Indirect transfers
o And archive of some sort is kept in
someone’s possession for an indefinite
period of time
o How do we know the portfolio hasn’t been
tampered with?
o When do we care?
SIMON FRASER
UNIVERSITY SURREY
Verification of Artifact
Authenticity
o Hardest problem of this set to solve
o Can we determine if an artifact:
o Was in fact created by the portfolio creator? (or
some portion of it, or they’re authorized for it….)
o Is an official document?
o Has been tampered with?
o Example: university transcript; off-line
methods of verification may not work in the
online world
SIMON FRASER
UNIVERSITY SURREY
How do we solve these
problems?
o End-to-end security
o SSL wrapping
o Database security
o Proper user authentication
o Database level encryption (not as easy as
it sounds)
o SSL
o Security of published portfolios
o Username/password authentication
SIMON FRASER
UNIVERSITY SURREY
The SPARC System
o Focus so far on database security
o Use of both public key encryption and
symmetric encryption
o Keyed on user’s password, so they don’t need to
remember anything new, and are less likely to
forget
o Data is encrypted to multiple people
simultaneously
o Everything encrypted with a master key, so
recovery from a lost password is trivial
SIMON FRASER
UNIVERSITY SURREY
The SPARC System
SIMON FRASER
UNIVERSITY SURREY
What problems are we left
with? Part 1
o Multiple recipient encryption
o Portfolios are the inverse of most traditional
encryption systems
o Not one-to-one or many-to-one
o Rather one-to-many
o RSA multiple-recipient public-key encryption
o Has been published academically - still potentially
problems with it
o Left with encrypting a single message multiple times
with multiple keys; does this pose a risk?
SIMON FRASER
UNIVERSITY SURREY
What problems are we left
with? Part 2
o Every user needs a key
o To encrypt data for a user, that user needs a key;
teachers also need a signing key to sign marks
o Leads to the possibility of gaining knowledge
about later keys if we know something about
earlier keys, assuming the system generates all
the keys
SIMON FRASER
UNIVERSITY SURREY
What problems are we left
with? Part 3
o Client verification
o For portfolio transfers…
o How do we find the people to transfer to?
o How do we know that the people we’re transferring to
are correctly identifying themselves?
o For viewing portfolios…
o How do we know people are who they say they are or
belong to the organization they say they do?
o Public Key Infrastructure!
o Downsides: expensive, many companies don’t have a PKI infrastructure,
most employees have no access to company’s keys
SIMON FRASER
UNIVERSITY SURREY
What problems are we left
with? Part 4
o Verification of authenticity
o How do we trace an artifact's history?
o Can we verify it came from a particular source?
o Need to be able to:
o Verify a signed artifact
o Verify an artifact's origin
o Verify the artifact hasn’t been tampered with
o Single biggest problem: just because it’s signed,
doesn’t mean it’s signed by the right people!
SIMON FRASER
UNIVERSITY SURREY
People Involved
o Patrick Lougheed
o [email protected]
o Brittney Bogyo
o [email protected]
o Robin Johnson
o [email protected]
o Mayo Jordanov
o [email protected]
o Henry Ng
o [email protected]
o Vive Kumar
o [email protected]
SIMON FRASER
UNIVERSITY SURREY