Towards a Secure Copyright Protection I
nfrastructure for e-Education Material: P
rinciples learned from Experience
Authors: J. C. K. Yau et al.
Submission: International Journal of Network Security
Reporter: Chun-Ta Li
Outline
•
•
•
•
•
•
•
Introduction
Particularities of e-Course Delivery
Existing Copyright Protection Systems
Our Copyright Protection Infrastructure – eCX
Security of eCX
Conclusion
Comments
2
2
Introduction
• e-Education
• Security concerns of e-Education
– Registered students infringing the copyrights
– Confidentiality of user personal information
– Course material copyright protection
• SPACE Online Universal Learning (SOUL) Project
(Hong Kong University)
– e-Course eXchange – eCX infrastructure
• Present the experience and share with readers
3
3
Particularities of e-Course Delivery
• Download the e-Course material onto student’s
computers and view the material offline
– They are not always connected to the Internet
– Many Internet providers are charging their users
based on connection time
– Not all of the students enjoy high bandwidth
• It gives great worries to copyright owners of
the materials
4
4
Existing Copyright Protection Systems
• eBook solutions
–
–
–
–
Support only text-based materials
Offering limited support for graphics
Less support for audio and video materials
Tightly coupled with physical appliances
• Major computer technology vendors have been joining
hands to foster solutions to the problem
– Mostly for the storage and the transmission of valuable
material
– Tend to serve contents of specific domains
5
5
Our Copyright Protection Infrastructure – eCX
• The SOUL Platform
Students
eCX Server
Authors
Transmission:
PKI or SSL
– e-Course is being transmitted between the three software suites
– e-Course is stored in the computer of the participants
– e-Education participants access the e-Course on their computers
6
6
Our Copyright Protection Infrastructure – eCX
(cont.)
• What is an e-Course?
– It includes material of different media types
– Web-enabled presentations that involve browser
plug-ins (e.g., Flash, Java Applets etc.)
– An e-Course should all reside within a single
directory tree
• Personal Classroom
– Downloading e-Courses
– Viewing e-Courses
7
7
Our Copyright Protection Infrastructure – eCX
(cont.)
• Personal Classroom
– e-Course (Offline-online Course)
• Course Package (encrypted files)
• Course Voucher (decryption key)
– Hardware Profile
• A snapshot of the configuration of the student’s computer
• It is stored in the Computer License of the student’s computer
• It contains various information including student’s personal
information
8
8
Our Copyright Protection Infrastructure – eCX
(cont.)
• Personal Classroom
– Downloader
9
9
Our Copyright Protection Infrastructure – eCX
(cont.)
• Personal Classroom
– Viewing e-Courses
10
10
Security of eCX (cont.)
• The Danger of an Un-secure Reader
– The save function of web browser to obtain copies of the
material
– eCX built a customized web browser
• Capturing of Localhost Traffic
– Securing the communication between the customized web
browser and the client-side web server
– Not all OS permit the capturing of localhost communication
– Using some secure communication protocol (SSL or HTTTPS)
11
11
Security of eCX (cont.)
• Reverse Engineering
– Crackers can reverse engineer Personal Classroom
and illegally make copies of downloaded e-Courses
– The integrity of important file are checked before
they are loaded
– Sensitive information that must be hard-coded are
stored in their encrypted form and decrypted only
when they are in use
12
12
Security of eCX (cont.)
• Virtual Machine Attack
– Installing the Personal Classroom onto virtual
machine
– Downloading e-Course onto virtual machine
– Adversary can redistribute the whole virtual
machine to others
– This is in fact a very hard to solve problem
– Virtualization software itself is expensive and
can’t be easily comprehended by general or
inexperienced users
13
13
Conclusion
• We introduce our solution, called e-Course eXchange
(eCX)
– Local copy of the e-Course material in their own
computer
– Difficult for making illegal copies of the material
– Reverse engineering attacks / Virtual machines
14
14
Comments
• Evaluation of Paper
– Sound but dull
• Recommendation
– Reject
• How to avoid the attack that a intruder intercepts the data
when the student downloads packages from eCX server
• It seems no solutions to avoid those attacks in the paper
• It must compare with some security considerations
proposed by Furnell et al. to convince that the proposed
infrastructure is secure against a variety of attacks
15
15