Abstract
In this chapter, we address security and privacy aspects in TeSLA, from a technical standpoint. The chapter is structured in three main parts. Firstly, we outline the main concepts underlying security in TeSLA, with regards to the protection of learners’ data and the architecture itself. Secondly, we provide an empirical analysis of a specific deployment in one of the members of the consortium. Some representative aspects such as security levels in terms of storage, processing and transfer are analyzed in the deployment of TeSLA at the Technical University of Sofia. In the third part, we address identity management issues and outline additional efforts we consider worth exploring.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
More detailed information related to the TeSLA architecture can be found in Chap. 4: Engineering Cloud-based Technological Infrastructure to Enforce Trustworthiness.
Abbreviations
- CA:
-
Certification Authority
- GDPR:
-
General Data Protection Regulation
- JWT:
-
JSON Web Token
- LMS:
-
Learning Management System
- LTI:
-
Learning Tools Interoperability
- OCSP:
-
Online Certificate Status Protocol
- PKI:
-
Public Key Infrastructure
- RSA:
-
A public-key cryptosystem
- SAML:
-
Security Assertion Markup Language
- TLS protocol:
-
Transport Layer Security protocol
- TTP:
-
Trusted Third Party
- TUS:
-
Technical University of Sofia
- UUID:
-
Universally Unique Identifier
- VLE:
-
Virtual Learning Environment
References
ANSSI (2016) Best practices. Available from: https://www.ssi.gouv.fr/administration/bonnes-pratiques/ (20 Oct 2016)
IEEE Standards (2018) 29148—2018—ISO/IEC/IEEE international standard—systems and software engineering—life cycle processes—requirements engineering. Available from: https://ieeexplore.ieee.org/document/8559686. (30 Nov 2018)
ISO (2013) ISO/IEC 27001:2013—information technology—security techniques—information security management systems—requirements. Available from: https://www.iso.org/standard/54534.html (1 Oct 2013)
OWASP (2013) OWASP top 10 most critical web application security risks… Available from: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project (1 Nov 2016)
EUR-Lex (2016) Regulation (Eu) 2016/679 of the European Parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General data protection regulation), 2016. Available from: https://eur-lex.europa.eu/eli/reg/2016/679/oj (27 Apr 2016)
Dierks T, Rescorla E (2008) The transport layer security (TLS) protocol. Available from: https://tools.ietf.org/html/rfc5246 (11 Nov 2018)
TeSLA (2016) TeSLA home page. Anonymous certification in TeSLA. Available from: https://tesla-project.eu/anonymous-certification-tesla/ (20 Jul 2017)
Apampa KM, Wills G, Argles D (2009) Towards security goals in summative E-assessment security. In: 2009 international conference for internet technology and secured transactions (ICITST), pp 1–5. Available from IEEE Xplore Digital Library (29 Jan 2010)
Thamadharan K, Maarop N (2015) The acceptance of E-assessment considering security perspective: work in progress. World Acad Sci Eng Technol Int J Comput Inf Eng 9(3):874–879
Laurent M, Bouzefrane S (eds) (2015) Digital identity management. ISTE, London
ITU (2016) X.509: information technology—open systems interconnection—the directory: public-key and attribute certificate frameworks. Available from: https://www.itu.int/rec/T-REC-X.509-201610-P/en (14 Oct 2016)
Cooper M, Dzambasow Y, Hesse P, Joseph S, Nicholas R (2005) Internet X.509 public key infrastructure. Certification path building. Available from: https://tools.ietf.org/html/rfc4158 (11 Nov 2018)
Menezes AJ, van Oorschot PC, Vanstone SA (2011) Handbook of applied cryptography. CRC Press, US
Kiennert C, Rocher PO, Ivanova M, Rozeva A, Durcheva M, Garcia-Alfaro J (2017) Security challenges in e-assessment and technical solutions. In: 8th international workshop on interactive environments and emerging technologies for eLearning, 21st international conference on information visualization, London, UK, pp 366–371. Available from IEEE Xplore Digital Library (16 Nov 2017)
Cooper D, Santesson S, Farrell S, Boeyen S, Housley R, Polk W (2008) Internet X.509 public key infrastructure certificate and certificate revocation list profile. Available from: https://tools.ietf.org/html/rfc5280 (11 Nov 2018)
Santesson S, Myers M, Ankney R, Malpani A, Adams C (2013) X.509 internet public key infrastructure online certificate status protocol—OCSP. Available from: http://www.rfc-editor.org/info/rfc6960 (11 Nov 2018)
Barker E (2016) Recommendation for key management, part I: general. Available from: https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-4/final (12 Feb 2019)
Baró-Solé X, Guerrero-Roldan AE, Prieto-Blázquez J, Rozeva A, Marinov O, Kiennert C, Rocher PO, Garcia-Alfaro J (2018) Integration of an adaptive trust-based E-assessment system into virtual learning environments—the TeSLA project experience. Internet technology letters. Available from: https://doi.org/10.1002/itl2.56 (09 June 2018)
Ivanova M, Rozeva A (2017) Methodology for realization of secure web services. In: Proceedings of academics world international conference, Edinburgh, UK, pp 16–21
Kumar S, Dutta K (2011) Investigation on security in LMS MOODLE. Int J Inf Technol Knowl Manage 4(1):233–238
Zadeh L (1965) Fuzzy sets. Inf Control 8:338–353
Porebski S, Straszecka E (2016) Membership functions for fuzzy focal elements. Arch Control Sci 26(3):395–427
Ansari S, Mittal P, Chandna R (2010) Multi-criteria decision making using fuzzy logic approach for evaluating the manufacturing flexibility. J Eng Technol Res 2(12):237–244
Durand G, Downes S (2009) Toward simple learning design 2.0. In: 2009 4th international conference on computer science & education, pp 894–897. Available from IEEE Xplore Digital Library (01 Sept 2009)
Leiba B (2012) OAuth web authorization protocol. IEEE Internet Comput 16(1):74–77. Available from. https://www.computer.org/csdl/magazine/ic/2012/01/mic2012010074/13rRUxjyX0o (20 Feb 2012)
Leach P, Mealling M, Salz R (2005) A universally unique identifier (UUID) URN namespace. Available from: https://tools.ietf.org/html/rfc4122
Jones M, Bradley J, Sakimura N (2015) JSON Web Token (JWT). Available from: http://www.rfc-editor.org/info/rfc7519 (19 Jan 2019)
Kiennert C, Kaaniche N, Laurent M, Rocher PO, Garcia-Alfaro J (2017) Anonymous certification for an e-assessment framework. In: Proceedings of 22nd Nordic conference on secure IT systems (NordSec 2017), Tartu, Estonia, pp 70–85
Kaaniche N, Laurent M, Rocher PO, Kiennert C, Garcia-Alfaro J (2017) PCS, a privacy-preserving certification scheme. In: 22nd ESORICS symposium 12th international workshop on data privacy management (DPM 2017), Oslo, Norway, pp 239–256
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Kiennert, C., Ivanova, M., Rozeva, A., Garcia-Alfaro, J. (2020). Security and Privacy in the TeSLA Architecture. In: Baneres, D., Rodríguez, M., Guerrero-Roldán, A. (eds) Engineering Data-Driven Adaptive Trust-based e-Assessment Systems. Lecture Notes on Data Engineering and Communications Technologies, vol 34. Springer, Cham. https://doi.org/10.1007/978-3-030-29326-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-29326-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29325-3
Online ISBN: 978-3-030-29326-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)