by Juan Carlos Granda, Pelayo Nuño, Daniel Fernando García and Francisco José Suárez
Abstract:
Synchronous e-training is emerging as an alternative for developing human resources training plans in large organizations. Real-time communications are used to emulate face-toface interaction that occurs in on-campus learning environments. However, the security concerns that a synchronous e-training platform must face may compromise the integrity, availability and confidentiality of corporate information, which may lead to serious economic and legal consequences. The disclosure of corporate information or the unauthorized participation in etraining activities must be prevented. In this paper, the security issues in synchronous e-training are identified, and the threats to a real e-training platform are analyzed. The platform is organized into four virtual networks with different security requirements and vulnerabilities. The platform assumes that multicast communications are available in the underlying corporate network. The threats affecting each element of the platform and their impact on e-training activities are discussed. Finally, a security scheme is proposed fixing the aforementioned vulnerabilities. Digital certificates and encryption algorithms solve most of the vulnerabilities, but other techniques such as access control lists and user skills on security basics are essential. Most of the proposed scheme is applicable to other real-time communication systems, since the e-training platform is built using standard technologies commonly used in voice over IP systems. 2011 IEEE.
Reference:
Security issues in a synchronous e-training platform (Juan Carlos Granda, Pelayo Nuño, Daniel Fernando García and Francisco José Suárez), In Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES), 2011.
Bibtex Entry:
@InProceedings{granda2011ares,
author = {Juan Carlos Granda and Pelayo Nuño and Daniel Fernando García and Francisco José Suárez},
title = {Security issues in a synchronous e-training platform},
booktitle = {Proceedings of the 6\textsuperscript{th} International Conference on Availability, Reliability and Security (ARES)},
pages = {485--492},
abstract = {Synchronous e-training is emerging as an alternative for developing human resources training plans in large organizations. Real-time communications are used to emulate face-toface interaction that occurs in on-campus learning environments. However, the security concerns that a synchronous e-training platform must face may compromise the integrity, availability and confidentiality of corporate information, which may lead to serious economic and legal consequences. The disclosure of corporate information or the unauthorized participation in etraining activities must be prevented. In this paper, the security issues in synchronous e-training are identified, and the threats to a real e-training platform are analyzed. The platform is organized into four virtual networks with different security requirements and vulnerabilities. The platform assumes that multicast communications are available in the underlying corporate network. The threats affecting each element of the platform and their impact on e-training activities are discussed. Finally, a security scheme is proposed fixing the aforementioned vulnerabilities. Digital certificates and encryption algorithms solve most of the vulnerabilities, but other techniques such as access control lists and user skills on security basics are essential. Most of the proposed scheme is applicable to other real-time communication systems, since the e-training platform is built using standard technologies commonly used in voice over {IP} systems. 2011 {IEEE}.},
author+an = {1=highlight},
date = {2011},
year = {2011},
doi = {10.1109/ARES.2011.75},
isbn = {978-0-7695-4485-4},
keywords = {Access control, Access control lists, Availability, Communication systems, Confidentiality, Corporate information, Corporate networks, Digital certificates, Encryption algorithms, E-training, Integrity, Internet telephony, Large organizations, Learning environments, Multicast communication, Real-time communication, Real-time communication system, Real time systems, Security, Security issues, Security requirements, Security scheme, Standard technology, Synchronous e-training, Training plan, Virtual networks, Voice/data communication systems, Voice over {IP}},
urldate = {2011-08-22},
type = {research},
address = {Viena, Austria},
eventdate = {2011-08-22/2011-08-26},
calidad = {Congreso de tipo B en el CORE {\itshape Conference Ranking}},
comunicacion = {Oral},
}