SlideShare a Scribd company logo

Secured E-Learning Content on USB/HDD Device

•
•
IOSR Journals
IOSR Journals

IOSR Journal of Computer Engineering (IOSRJCE)

Technology
1 of 4
Download to read offline
IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661 Volume 3, Issue 1 (July-Aug. 2012), PP 24-27 www.iosrjournals.org www.iosrjournals.org 24 | Page Secured E-Learning Content on USB/HDD Device V. Krishnamurthy, Ajinkya Deshmukh, Rupesh Rathod and Nirajsingh Yeotikar National Institute of Electronics and Information Technology, Aurangabad Dr BAM University Campus Abstract: In this paper, we propose the protection to e-learning content present on USB/HDD device. Unlike a onetime classroom session, the e-learning course is available for others... Our proposed system provides the security to this content present on flash drives with the authentication, confidentiality, copy protection and authorization. Firstly user will registering for course then he will get the encrypted data on authenticated USB device. As soon as he authenticates the system, USB and himself, he will have authorized to have license file. Using it he can play the course content. We conclude that the proposed system is secured using three level authentication, confidentiality and integrity of data, copy protection and online authorization. Keywords: Authentication, Authorization, Confidentiality, Encryption, Piracy Protection I. INTRODUCTION In today’s era one has to update oneself continuously to survive in this competitive world. E-learning is the best solution for this. Developers put lots of efforts to develop these e-learning courses to make them more interactive and interesting. To get good revenue from the course content, it must be secured from piracy as it is to make copy of the content and distribute to others. The e-learning can be achieved online as well as offline i.e. synchronous and asynchronous learning. Synchronous learning needs continuous high speed net connection for user and larger bandwidth for the organization. In today’s scenario it is not possible to own larger bandwidth. To make e-learning more effective and more interesting we need to make our content multimedia reach, resulting in the increased content size and so increased bandwidth. This is neither affordable to user who will need high speed internet all the time nor to the provider who will need larger bandwidth. So the option is Asynchronous e-learning. In asynchronous e- learning you will provide the learning content in the CD or USB. Providing learning content through USB needs many issues to be considered. Here the security in e- learning comes. The integrity and confidentiality of learning content is the major security issue comes first. To provide the security to learning content, avoid its piracy and provide the course content only to those who are authenticated and authorized by registering and paying for the course are some security parameters of e-learning. Learning content is secured by implementing security aspects as authentication, authorization, encryption and copy protection. Authentication is done at three levels User authentication, System authentication and USB authentication. Password based AES 256 encryption algorithm is used to maintain confidentiality of data. Security algorithms are implemented in java and the hardware interfacing i.e. interfacing with USB hardware lock and user’s system is done in C sharp (e.g. [1]). Interfacing of both the programming languages is achieved by using Java Native Interface. For automatic detection of insertion and removal of USB (e.g. [2]) and for applying the copy protection scheme to the system windows services is used. User registration, login creation and modular authorization is done in online security module. Modular access of user is controlled through online security module by maintain the record of user of modular access. User is provided the license file for a module only once on his registration for that module. This web application is implemented using J2EE tool, JDBC and Java auto mailing classes. The flow of security implementation is shown in diagram Fig. 1 Sequential steps for user The complete system is mainly divided in two parts namely provider side and user side. The provider side includes the authentication of content provider, USB registration and its database maintenance; secure key
Secured E-Learning Content on USB/HDD Device www.iosrjournals.org 25 | Page file and license file creation, encryption of content, setup file creation, user registration and its database handling. The user side includes the login, user authentication, user’s system authentication, authorization of user and system, playing the decrypted content and maintaining the copy protection of the content. The outline of this paper as follows: Section 2 describes the access control of data to user. Section 3 describes the data integrity and confidentiality. Section 4 describes the copy protection of data. Section 5 depicts the online security module and is followed by our conclusion in section 6. II. ACCESS CONTROL Access control is to permit or deny access to data. This involves authentication and authorization. Authentication is normally a prerequisite for authorization, but they are separate and distinct concepts.  Authentication establishes who you are.  Authorization establishes what you are allowed to do. A. Provider Authentication The content provider’s authentication is necessary so that there will not be fake providers earning with fake brands. Authentication is necessary in order to ensure that the content in the said USB used by user is the one, provided by the original provider and is not the pirated. To achieve this USB containing the encrypted course data is authenticated. Its authenticity is checked for every access. To authenticate or to identify USB uniquely some of its hardware details are accessed. 1) Uniqueness of USB: The USB the mass storage device has some unique identity provided by its vendor. All USB devices have a hierarchy of descriptors which describe to the host information such as what the device is, who makes it, what version of USB it supports, how many ways it can be configured, the number of endpoints and their types etc. USB devices can only have one device descriptor. We used these parameters to uniquely define the USB storage device we are using to provide the course data within. The vendor id, product id and serial number of the USB are accessed using Windows Management Instrumentation (WMI) classes. The fingerprint of 16 byte is calculated using these three parameters. This fingerprint of USB is unique for it and no other USB could have the same fingerprint. It is used as one of the parameter needed for encryption and decryption of the course content. It is used by provider when he encrypts the data. At user side the content is decrypted but to decrypt the secure is needed and that can be accessed only with the unique fingerprint of the USB containing the data. So to decrypt the content the authenticated USB must be enumerated in the system. In this way by authenticating the USB with content one step of security is assured. Fig. 2 Flowchart of system B. User Authentication User authentication is achieved with his password and the unique id of user’s system. 1) User Password: This is accepted while authorization of the user which is done online. The password from user is accepted and directly used in key generation and encryption of license file. This password is neither stored in database anywhere nor hardcoded in any software. Once user is authorized for a particular module he can decrypt the related content and use it to learn. But for every access he has to enter the password. The decrypted license file is the one parameter needed to access the key file which stores secure key for decryption of the course content. 2)Unique ID of user system: The system is uniquely authenticated using its unique unalterable hardware details such as processor id, bios id, hard disk serial number, motherboard serial number. These details give uniqueness to every system. Here we are accessing these details to generate the 16byte fingerprint. This is generated at the time of setup file installation. It is queried to the user at the time of authorization and used as parameter to store key which encrypts license file. To get these hardware details for first time and for every login WMI classes and properties are used.
Secured E-Learning Content on USB/HDD Device www.iosrjournals.org 26 | Page In this way the authenticated user has authorization to access the data on his system only. By creating unique authentication id of his system and using it as a parameter to decrypt license file is another level of security added. The same authentication id is calculated at runtime for every access and if it is same then only the license file get decrypted and that license can be used internally to access secure key file which is needed actually to decrypt the course content. To access the WMI classes to get the hardware details we are using C#. These accessed authentication parameters are then used in encryption step to increase the security level. So to communicate between java and C#, ‘Java Native Interface’ (JNI) is used. III. DATA INTEGRITY AND CONFIDENTIALITY Data confidentiality includes data access by authenticated and authorized user. And data integrity states that data should not be tampered with or modify. The content confidentiality and integrity is achieved to some extent by encrypting the content using some hardware details of both USB and user’s system (e.g. [2]). The decryption and further use of data is made possible only when user knows his password, he is using the same USB provided by course provider and his own system which is authenticated. AES cryptographic algorithm is implemented using Java cryptography Architecture (JCA) and Java Cryptography Extensions (JCE). (e.g. [3],[4]) IV. COPY PROTECTION AND COPY AVOIDANCE A) Copy Protection It summarizes as anyone can copy the course content from USB but he will not be able to use (read/play) it until and unless he has the same authenticated USB with him, he knows the password. In short only the authenticated user authorized by course provider can only use this content. Copy protection is achieved as for the decryption of content USB, user’s authenticated system and password is must. This is achieved using the encryption and making the key access dependant on three parameters password, USB hardware details and user System hardware details. Though someone copies all the content from USB he cannot decrypt and use it till he got the above mentioned three parameters at the same time. It means he should have knowledge of secret password, system for which he got the authorization from content provider and authenticated USB enumerated in the authorized system. B) Copy Avoidance It means nobody can copy the data from its original position. This is necessary when authenticated user is playing courseware on his authorized system. Copy avoidance is to protect the decrypted data. The copy avoidance is achieved by avoiding the copy and/or cut action when the authenticated content USB is running. More security feature applied is if user tries to stop the copy avoidance mechanism the USB stops working and immediately gets ejected. Copy avoidance is implemented by controlling following control listed below  Copy paste o Right click o ^c ^v  Cut paste o Right click o ^x ^v  Print screen  Send to  Drag drop V. ONLINE SECURITY MODULE An online security module is implemented as server client system. Online java programming is done using J2EE tool. The code is developed with JSP and JavaBeans using different API’s like java security API for encryption, Java Mailing for auto mailing of license and password file to the user/client. JDBC driver connection is used to store the user data and to Fig 4. Flowchart of overview of Online Security Module
Secured E-Learning Content on USB/HDD Device www.iosrjournals.org 27 | Page create user account. Apache Tomcat Server has been used to deploy the online server programs. JSP, JavaBean programming are used for user registration and JDBC for storing user data into MYSQL database server. For automatic mail to the user is given by using Java Mailing API (e.g. [5]-[7]). From two flowcharts given below online security module become clear. Fig 4. Flowchart of overview of Online Security Module VI. CONCLUSION In this paper, we propose that the E-Learning course content is secured using three level authentication user authentication, USB authentication and System authentication. Confidentiality and integrity of data is maintained using AES Encryption algorithm and piracy is avoided using copy protection and online authorization. Tracking of course activity and keeping records of modular access is done on server side. This way user can read/play the course content only with USB hardware lock and only on a system authenticated for course access. User cannot make copy of the course content for further distribution to others and hence there is increase in revenue of developer. ACKNOWLEDGMENT We take this opportunity to express my deep sense of gratitude and sincere thanks to Dr. V. N. Walivadekar, Rtd Director, NIELIT centre, Aurangabad. We would also thank to Mr S. T. Valunjkar, Director In-Charge, NIELIT centre, Aurangabad for continuing to provide support and motivation. We would like to thank to our project guide Mr. V. Krishnamurthy, under whose guidance, continuous encouragement and support this work was carried out. We are very much thankful to Mr. Alok Tripathi, NIELIT Centre, Gorakhpur for his guidance and valuable suggestions whenever we faced problems. We are also thankful to our seniors Ms. Rupali Mankar and Ms.Amruta Faude who have also contributed a great deal for the initial completion of the work. This work was carried out in and supported by the National Institute of Electronics and Information Technology, Aurangabad. REFERENCES [1] C# station. (2000). [Online]. Available: http://www.csharp-station.com/Tutorial [2] Jan Axelson, USB Complete, 4th ed., June 2009. [3] Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197,November 26, 2001. Available: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf [4] Oracle(2003)ReferenceGuidehomepageonOracle.[Online].Available:ttp://docs.oracle.com/javase/1.4.2/docs/guide/security/jce/JCE RefGuide.html#EncrDec [5] ScottMcPherson.(2010)JavahomepageonSDN.[Online].Available: ttp://java.sun.com/developer/technicalArticles/Programming/jsp/ [6] MySQL5.0ReferenceManual. (1997) homepage on Mysql. [Online]. Available: http://dev.mysql.com/doc/refman/5.0/en/index.html [7] JavaMail API Documentation. (2011) homepage on Oracle. [Online]. Available: http://javamail.kenai.com/nonav/javadocs/

Recommended

D0312427
D0312427D0312427
D0312427
iosrjournals
 
Secured E-Learning Content on Handheld Device
Secured E-Learning Content on Handheld DeviceSecured E-Learning Content on Handheld Device
Secured E-Learning Content on Handheld Device
IOSR Journals
 
Comparative study of security mechanism differentiation between windows 2000...
Comparative study of security mechanism differentiation between windows 2000... Comparative study of security mechanism differentiation between windows 2000...
Comparative study of security mechanism differentiation between windows 2000...
Alexander Decker
 
11. comparative study of security mechanism differentiation between windows 2...
11. comparative study of security mechanism differentiation between windows 2...11. comparative study of security mechanism differentiation between windows 2...
11. comparative study of security mechanism differentiation between windows 2...
Alexander Decker
 
Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...
eSAT Journals
 
Usb 3.0 technology mindshare
Usb 3.0 technology mindshareUsb 3.0 technology mindshare
Usb 3.0 technology mindshare
Nguyen Nhat Han
 
IRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking SystemIRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking System
IRJET Journal
 
E01053539
E01053539E01053539
E01053539
IOSR Journals
 

Recommended

D0312427
D0312427D0312427
D0312427
iosrjournals
 
Secured E-Learning Content on Handheld Device
Secured E-Learning Content on Handheld DeviceSecured E-Learning Content on Handheld Device
Secured E-Learning Content on Handheld Device
IOSR Journals
 
Comparative study of security mechanism differentiation between windows 2000...
Comparative study of security mechanism differentiation between windows 2000... Comparative study of security mechanism differentiation between windows 2000...
Comparative study of security mechanism differentiation between windows 2000...
Alexander Decker
 
11. comparative study of security mechanism differentiation between windows 2...
11. comparative study of security mechanism differentiation between windows 2...11. comparative study of security mechanism differentiation between windows 2...
11. comparative study of security mechanism differentiation between windows 2...
Alexander Decker
 
Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...Secure3 authentication for sensitive data on cloud using textual, chessboard ...
Secure3 authentication for sensitive data on cloud using textual, chessboard ...
eSAT Journals
 
Usb 3.0 technology mindshare
Usb 3.0 technology mindshareUsb 3.0 technology mindshare
Usb 3.0 technology mindshare
Nguyen Nhat Han
 
IRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking SystemIRJET - Graphical Password Authentication for Banking System
IRJET - Graphical Password Authentication for Banking System
IRJET Journal
 
E01053539
E01053539E01053539
E01053539
IOSR Journals
 
Advances in Automatic Speech Recognition: From Audio-Only To Audio-Visual Sp...
Advances in Automatic Speech Recognition: From Audio-Only To Audio-Visual Sp...Advances in Automatic Speech Recognition: From Audio-Only To Audio-Visual Sp...
Advances in Automatic Speech Recognition: From Audio-Only To Audio-Visual Sp...
IOSR Journals
 
E0612629
E0612629E0612629
E0612629
IOSR Journals
 
A0950110
A0950110A0950110
A0950110
IOSR Journals
 
M0537683
M0537683M0537683
M0537683
IOSR Journals
 
7 Ways to Grow Flowers
7 Ways to Grow Flowers7 Ways to Grow Flowers
7 Ways to Grow Flowers
believe52
 
H0144757
H0144757H0144757
H0144757
IOSR Journals
 
Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...
Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...
Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...
IOSR Journals
 
E0162736
E0162736E0162736
E0162736
IOSR Journals
 
High Performance of Matrix Converter Fed Induction Motor for IPF Compensation...
High Performance of Matrix Converter Fed Induction Motor for IPF Compensation...High Performance of Matrix Converter Fed Induction Motor for IPF Compensation...
High Performance of Matrix Converter Fed Induction Motor for IPF Compensation...
IOSR Journals
 
Innovation and Industrialization in the Energy Sector: The Way Forward
Innovation and Industrialization in the Energy Sector: The Way ForwardInnovation and Industrialization in the Energy Sector: The Way Forward
Innovation and Industrialization in the Energy Sector: The Way Forward
IOSR Journals
 
International Medical Careers Forum Oct 15 2016
International Medical Careers Forum Oct 15 2016International Medical Careers Forum Oct 15 2016
International Medical Careers Forum Oct 15 2016
Odyssey Recruitment
 
Trashing Utopia 2015
Trashing Utopia 2015 Trashing Utopia 2015
Trashing Utopia 2015
Poverty Productions Intergalactic Unlimited
 
On The Automated Classification of Web Pages Using Artificial Neural Network
On The Automated Classification of Web Pages Using Artificial Neural NetworkOn The Automated Classification of Web Pages Using Artificial Neural Network
On The Automated Classification of Web Pages Using Artificial Neural Network
IOSR Journals
 
G01044345
G01044345G01044345
G01044345
IOSR Journals
 
D0532025
D0532025D0532025
D0532025
IOSR Journals
 
Presentazione dogsinthecity
Presentazione dogsinthecityPresentazione dogsinthecity
Presentazione dogsinthecity
lucaminetti
 
C0931115
C0931115C0931115
C0931115
IOSR Journals
 
A Protocol to Detect and Kill Orphan Processes in Distributed Computer Systems
A Protocol to Detect and Kill Orphan Processes in Distributed Computer SystemsA Protocol to Detect and Kill Orphan Processes in Distributed Computer Systems
A Protocol to Detect and Kill Orphan Processes in Distributed Computer Systems
IOSR Journals
 
Design Test-bed for assessing load utilising using Multicast Forwarding Appro...
Design Test-bed for assessing load utilising using Multicast Forwarding Appro...Design Test-bed for assessing load utilising using Multicast Forwarding Appro...
Design Test-bed for assessing load utilising using Multicast Forwarding Appro...
IOSR Journals
 
Incidence of Equine Hoof Derangements in Malaysian Horse Population
Incidence of Equine Hoof Derangements in Malaysian Horse PopulationIncidence of Equine Hoof Derangements in Malaysian Horse Population
Incidence of Equine Hoof Derangements in Malaysian Horse Population
IOSR Journals
 
enhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudenhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloud
INFOGAIN PUBLICATION
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor Authentication
IRJET Journal
 

More Related Content

Viewers also liked

Presentazione dogsinthecity
Presentazione dogsinthecityPresentazione dogsinthecity
Presentazione dogsinthecity
lucaminetti
 
Incidence of Equine Hoof Derangements in Malaysian Horse Population
Incidence of Equine Hoof Derangements in Malaysian Horse PopulationIncidence of Equine Hoof Derangements in Malaysian Horse Population
Incidence of Equine Hoof Derangements in Malaysian Horse Population
IOSR Journals
 

Viewers also liked (20)

Advances in Automatic Speech Recognition: From Audio-Only To Audio-Visual Sp...
Advances in Automatic Speech Recognition: From Audio-Only To Audio-Visual Sp...Advances in Automatic Speech Recognition: From Audio-Only To Audio-Visual Sp...
Advances in Automatic Speech Recognition: From Audio-Only To Audio-Visual Sp...
 
E0612629
E0612629E0612629
E0612629
 
A0950110
A0950110A0950110
A0950110
 
M0537683
M0537683M0537683
M0537683
 
7 Ways to Grow Flowers
7 Ways to Grow Flowers7 Ways to Grow Flowers
7 Ways to Grow Flowers
 
H0144757
H0144757H0144757
H0144757
 
Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...
Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...
Growth Performance of Rats Maintained On Citrullus colocynthis Seed Coat-base...
 
E0162736
E0162736E0162736
E0162736
 
High Performance of Matrix Converter Fed Induction Motor for IPF Compensation...
High Performance of Matrix Converter Fed Induction Motor for IPF Compensation...High Performance of Matrix Converter Fed Induction Motor for IPF Compensation...
High Performance of Matrix Converter Fed Induction Motor for IPF Compensation...
 
Innovation and Industrialization in the Energy Sector: The Way Forward
Innovation and Industrialization in the Energy Sector: The Way ForwardInnovation and Industrialization in the Energy Sector: The Way Forward
Innovation and Industrialization in the Energy Sector: The Way Forward
 
International Medical Careers Forum Oct 15 2016
International Medical Careers Forum Oct 15 2016International Medical Careers Forum Oct 15 2016
International Medical Careers Forum Oct 15 2016
 
Trashing Utopia 2015
Trashing Utopia 2015 Trashing Utopia 2015
Trashing Utopia 2015
 
On The Automated Classification of Web Pages Using Artificial Neural Network
On The Automated Classification of Web Pages Using Artificial Neural NetworkOn The Automated Classification of Web Pages Using Artificial Neural Network
On The Automated Classification of Web Pages Using Artificial Neural Network
 
G01044345
G01044345G01044345
G01044345
 
D0532025
D0532025D0532025
D0532025
 
Presentazione dogsinthecity
Presentazione dogsinthecityPresentazione dogsinthecity
Presentazione dogsinthecity
 
C0931115
C0931115C0931115
C0931115
 
A Protocol to Detect and Kill Orphan Processes in Distributed Computer Systems
A Protocol to Detect and Kill Orphan Processes in Distributed Computer SystemsA Protocol to Detect and Kill Orphan Processes in Distributed Computer Systems
A Protocol to Detect and Kill Orphan Processes in Distributed Computer Systems
 
Design Test-bed for assessing load utilising using Multicast Forwarding Appro...
Design Test-bed for assessing load utilising using Multicast Forwarding Appro...Design Test-bed for assessing load utilising using Multicast Forwarding Appro...
Design Test-bed for assessing load utilising using Multicast Forwarding Appro...
 
Incidence of Equine Hoof Derangements in Malaysian Horse Population
Incidence of Equine Hoof Derangements in Malaysian Horse PopulationIncidence of Equine Hoof Derangements in Malaysian Horse Population
Incidence of Equine Hoof Derangements in Malaysian Horse Population
 

Similar to Secured E-Learning Content on USB/HDD Device

enhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudenhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloud
INFOGAIN PUBLICATION
 
File transfer using cryptography techniques
File transfer using cryptography techniquesFile transfer using cryptography techniques
File transfer using cryptography techniques
miteshkumar82
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
blusmurfydot1
 
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...
IJERA Editor
 
A Review Study on Secure Authentication in Mobile System
A Review Study on Secure Authentication in Mobile SystemA Review Study on Secure Authentication in Mobile System
A Review Study on Secure Authentication in Mobile System
Editor IJCATR
 
Module 5 security
Module 5 securityModule 5 security
Module 5 security
IT
 
Paper id 2120145
Paper id 2120145Paper id 2120145
Paper id 2120145
IJRAT
 

Similar to Secured E-Learning Content on USB/HDD Device (20)

enhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloudenhanced secure multi keyword top k retrieval in cloud
enhanced secure multi keyword top k retrieval in cloud
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor Authentication
 
File transfer using cryptography techniques
File transfer using cryptography techniquesFile transfer using cryptography techniques
File transfer using cryptography techniques
 
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
IRJET-Enhancement of Security using 2-Factor Authentication, 2nd Factor being...
 
IRJET- Security in Ad-Hoc Network using Encrypted Data Transmission and S...
IRJET- Security in Ad-Hoc Network using Encrypted Data Transmission and S...IRJET- Security in Ad-Hoc Network using Encrypted Data Transmission and S...
IRJET- Security in Ad-Hoc Network using Encrypted Data Transmission and S...
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
Paper2
Paper2Paper2
Paper2
 
IJSRED-V2I2P10
IJSRED-V2I2P10IJSRED-V2I2P10
IJSRED-V2I2P10
 
IRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud Systems
IRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud SystemsIRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud Systems
IRJET- Secure and Efficient File Sharing and Shared Ownership in Cloud Systems
 
Personal Data Protection
Personal Data ProtectionPersonal Data Protection
Personal Data Protection
 
Security framework for connected devices
Security framework for connected devicesSecurity framework for connected devices
Security framework for connected devices
 
Paper id 712019116
Paper id 712019116Paper id 712019116
Paper id 712019116
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
 
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...
 
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
IRJET - Blockchain-based Public Integrity Verification for Cloud Storage Agai...
 
A Review Study on Secure Authentication in Mobile System
A Review Study on Secure Authentication in Mobile SystemA Review Study on Secure Authentication in Mobile System
A Review Study on Secure Authentication in Mobile System
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
 
Module 5 security
Module 5 securityModule 5 security
Module 5 security
 
Paper id 2120145
Paper id 2120145Paper id 2120145
Paper id 2120145
 

More from IOSR Journals

More from IOSR Journals (20)

A011140104
A011140104A011140104
A011140104
 
M0111397100
M0111397100M0111397100
M0111397100
 
L011138596
L011138596L011138596
L011138596
 
K011138084
K011138084K011138084
K011138084
 
J011137479
J011137479J011137479
J011137479
 
I011136673
I011136673I011136673
I011136673
 
G011134454
G011134454G011134454
G011134454
 
H011135565
H011135565H011135565
H011135565
 
F011134043
F011134043F011134043
F011134043
 
E011133639
E011133639E011133639
E011133639
 
D011132635
D011132635D011132635
D011132635
 
C011131925
C011131925C011131925
C011131925
 
B011130918
B011130918B011130918
B011130918
 
A011130108
A011130108A011130108
A011130108
 
I011125160
I011125160I011125160
I011125160
 
H011124050
H011124050H011124050
H011124050
 
G011123539
G011123539G011123539
G011123539
 
F011123134
F011123134F011123134
F011123134
 
E011122530
E011122530E011122530
E011122530
 
D011121524
D011121524D011121524
D011121524
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Secured E-Learning Content on USB/HDD Device

  • 1. IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661 Volume 3, Issue 1 (July-Aug. 2012), PP 24-27 www.iosrjournals.org www.iosrjournals.org 24 | Page Secured E-Learning Content on USB/HDD Device V. Krishnamurthy, Ajinkya Deshmukh, Rupesh Rathod and Nirajsingh Yeotikar National Institute of Electronics and Information Technology, Aurangabad Dr BAM University Campus Abstract: In this paper, we propose the protection to e-learning content present on USB/HDD device. Unlike a onetime classroom session, the e-learning course is available for others... Our proposed system provides the security to this content present on flash drives with the authentication, confidentiality, copy protection and authorization. Firstly user will registering for course then he will get the encrypted data on authenticated USB device. As soon as he authenticates the system, USB and himself, he will have authorized to have license file. Using it he can play the course content. We conclude that the proposed system is secured using three level authentication, confidentiality and integrity of data, copy protection and online authorization. Keywords: Authentication, Authorization, Confidentiality, Encryption, Piracy Protection I. INTRODUCTION In today’s era one has to update oneself continuously to survive in this competitive world. E-learning is the best solution for this. Developers put lots of efforts to develop these e-learning courses to make them more interactive and interesting. To get good revenue from the course content, it must be secured from piracy as it is to make copy of the content and distribute to others. The e-learning can be achieved online as well as offline i.e. synchronous and asynchronous learning. Synchronous learning needs continuous high speed net connection for user and larger bandwidth for the organization. In today’s scenario it is not possible to own larger bandwidth. To make e-learning more effective and more interesting we need to make our content multimedia reach, resulting in the increased content size and so increased bandwidth. This is neither affordable to user who will need high speed internet all the time nor to the provider who will need larger bandwidth. So the option is Asynchronous e-learning. In asynchronous e- learning you will provide the learning content in the CD or USB. Providing learning content through USB needs many issues to be considered. Here the security in e- learning comes. The integrity and confidentiality of learning content is the major security issue comes first. To provide the security to learning content, avoid its piracy and provide the course content only to those who are authenticated and authorized by registering and paying for the course are some security parameters of e-learning. Learning content is secured by implementing security aspects as authentication, authorization, encryption and copy protection. Authentication is done at three levels User authentication, System authentication and USB authentication. Password based AES 256 encryption algorithm is used to maintain confidentiality of data. Security algorithms are implemented in java and the hardware interfacing i.e. interfacing with USB hardware lock and user’s system is done in C sharp (e.g. [1]). Interfacing of both the programming languages is achieved by using Java Native Interface. For automatic detection of insertion and removal of USB (e.g. [2]) and for applying the copy protection scheme to the system windows services is used. User registration, login creation and modular authorization is done in online security module. Modular access of user is controlled through online security module by maintain the record of user of modular access. User is provided the license file for a module only once on his registration for that module. This web application is implemented using J2EE tool, JDBC and Java auto mailing classes. The flow of security implementation is shown in diagram Fig. 1 Sequential steps for user The complete system is mainly divided in two parts namely provider side and user side. The provider side includes the authentication of content provider, USB registration and its database maintenance; secure key
  • 2. Secured E-Learning Content on USB/HDD Device www.iosrjournals.org 25 | Page file and license file creation, encryption of content, setup file creation, user registration and its database handling. The user side includes the login, user authentication, user’s system authentication, authorization of user and system, playing the decrypted content and maintaining the copy protection of the content. The outline of this paper as follows: Section 2 describes the access control of data to user. Section 3 describes the data integrity and confidentiality. Section 4 describes the copy protection of data. Section 5 depicts the online security module and is followed by our conclusion in section 6. II. ACCESS CONTROL Access control is to permit or deny access to data. This involves authentication and authorization. Authentication is normally a prerequisite for authorization, but they are separate and distinct concepts. ï‚· Authentication establishes who you are. ï‚· Authorization establishes what you are allowed to do. A. Provider Authentication The content provider’s authentication is necessary so that there will not be fake providers earning with fake brands. Authentication is necessary in order to ensure that the content in the said USB used by user is the one, provided by the original provider and is not the pirated. To achieve this USB containing the encrypted course data is authenticated. Its authenticity is checked for every access. To authenticate or to identify USB uniquely some of its hardware details are accessed. 1) Uniqueness of USB: The USB the mass storage device has some unique identity provided by its vendor. All USB devices have a hierarchy of descriptors which describe to the host information such as what the device is, who makes it, what version of USB it supports, how many ways it can be configured, the number of endpoints and their types etc. USB devices can only have one device descriptor. We used these parameters to uniquely define the USB storage device we are using to provide the course data within. The vendor id, product id and serial number of the USB are accessed using Windows Management Instrumentation (WMI) classes. The fingerprint of 16 byte is calculated using these three parameters. This fingerprint of USB is unique for it and no other USB could have the same fingerprint. It is used as one of the parameter needed for encryption and decryption of the course content. It is used by provider when he encrypts the data. At user side the content is decrypted but to decrypt the secure is needed and that can be accessed only with the unique fingerprint of the USB containing the data. So to decrypt the content the authenticated USB must be enumerated in the system. In this way by authenticating the USB with content one step of security is assured. Fig. 2 Flowchart of system B. User Authentication User authentication is achieved with his password and the unique id of user’s system. 1) User Password: This is accepted while authorization of the user which is done online. The password from user is accepted and directly used in key generation and encryption of license file. This password is neither stored in database anywhere nor hardcoded in any software. Once user is authorized for a particular module he can decrypt the related content and use it to learn. But for every access he has to enter the password. The decrypted license file is the one parameter needed to access the key file which stores secure key for decryption of the course content. 2)Unique ID of user system: The system is uniquely authenticated using its unique unalterable hardware details such as processor id, bios id, hard disk serial number, motherboard serial number. These details give uniqueness to every system. Here we are accessing these details to generate the 16byte fingerprint. This is generated at the time of setup file installation. It is queried to the user at the time of authorization and used as parameter to store key which encrypts license file. To get these hardware details for first time and for every login WMI classes and properties are used.
  • 3. Secured E-Learning Content on USB/HDD Device www.iosrjournals.org 26 | Page In this way the authenticated user has authorization to access the data on his system only. By creating unique authentication id of his system and using it as a parameter to decrypt license file is another level of security added. The same authentication id is calculated at runtime for every access and if it is same then only the license file get decrypted and that license can be used internally to access secure key file which is needed actually to decrypt the course content. To access the WMI classes to get the hardware details we are using C#. These accessed authentication parameters are then used in encryption step to increase the security level. So to communicate between java and C#, ‘Java Native Interface’ (JNI) is used. III. DATA INTEGRITY AND CONFIDENTIALITY Data confidentiality includes data access by authenticated and authorized user. And data integrity states that data should not be tampered with or modify. The content confidentiality and integrity is achieved to some extent by encrypting the content using some hardware details of both USB and user’s system (e.g. [2]). The decryption and further use of data is made possible only when user knows his password, he is using the same USB provided by course provider and his own system which is authenticated. AES cryptographic algorithm is implemented using Java cryptography Architecture (JCA) and Java Cryptography Extensions (JCE). (e.g. [3],[4]) IV. COPY PROTECTION AND COPY AVOIDANCE A) Copy Protection It summarizes as anyone can copy the course content from USB but he will not be able to use (read/play) it until and unless he has the same authenticated USB with him, he knows the password. In short only the authenticated user authorized by course provider can only use this content. Copy protection is achieved as for the decryption of content USB, user’s authenticated system and password is must. This is achieved using the encryption and making the key access dependant on three parameters password, USB hardware details and user System hardware details. Though someone copies all the content from USB he cannot decrypt and use it till he got the above mentioned three parameters at the same time. It means he should have knowledge of secret password, system for which he got the authorization from content provider and authenticated USB enumerated in the authorized system. B) Copy Avoidance It means nobody can copy the data from its original position. This is necessary when authenticated user is playing courseware on his authorized system. Copy avoidance is to protect the decrypted data. The copy avoidance is achieved by avoiding the copy and/or cut action when the authenticated content USB is running. More security feature applied is if user tries to stop the copy avoidance mechanism the USB stops working and immediately gets ejected. Copy avoidance is implemented by controlling following control listed below ï‚· Copy paste o Right click o ^c ^v ï‚· Cut paste o Right click o ^x ^v ï‚· Print screen ï‚· Send to ï‚· Drag drop V. ONLINE SECURITY MODULE An online security module is implemented as server client system. Online java programming is done using J2EE tool. The code is developed with JSP and JavaBeans using different API’s like java security API for encryption, Java Mailing for auto mailing of license and password file to the user/client. JDBC driver connection is used to store the user data and to Fig 4. Flowchart of overview of Online Security Module
  • 4. Secured E-Learning Content on USB/HDD Device www.iosrjournals.org 27 | Page create user account. Apache Tomcat Server has been used to deploy the online server programs. JSP, JavaBean programming are used for user registration and JDBC for storing user data into MYSQL database server. For automatic mail to the user is given by using Java Mailing API (e.g. [5]-[7]). From two flowcharts given below online security module become clear. Fig 4. Flowchart of overview of Online Security Module VI. CONCLUSION In this paper, we propose that the E-Learning course content is secured using three level authentication user authentication, USB authentication and System authentication. Confidentiality and integrity of data is maintained using AES Encryption algorithm and piracy is avoided using copy protection and online authorization. Tracking of course activity and keeping records of modular access is done on server side. This way user can read/play the course content only with USB hardware lock and only on a system authenticated for course access. User cannot make copy of the course content for further distribution to others and hence there is increase in revenue of developer. ACKNOWLEDGMENT We take this opportunity to express my deep sense of gratitude and sincere thanks to Dr. V. N. Walivadekar, Rtd Director, NIELIT centre, Aurangabad. We would also thank to Mr S. T. Valunjkar, Director In-Charge, NIELIT centre, Aurangabad for continuing to provide support and motivation. We would like to thank to our project guide Mr. V. Krishnamurthy, under whose guidance, continuous encouragement and support this work was carried out. We are very much thankful to Mr. Alok Tripathi, NIELIT Centre, Gorakhpur for his guidance and valuable suggestions whenever we faced problems. We are also thankful to our seniors Ms. Rupali Mankar and Ms.Amruta Faude who have also contributed a great deal for the initial completion of the work. This work was carried out in and supported by the National Institute of Electronics and Information Technology, Aurangabad. REFERENCES [1] C# station. (2000). [Online]. Available: http://www.csharp-station.com/Tutorial [2] Jan Axelson, USB Complete, 4th ed., June 2009. [3] Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197,November 26, 2001. Available: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf [4] Oracle(2003)ReferenceGuidehomepageonOracle.[Online].Available:ttp://docs.oracle.com/javase/1.4.2/docs/guide/security/jce/JCE RefGuide.html#EncrDec [5] ScottMcPherson.(2010)JavahomepageonSDN.[Online].Available: ttp://java.sun.com/developer/technicalArticles/Programming/jsp/ [6] MySQL5.0ReferenceManual. (1997) homepage on Mysql. [Online]. Available: http://dev.mysql.com/doc/refman/5.0/en/index.html [7] JavaMail API Documentation. (2011) homepage on Oracle. [Online]. Available: http://javamail.kenai.com/nonav/javadocs/