Countermeasures against security breaches in web-based training environments
|Title||Countermeasures against security breaches in web-based training environments|
|Booktitle||Proc. World Conf. on Educational Multimedia, Hypermedia, and Telecommunication (ED-MEDIA'2001)|
Today, as e-commerce is becoming a major issue for companies, security flaws are rapidly gaining public attention. Both corporate and private users consider security to be the decisive factor for Web-based business in future. At the same time the Web is used for distance learning and various platforms for Web-based training (WBT) have emerged. However, none of these platforms focuses on security issues and therefore security is designed and integrated only as an additional feature. In this paper we elaborate on the fundamental security concerns that users of WBT software have and show how existing flaws can be eliminated. Basically we rely on well-established security concepts. However, as these concepts have not been designed for Web-based applications, we have adapted them. Our solution is to use encryption algorithms with keys unknown to the Web server. Therefore our approach is compatible with all available Web servers.