Presentation is loading. Please wait.

Presentation is loading. Please wait.

S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments.

Similar presentations


Presentation on theme: "S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments."— Presentation transcript:

1 S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments

2 Outline Introduction Research Purpose M-learning Security M-learning security Framework M-learning security Sub-framework Evaluation & Results Conclusion Security Framework for Mobile Learning Environments

3 Mobile Learning Introduction Non availability of mobile learning security framework Security threats to mobile learning systems A subset of e-learning Group discussion among learners Access to learning content & materials Shortens learning curves and improves students’ performance Advantages Concerns

4 Research Purposes Mobile devices used in m-learning are vulnerable to security flaws The use of m-learning has introduced new threats to the learning environment There is need for security design at development stage Identification of vulnerable points in m-learning environments is important A proposed security framework for m-learning based on CIA dimension Application of the framework at three sub-levels Security Framework for Mobile Learning Environments

5 M-learning Security Are stakeholders security conscious? Do m-learning advocates / developers take security seriously when developing m-learning apps? Is any security framework used in m- learning environment? Is there any security measure to check threats from free WI-FI when learners are accessing m-learning systems on the move?

6 M-learning Security Sharp increase in mobile malware Image obtained from Indiatechonline.com The number of security issues on mobile device has increased exponentially over the years and continued to do so. The high number of malware growth further buttress the need to have sound and reliable security framework for mobile learning.

7 Proposed M-learning Security Framework M-learning Architecture and Requirements Architecture Requirements Three layers design:  Mobile device (client) for m-learning  M-learning servers (app, web & database)  M-learning network infrastructure Triad CIA security dimension:  Confidentiality  Integrity  Availability

8 M-learning Architecture and Requirements contd. Conceptual framework Identifying and safeguarding vulnerable points in the client, server and network infrastructure of an m-learning system which are prone to attacks is the basis of the framework. The framework security policy is based on CIA triad dimension in accordance with ISO/IEC27001 and ISO/IEC17799:2005 standards. Threats and attacks can penetrate the m-learning environment through the mobile device, the server or the network equipment as they are indicated to be the vulnerability points. A threat can spread from one vulnerability point to another and penetrate all other mobile learning systems as the devices are connected to one another. In m-learning context, the database server may be a major target since all students’ personal information, assessment, grades and feedback are centrally stored in it while the mobile device may be a target if the purpose is to have unauthorised access to learning content stored in it. The mobile learning framework can detect any threat and deter any attack before penetrating the system.

9 Proposed M-learning Security Framework The proposed m-learning framework is a generic one having three sections: the threats and attacks, m-learning environments and possible solutions. The m-learning environment is subdivided into CIA triad security requirements and vulnerability points in order to determine threats and attacks that are peculiar to each vulnerable point.

10 Mobile Client Sub-framework This is a mobile device sub-framework designed to detect, prevent and give a solution to any attack or threat to mobile devices. The mobile client comprise of the threat, vulnerability points, security requirements and possible solutions. If a mobile device is lost or stolen, the CIA requirement affected is the availability as the device cannot be available for legitimate use. Regular online data backup can make another copy of data available for immediate use. The location of the mobile device can be tracked and found. Remote wipe can be used clear confidential data if the mobile is lost

11 Server Sub-framework The server sub-framework is developed to protect the m-learning host systems from various threats and attacks. For example, malware and malicious programs (targets poorly designed server) can affect availability, integrity and confidentiality. Putting in place the triad CIA requirements through regular patch updates and installing antivirus/malware can deter threats and attack.

12 Network Sub-framework This is a network infrastructure sub-framework detailing possible threats and attacks, CIA requirements and possible solutions to them. Aside from a physical attack that affects availability and can be prevented with adequate physical security policy, unscheduled down time/ disruption is a major network infrastructure threat.

13 Evaluation & Result Security Framework for Mobile Learning Environments The framework and the sub-frameworks were examined and evaluated during a study on mobile learning security in four universities in Nigeria. The feedback from the study shows that 9 out of ten participants agreed that security issues around confidentiality, integrity and availability are major concerns in implementing and deploying mobile learning successfully in Higher Education Institutions The result from the study further shows that mobile device client is the most common vulnerable point that is prone to attack.

14 Based on the result, efforts on m-learning security framework should be directed to having extremely secured mobile client devices. Conclusion


Download ppt "S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments."

Similar presentations


Ads by Google