Abstract
Many applications and tools have been developed to support the design and delivery of distance learning courses. Unfortunately, many of these applications have only cursory provisions for security and privacy, such as authentication based only on user id and password. Given the increased attacks on networked applications and the increased awareness of personal privacy rights, this situation is unacceptable. Indeed, electronic services of all kinds, including distance learning, will never be fully successful until the users of these services are confident that their information is protected from unauthorized access and their privacy assured. In the literature, there are few papers dealing specifically with security and privacy for distance education. El-Khatib, Korba, Xu and Yee (2003) discuss security and privacy for e-learning in terms of legislative requirements, standards and privacy-enhancing technologies. Korba, Yee, Xu, Song, Patrick and El-Khatib (2004) investigate how security and privacy can promote user trust in agent-supported distributed learning. Yee and Korba (2003, 2004) discuss the use and negotiation of privacy policies for distance education. Lin, Korba, Yee and Shih (2004) describe the application of security and privacy technologies to distance learning tools. Yee, Korba, Lin and Shih (2005) present an approach for using context-aware agents to implement security and privacy in distance learning. Holt and Fraser (2003) discuss the psychological and pedagogical motivation for security and privacy.
TopBackground
This section provides an overview of some of the major tools used in distance education and their purposes. The security implications of the use of these tools are addressed in the sections following the description of the tools.
Key Terms in this Chapter
Communication Privacy: A communication that cannot be listened in on by unauthorized parties.
Copyright Protection: Providing the means for artists or publishers to control the use and reproduction of their original materials.
Asynchronous Communication: People communicate online asynchronously if they are not online at the same time.
Synchronous Communication: Online communication between two or more parties, where all parties are online at the same time.
Storage Confidentiality: The confidential nature of data in storage.
Data Integrity: The assurance that data received are exactly as sent by an authorized party. In other words, the data contains no modifications, insertions, deletions or reproductions.
Access Control: Preventing unauthorized use of a resource; that is, controlling who can access the resource, under what conditions the access can occur and what those accessing the resource are allowed to do.
Distance Education Tools: Software applications that are used for the design, implementation and delivery of course materials; also includes software applications for distance education administration, communication during a distance education session and student performance assessment.
Student Performance Assessment: Evaluation of how well the student performed or learned in distance education courses. Such evaluation can lead to more effective quizzes and tutorials as aids to student learning.
Authentication: Proving that a party is who he/she claims to be.