An approach for adapting moodle into a secure infrastructure

Abstract

Moodle is one of the most popular open source e-learning platforms. It makes available a very easy-to-deploy environment, which once installed, is ready to be used. These two characteristics, make it a very attractive choice. But regarding information security and privacy, it presents several and important drawbacks. This is mainly due to the fact that it leaves the most serious tasks, like server configuration or access control in the hands of the system administrator or third-party module developers. This approach is understandable, as is that very fact what makes Moodle easy and therefore attractive. The aim of this paper is not to discredit this option, but to enhance it by means of standard cryptographic and information security infrastructures. We focus in the registration process, which ends with the distribution of a user certificate. To link the users' real identity with their virtual one, we have taken an approach that merges EBIAS (Email Based Identification and Authentication System) with a kind of challenge-response method involving secure pseudo random number generation based in a fast chaos-based Pseudo Random Number Generator. © 2011 Springer-Verlag.