A Secure Mobile Learning Framework based on Cloud

With the rising need for highly advanced and digital learning coupled with the growing penetration of smartphones has contributed to the growth of Mobile Learning. According to Ericsson’s forecast, 80% of the world’s population (6.4 billion people) will be Smartphone users by 2021. But the existing Mobile Learning Frameworks has some limitations that need to be addressed for mass adaptation, limitations include device compatibility and security. In this paper we propose a Secure Mobile Learning Framework (SMLF) based on TPM in the cloud. SMLF is supported by three layers Communication Module (CM) which helps in ensuring end to end security. In addition to this we propose a procedure for personalizing mobile learning applications of the student and instructors. We also propose a secure mobile learning protocol in SMLF framework. Proposed SMLF ensures mutual authentication of all the stakeholders, privacy of the message, integrity of the message, and anonymity of the student from the instructor and nonrepudiation and is free from known attacks. Our proposed SMLF framework is successfully verified using BAN logic. Keywords—Trusted Platform Module (TPM); Communication Module (CM), anonymity; non-repudiation; personalized; BAN logic


I. INTRODUCTION
Mobile learning combines electronic content with learning support and services.Mobile learning systems requires specialized infrastructure but this infrastructure cannot be afforded by universities.Cloud provides a novel opportunity for these universities which is based on the distributed computing, parallel computing, grid computing and virtualization technologies.When adopting cloud technology in the realm of Mobile learning customers are not ready to deploy their applications in the cloud as security and data privacy are the main concerns in the cloud.Popularity of Mobile learning system should contain the following features L. Gouveia (1999) [8]: Following are the requirements for mobile learning framework: 1) Authentication of Stakeholders: Student / Instructor / University identifications should ensure strong mutual authentication properties for all the stakeholders in the framework.
2) Privacy of the Message: Message privacy should be ensured among the messages exchanged among the stakeholders.
3) Integrity of the Message: Messages exchanged among the stakeholders should not be altered, so Message integrity property should be ensured for all the messages exchanged among the stakeholders.
4) Non-Repudiation: Non-repudiation property should be ensured in the framework to avoid stakeholders denying their involvement in the communication.
5) Anonymity of the student from the instructor: Anonymity of the student from the instructor should be ensured while submitting feedback for the instructor i.e. the real identity of the student should not be known to the instructor.
6) Unauthorized access to the stakeholder's credentials and private resource or information: No intruder or stakeholder in the framework should be able to access other stakeholder"s credentials and private resource or information.
The rest of the paper is organized as follows: In Section 2 we present Related Work, in Section 3 we present our proposed mobile learning framework based on Cloud, in Section 4 we provide formal verification of SMLF protocol using BAN logic, Section 5 presents Comparative Analysis of our proposed framework with Related Works, and Section 6 concludes our work.

II. RELATED WORK
Existing mobile learning solutions based on cloud such as [1]- [3] does not ensure non repudiation, mutual authentication, integrity properties.So this paper overcomes all the flaws of the existing solutions, by proposing a Secure Mobile Learning Model (SMLF) based on TPM in the cloud.SMLF is supported by three layers Communication Module (CM) and a novel procedure is proposed for personalizing mobile learning applications of the student and instructors.Proposed SMLF ensures authentication of all the stakeholders, privacy of the message, integrity of the message, and anonymity of the student from the instructor and non-repudiation and is free from known attacks.www.ijacsa.thesai.org

A. Proposed Four Layer Mobile Learning Model
In order to ensure success and to maintain the efficiency of the services, all the stakeholders must cooperate and stay open-minded to the development of new technologies, protocols and frameworks.We propose a four-layer mobile learning model involving stakeholders used to understand the functions and analyze the relationship among the stakeholders.

B. Proposed Communication Module
Student, Instructor and University are the three stakeholders involved in a normal mobile learning environment.Both Student and Instructor have a smart mobile phone with a Secure Element (SE) which connects with the cloud Over The Air (OTA) provided by MNO using wireless networks.Our proposed model is designed for the application layer so it focuses on the security of the business application layer in the three layer network model for mobile learning so we do not make any change in the protocol layer and physical infrastructure layer.Fig. 1 depicts the communication module of SMLF.In this section we propose a procedure for personalization of SMLF, Fig. 2 depicts the procedure for personalization of SMLF.

1)
Step 1: University acts as a Registration Authority (RA) for both Students and Instructors for issuing certificates.Certification Authority (CA) issues both X.509 and Short Lived Certificates (SLC) to all the stakeholders.CA issues Anonymous X.509 Certificates to all the students in order to ensure anonymity from instructors during the process of evaluating instructors (by the students).RA checks the certificate of the SEs of each and every student & instructor and maps the serial number and SE certificate to the user"s national identity.All the stakeholders in the proposed mobile learning framework generate their credentials in the tamper resistant hardware such as Secure Element (Students & Instructors) and the Trusted Platform Module (TPM) of the University in the cloud. 2) Step 2: Trusted Platform Module (TPM) of the University in the cloud builds the database of the registered students and the instructors.
3) Step 3: All the students will be issued anonymous certificates in order to ensure anonymity of students during evaluating the instructor.

4)
Step 4: Students and instructors will be asked to download mobile learning application which will be uploaded by the university in the cloud, before downloading the mobile learning application students and instructors will check the authenticity of the mobile learning application by downloading the certificate.If the checking is successful they accept the mobile learning application or report it to the university.

5)
Step 5: Students and instructors will check the certificate of TPM of the university which is in the cloud.If the checks are successful they can start using Mobile learning application.
a) Students and instructors validates platform certificate of TPM of the university which is in the cloud using Certificate Validation Procedure given in (D.R. Student gets authenticated by the UMLS and is allowed to download the files uploaded by the instructor.

IV. FORMAL VERIFICATION OF SRPF PROTOCOL USING BAN LOGIC
A security protocol is a communication protocol which exchanges encrypted messages by using cryptographic mechanisms [4] (Muhammad et al., 2006).Popular and carefully designed protocols were found out to have security breaches (Muhammad et al., 2006) [4].We have analyzed the protocol using BAN logic [5]

A. Assumptions for the Analysis and Verification of the
Proposed Protocol 1) Assumptions about keys and secrets: "S" is a set of stakeholders containing {Ins, UMLS and S}.These assumptions gives a brief overview of public and private keys possessed by all the stakeholders.CA certifies all the certificates and knows all the public keys of the stakeholders (AS1, AS2).

AS1.
CA believes Certification Authority CA believes that all the stakeholders have their own public keys to communicate.

AS2.
S believes .All the stakeholders in the framework knows the public key and certificate of the certification authority CA.

2) Assumptions about freshness:
Assumption AS3 specifies freshness of quantities.For instance, if the Instructor Ins sees quantity in a message then the Instructor Ins can conclude that it is a replay message.
Every stakeholder believes nonce generated by him/her is fresh Assumption AS4 is about validity time of certificates and timestamps which ensures timeliness.

AS4.
& are the timestamps generated by the stakeholders X and Y ({Ins, UMLS, S and CA}) which ensures timeliness of the messages exchanged.www.ijacsa.thesai.org 3) Assumptions about trust: These assumptions gives a brief overview of trust level on each stakeholder.

AS5.
, b) Key pair generation and storage at the User side in secure element: UICC is used at student which is a secure element.UICC is used for generating and storing student"s credentials.
c) Identity protection (Anonymity) of Student from Instructor: Student enrolls for anonymous identity with CA and University, both CA and University know the original identity of student.So the instructor will not be able to know the real identity of student.
d) Withstands well known attacks: Timestamps and nonce are included in the messages exchanged thereby avoiding replay attacks in our protocol.An intruder (In) cannot impersonate as student to CA and University because intruder (In) is not in possession of Student"s private key, so impersonation attack is not possible in our protocol.Intruder (In) is not in possession of receiver"s private key so man in the middle attack is not possible in our protocol.

VI. COMPARATIVE ANALYSIS OF THE PROPOSED SOLUTION
WITH THE EXISTING SOLUTIONS In this section we present a comparative analysis of SMLF with related works.Table 1 depicts the comparative analysis of SMLF with related works.www.ijacsa.thesai.org

VII. CONCLUSIONS AND FUTURE WORK
This paper proposes a Secure Mobile Learning Framework (SMLF) based on TPM in the cloud.SMLF ensures end to end security using Communication Module (CM), SMLF proposes a procedure for personalizing mobile learning applications of the student and instructors.We also propose a secure mobile learning protocol in SMLF framework.Proposed SMLF ensures mutual authentication of all the stakeholders, privacy of the message, integrity of the message, and anonymity of the student from the instructor and non-repudiation and is free from known attacks.Our proposed SMLF framework is successfully verified using BAN logic.Our future work is to verify the proposed mobile learning protocol using advanced formal tools (i.e. in simulation environment) such as AVISPA and Scyther tools in order to verify that it can withstand all the known attacks.

a)
Rich content and curriculum approved by experts.b) Convenient & Flexible for all the stakeholders.c) Continuous improvement.d) Rich simulation with threaded discussion.e) Should ensure Security and privacy in delivering.
a) Mobile Learning Layer: The student, the University and the Instructor are the Stakeholders involved in this mobile learning layer.University acts as a Registration Authority (RA) by offering Mobile PKI services of registration to both students and instructors.b) Communication Layer: A mobile learning framework is based on a wireless network, which is maintained by the mobile network operator.The mobile network operator is a part of communication layer and is responsible for carrying the data Over The Air (OTA).c) Technology Layer: The software provider, Mobile device manufacturer, Secure Element (SE) manufacturer, Trusted Platform Module (TPM) manufacturer, and the Cloud provider are located in the Technology Provider layer.The software provider produces software components that connect different stakeholders in the Mobile Learning layer, while the Mobile device manufacturer provides the mobile devices to students and Instructors; the Secure Element (SE) manufacturer provides SE"s to students and Instructors; the Trusted Platform Module (TPM) manufacturer provides TPM"s to University, Cloud Provider, Mobile Network Operator (MNO) and Certifying Authority (CA) and finally Cloud Provider provides cloud services to mobile learning framework.d) Supervision Layer: Certifying Authority (CA), Regulator (Department of Higher Education) and the Central Government are a part of this layer.Certifying Authority (CA) is responsible for issuing certificates, binds public keys and revokes certificates of all the stakeholders in the Mobile Learning framework.It issues X.509 version 3 and Short Lived Certificates (SLC) for all the stakeholders in the framework.It also acts as a Trusted Service Manager (TSM) which establishes an important link among Regulator, MNO and the Central Government.Department of Higher Education acts as a Regulator for all the universities in the country it frames and implements the policies for mobile learning framework from time to time.Regulator submits reports to the Central Government Time Stamping Authority (TSA).
Proposed SMLF ensures End to End Security, i.e.SMLF ensures authentication, integrity, confidentiality and non-repudiation properties.