Before it reaches the deployment phase, an open educational system like TeSLA has to be properly secured with classical measures, such as authentication, data ciphering and integrity checks, in order to mitigate cyber-attacks that may lead to disastrous consequences, such as data leakage or identity theft.
However, in order to meet the GDPR (General Data Protection Regulation, see http://tesla-project.eu/gdpr-come-data-protection-officer/) recommendations, it is also necessary to ensure a reasonable level of privacy in the system. Security and privacy are very close domains, and yet important differences have to be highlighted, since it is possible to build a very secure system that fails to ensure any privacy properties. Security, from a technological standpoint, consists in guaranteeing specific requirements at different levels of the architecture, such as confidentiality, integrity or authentication. It mainly targets the exchange and storage of data, which in the case of TeSLA may contain some traces of learner’s biometric data, the learner’s assessment results, and other sensitive information. In contrast with security, privacy consists in preventing the exploitation of metadata to ensure that no personal information leakage will occur. However, it always remains mandatory to comply with legal constraints, which may prevent full anonymization of the communications. Therefore, the main objective of privacy, from a technological perspective, is to reveal the least possible information about the user’s identity, and to prevent any undesired traceability, which is often complex to achieve.
In the context of TeSLA, several privacy technological filters have been included in the underlying design of the architecture. The randomized TeSLA identifier associated to each learner is a proper example. This identifier is used each time the learner accesses TeSLA, hence ensuring pseudo-anonymity to every learner – full anonymity not being an option in TeSLA for legal reasons. Yet, a randomized identifier alone cannot protect the learners against more complex threats such as unwanted traceability. The system can still be able to link two different sessions of the same learner. A technical solution that could be integrated in the TeSLA architecture to handle such issues is the use of anonymous certification.
Anonymous certification allows users to prove they are authorized to access a resource without revealing more than they need about their identity. For example, users can be issued with certified attributes that may be required by the system verifier, such as “Older than 18”, “studies at IMT”, or “lives in France”. When the users want to prove that they own the right set of attributes, they perform a digital signature based on the required attributes, allowing the system verifier to check if a precise user is authorized, sometimes without even knowing precisely which attributes were used.
Such an approach could be integrated in several points of the TeSLA architecture where it is not necessary to identify the learner. For example, to access course material on the VLE, it should be enough to prove that the learner comes from an allowed university and is registered for this course. That way, it becomes impossible for the VLE to follow the studying activity of each learner, while still letting the learners access the course material. Similarly, when a student has taken an assessment, the student’s work can be anonymously sent to anti-cheating tools (such as anti-plagiarism). With anonymous certification, each tool might receive a request for the same work without being able to know which learner wrote it, but also without being able to correlate the requests and decide whether they were issued by the same learner.
Therefore, anonymous certification might prove to be a solid and innovative asset to enhance privacy in TeSLA, and to prevent traceability of the learners whenever it is not required.
IMT Team
FUNDED BY THE EUROPEAN UNION
TeSLA is not responsible for any contents linked or referred to from these pages. It does not associate or identify itself with the content of third parties to which it refers via a link. Furthermore TESLA is not liable for any postings or messages published by users of discussion boards, guest books or mailing lists provided on its page. We have no control over the nature, content and availability of any links that may appear on our site. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
TeSLA is coordinated by Universitat Oberta de Catalunya (UOC) and funded by the European Commission’s Horizon 2020 ICT Programme. This website reflects the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.