Designing a Secure Exam Management System (SEMS) for M-Learning Environments

INTRODUCTION

E-LEARNING has experienced such an extraordinary growth over the last years that its global industry market is estimated to be worth USD 91 billion [1]. Learn-ing Management Systems (LMSs), due to being essential tools of e-learning, have been adopted by many organiza-tions to establish and provide access to online learning services. Nowadays, the success of LMSs is so great: 74% of the US corporations and educational institutions cur-rently offering e-learning employ LMSs in their training programs [2]. In Spain, over 90% of the universities and colleges use an LMS [3]. According to [4], 29% of the or-ganizations (banking sector, retailing sector, etc.) in Tur-key have adopted e-learning applications. Globally, 79.5% of large companies were reported to be using these sys-tems in their training programs in 2008 [5] and the market for LMS is estimated to have an annual growth rate of about 25.2% through the year 2018 [6]. The expansion of mobile devices, meanwhile, is providing new ways to learn (mobile learning or m-learning). The 2015 Horizon Report [7] mentions that Bring Your Own Device (BYOD) learning technology is expected to be increasingly adopted by institutions in one year’s time or less to make use of mobile and online learn-ing. Forecast of the number of smartphone users for 2019 is 5.6 billion globally which is three times that for 2013 [8]. Thus, LMSs must change to adapt to new user require-ments and technologies. For example, interaction with external applications, such as social networks and mobile applications, must be incorporated in LMSs [9] to facili-tate personal learning demands that happen anywhere and at any time. M-learning puts the control of the learning process in hands of the learner itself [10] and enhances collaboration and flexibility. It is concluded in [11] that having a mo-bile, accessible e-book is “perceived to benefit student learning due to the value placed on the affordance of situated study in everyday life.” The students that partic-ipated in this study expressed feelings of competence and high self-efficacy, and that they were able to learn more using their e-books. Moreover, among other technological factors impacting the future of m-learning, Rao et al. [12] asserted that cloud computing would make mobile learn-ing more efficient in many ways, ultimately in time and cost. A web portal developed using Amazon’s cloud computing service is presented in [13] whereby teachers without programming skills can implement interactive learning processes. The materials developed can be used with mobile applications on Android and iOS based de-vices. Some of the contributions of m-learning [14] are: 1.It is learner-centered [15]. 2.It is a new alternative for information delivery and 3.It enhances collaborative learning [16]. On the other hand, m-learning faces several challenges [14] such as: 1.Lack of teacher confidence, training or technical difficulties with mobile devices [17], [18]. 2.Lack of institutional support [17], [18]. 3.Interoperability problems with LMSs [19]. 4.Security and privacy issues [20], [21]. One possible solution to overcome these challenges is the integration of m-learning initiatives with LMSs. From students’ point of view, m-learning could personalize their learning process as well as enable them to collabo-rate with other students or teachers. From teachers’ point of view, they could continue to use LMSs as their work-ing platform, leaving mobile devices for students. The problem, however, is that the integration between m-learning applications and LMS is not an easy task. Indeed, LMSs do not generally contain interoperability standards to communicate with external applications; they are usu-ally designed as monolithic or layered systems [9]. Moodle, as one of the mostly accepted and widely used open-source LMS, is a web-based application. It had a user base of 83008 registered and verified sites, serving 70696570 users in 7.5+ million courses with 1.2+ million teachers as of June 2013 [22]. Yet, due to the fact that it is not made to be service oriented, its services cannot be consumed through client applications other than web browsers. This has limited its scope of use to personal computers; therefore, the Moodbile Project [23] was con-ceived to extend the Moodle functionality to the world of mobile devices. This project aims to enable mobile learn-ing applications to work together with the widely accept-ed Moodle LMS by incorporating the appropriate external web services into Moodle architecture or redesigning certain components of Moodle to be service oriented. Even though Moodle 2.0 already had a collection of web services, these web services focused on developing an API suitable for massive batch actions like user or course creation and inscriptions. They are not, however, suitable for the integration of mobile learning applica-tions and do not properly address security management issues. Moodle Architecture is designed following the classic three-tier architecture where the major part of business logic is located at Domain Tier as illustrated in Fig. 1. While Domain and Presentation tiers have not been changed with respect to Moodle Architecture, the Mood-bile extension has created two tiers:

1.An External Tier where the actual services for mo-bile integration are defined. This layer can basical-ly access methods from the standard LMS API. 2.A Connectors Tier consisting of connectors for supported web services communication protocols like SOAP and JSON-RPC. Each connector imple-ments the translation of the services defined in the External Tier to the specific protocol. At the same time, this tier provides additional web services protocols and authentication methods more suita-ble for mobile devices, such as OAuth [24].

Therefore, Moodbile project is to provide an extension that would turn Moodle into a web services provider for mobile applications, with the design of a web-service layer to access most suitable Moodle features for mobile applications. However, while Moodbile serves as an ex-cellent extension to Moodle to bring its widely adopted services, such as administration, documentation, delivery of e-learning courses or training programs, to the mobile world, it never touches the Moodle Quiz Engine which was originally coded using PHP in a way that makes it very difficult to be service oriented. Consequently, Moo-dle Quiz Engine can only be accessed through web browsers, not through mobile apps. Web browsers are not considered as reliable platforms to conduct exams on mobile/tablet devices; they are slow, prone to security vulnerabilities, and may shutdown for many reasons. Security in e-learning for various environments in gen-eral has been well-considered in literature from early on [25], [26], [27]. Scholars have offered various protection measures against security threats originating from both the user side and the management side [28]. A significant component of e-learning processes is online exams. It is clearly desirable to simplify exam management such that all exam stages are performed electronically, so exams become e-exams. A number of e-exam systems for various purposes, ranging from custom adaptive systems [29] to commercial solutions [30], [31] have been developed. However, e-exams carry such unique and specific securi-ty issues that more of user-centered and technology-supported countermeasures need to be implemented [32], [33]. Frank [34] introduced a reference model based on types of risks that threaten integrity of e-exams and eval-uated three commercial systems using this model. The classical approach to perform e-exams involves providing specific exam centers equipped with machines configured with static security policy to be used only for exam purposes. This approach brings about the cost of creation and upkeep of the environment, and continuous underutilization thereof. Also, such policies cannot be applied in m-learning environments where the students’ mobile/tablet devices are meant to be used for general purposes, e.g. Internet browsing or e-book reading, as well as for the sake of exams. Using students’ mobile devices as exam stations offers the advantages of low cost, more exam takers at the same time, and no need for a wired network. Thus, a dynamic security policy is needed in this case with an appropriate enforcing mecha-nism. To the best of our knowledge, this issue has not yet been addressed by any previous work for the same envi-ronment.Moodbile Project does not address the security and privacy issues related to conducting exams in m-learning environment, and neither does the Moodle Quiz Engine which emphasizes only on the learning process not on securing the examination process. The “Secure Exam Environment” described in [35] supports exams based on Moodle to be taken by students on laptops. The system denies access to local files and Internet, but allows the use of certain programs like Excel and Java applications. Stu-dents have to connect their laptops to the wired LAN and boot from a USB drive or DVD. Other e-exam systems developed based on mobile platforms with wireless ac-cess [36], [37] lack proper security considerations and exam management functions. This paper aims to design a Secure Exam Management System (SEMS) that meets the distinct security require- ments of m-learning environments and to integrate it with the current Moodle/Moodbile platform. This will result in a complete LMS that is both equipped with se-cure exam services and suitable for m-learning. Our in-tention of integrating SEMS with a well-known LMS such as Moodle is so to get the benefits of Moodle’s ready-made services in other learning aspects such as course material administration, documentation, etc. which have been experienced and appreciated for the last 15 years. However, the proposed SEMS can also work as a standalone secure exam management system for m-learning environments without integration with Moodle. The paper is organized as follows: Section 2 presents the core services and functionalities of SEMS Exam En-gine. Section 3 introduces SEMS Security Agent that en-forces the dynamic network access control on students’ mobile devices during exams. Section 4 discusses various network issues that can affect the exam process. Section 5 is on SEMS integration with Moodle/Moodbile frame-work. Finally, Section 6 presents a survey conducted about SEMS.Although the proposed SEMS design is platform inde-pendent, the paper presentation adopts Android platform as a case-study for the following reasons:1.Android devices are more affordable for students. 2.According to IDC, Android dominated the market with a 78% in the first quarter of 2015 [38]. 3.Android is supported by many enterprises such as Google, HTC, Sony, Intel, LG, and Samsung [39]. 4.For better compatibility with Fatih Project [40], the Turkish government project that seeks to integrate computer technology into Turkey’s public educa-tion system. It will be fully developed on Android.

https://codeshoppy.com/shop/product/exam-hall-ticket/