Moodle Authenticator: Proposed Security Enhancement for Learning Management System at NUST

Abstract

Information technology has led to new opportunities for supporting the education process via eLearning (electronic learning). Security in general and authentication in particular in eLearning surfaced as a fundamental requirement owing to its rapid advancement and adoption. Authentication system‟s design, management and integration are crucial for any eLearning system security. Numerous existing eLearning systems rely on weak authentication mechanisms including traditional password-based authentication. Further research with strong emphasis on improving authentication methods for enhancing eLearning security mechanisms is highly desirable. To improve the security of password-based eLearning authentication, a favorable resolution is to deploy a two-factor or multi-factor authentication. This thesis studies the existing authentication features of eLearning system i.e. Learning Management System (LMS) at NUST, analyses its benefits and limitations. Inspired by various recent industry initiatives for eLearning authentication, a one-time password based two factor authentication system is presented along with the traditional username and password method. It takes advantages of QR codes (abbreviated from Quick Response Code) and Google authenticator functionality for developing and integrating the proposed solution. The prime emphasis of the recommended solution is to implement and present a simple, transparent, fast, user friendly, practical and secure process of authentication for NUST LMS using existing infrastructure, hardware and software that do not incur extra cost or resources.