Security Issues in a Synchronous e-Training Platform

Synchronous e-training is emerging as an alternative for developing human resources training plans in large organizations. Real-time communications are used to emulate face-to-face interaction that occurs in on-campus learning environments. However, the security concerns that a synchronous e-training platform must face may compromise the integrity, availability and confidentiality of corporate information, which may lead to serious economic and legal consequences. The disclosure of corporate information or the unauthorized participation in e-training activities must be prevented. In this paper, the security issues in synchronous e-training are identified, and the threats to a real e-training platform are analyzed. The platform is organized into four virtual networks with different security requirements and vulnerabilities. The platform assumes that multicast communications are available in the underlying corporate network. The threats affecting each element of the platform and their impact on e-training activities are discussed. Finally, a security scheme is proposed fixing the aforementioned vulnerabilities. Digital certificates and encryption algorithms solve most of the vulnerabilities, but other techniques such as access control lists and user skills on security basics are essential. Most of the proposed scheme is applicable to other real-time communication systems, since the e-training platform is built using standard technologies commonly used in voice over IP systems.