A Study on Cybersecurity Challenges in E-learning
and Database Management System
Habib Ibrahim
Department of Software Engineering
Firat University
Elazig, Turkey
habiib30@gmail.com
Abstract— Education is gradually moving from traditional
classroom-based setting to online-based. E-learning has
become the topic of discussion as far as cybersecurity is
concerned. E-learning as a mode of acquiring knowledge and
skills through electronic means, cannot be achieved without
internet technology. In other words, it depends largely on the
internet technology for the sharing of ideas and information.
However, the network environment is a home for hackers and
the internet fraudless. As the reach of the internet expands to
cover ever broader aspects of our education and social welfare,
cybersecurity is the major concern when dealing with privacy,
authentication, and confidentiality of user’s information stored
in a database server. Most often hackers release attacks
designed to steal confidential data and an organization’s
database servers are the targets of these attacks because they
are the core of any organization, storage bank. Hence, it is very
important to put strong security measures in place to protect
the data and information of the end-user against any malicious
attack. This paper, therefore, aimed to discuss cybersecurity
issues related to the e-learning management system, the
significance of the e-Learning, and the Database Management
System. Again the paper discusses top security issues in
databases and how to lessen them.
Keywords—cybersecurity, e-learning, skills, traditional,
hackers, malicious, database management system.
I. INTRODUCTION
E-learning is the process of acquiring knowledge and
skills through electronic means and it is one of the emerging
technologies that we are experiencing nowadays. With the
advent of technological gadgets and tools, it has reduced the
difficulties and frustrations learners go through in seeking
knowledge and skills. Gone are the days where people have
to travel from far places in acquiring knowledge and skills,
paying a huge amount of money to develop their potentials.
For instance, universities, colleges, or other companies don’t
need to spend a lot of money on building structures or
renting equipment such as electronic boards, projectors, etc.
students can acquire relevant information and skills through
the internet in their confined environment with limited
resources. Both schools and businesses have now embraced
e-learning and it is spreading rapidly in our modern society
[1]. This technology has provided remarkable opportunities
for students and the entire stakeholders of the e-learning
system.
As an internet-based learning method, e-learning
management systems use the Internet as a place to obtain all
necessary information and knowledge. However, there are
many illegal activities and security threats taking place over
the internet. The e-learning environment is inevitably
978-1-7281-6939-2/20/$31.00 ©2020 IEEE
Authorized licensed use limited to: University of Exeter. Downloaded on June 21,2020 at 20:27:52 UTC from IEEE Xplore. Restrictions apply.
Songül Karabatak Abdullahi Abba Abdullahi
Department of Informatics Institute of Information Technology
Firat University University of Science &Technology
Elazig, Turkey Wudil Kano State, Nigeria
s_halici@hotmail.com Abdullahilawal888@gmail.com
exposed to constant security threats, risks, and attacks [2].
More to the point, the internet has become the origin of cyber
attacks, where hackers and internet fraudless are using
different ways to steal personal information and privacy. The
sharing of ideas, information via electronic means are the
core elements of any e-learning system. For that matter, data
must be secured and protected to maintain its confidentiality,
integrity, and availability [3]. However, many educational
institutions are now adopting an e-learning management
system as the means of delivering knowledge and skills
without putting any security measures in protecting and
safeguarding the information and data of their clients. A
survey conducted by Campus Computing
(compuscomputing.net) and Western Interstate Commission
for Higher Education Cooperative for Educational
Technology (WCET) found that most of the institutions have
adopted a learning management system (LMS) medium for
offering online courses [4].
The purpose of this paper is to briefly analyze the related
discussions in the literature review, to provide a summary
review of the security aspects of the e-learning management
system, and also to ascertain the security challenges in an e-
learning management system. The study adopted different
mechanisms in reviewing the cyber risk involved in an e-
learning management system, through a thorough literature
review using academic databases such as Google Scholar and
ACM Digital library. This paper hopes to organize this
information to help Administrators, students, and educators
know the risk involved in an e-learning management system.
And hence, implement some security measures to provide a
secured and protected environment for e-learners against
cyber attacks.
II. LITERATURE REVIEW
A. Database Management System
A database management system is a beacon when it
comes to the e-learning system because it manages the vital
information of learners and its beneficiaries therefore its
security is very essential. Moreover, database security issues
have been more complex due to widespread use of the
internet and intranet making it exposed to online intruders
and hackers [5]. Dunn-Cavelty defines cybersecurity as
“both about the insecurity created through cyberspace and
about technical and non-technical practices of making it
(more) secure” [6]. This implies that cybersecurity is not
only limited to a technical issue that is associated with
computer science or information technology. Cybersecurity
entails larger study areas and complex matters.
B. The Benefit of the E-Learning Management System
As the world has now become a global village, education
is gradually moving from the traditional classroom-based
experience to an online base. People are acquiring
knowledge and skills without necessarily been in the
classroom. New course models are now available, blending
face-to-face with e-learning. Both synchronous and
asynchronous form of learning is now available for the
seekers of knowledge and skills. These advantages do not
only benefit the students, but rather both students and the
entire stakeholders of the e-learning system. The benefits of
e-learning are discussed below;
• The benefit of e-learning to the students. E-learning has
been the easiest way to acquire knowledge and skill. With its
flexible nature, it has become the medium of education for
public workers. It can be deduced that e-learning has
promoted life-long learning. E-learning provides the learner
the opportunity to have access to materials and information
everywhere at any time. In an e-learning environment,
information is been accessed online and there is no time-
bound in reaching the desired materials, therefore, learners in
their comfort zone have access to knowledge at any giving
time. E-learning has helped students economically [7] in
essence that, students do not need much money in buying of
reading materials. Instead, relevance information can be
accessed online. Situations, where educators have to travel to
the longer distance in seeking knowledge are over. E-
learning saves money and time. With the help of new ICT
gadgets in our technological environment, it has helped
students to get more understanding of related concepts.
Knowledge is now at the doorsteps of students. Students can
have access to knowledge at any time, anywhere, and at any
place. The benefit of e-learning on students cannot be
quantified. E-learning environment provides the learner with
ICT skills. The more learners interact with ICT tools the
more skillful they become.
• The benefit of the e-learning management system to the
organization. With the revolution of e-learning, institutions
do not need to put on a lot of structures to accommodate
thousands of students, since learners can have access to
information online in both synchronous and asynchronous
form. Economically, institutions, organizations, and
companies are making a huge amount of money through
online courses.
C. Cybersecurity in the E-Learning Management System
The current e-learning systems supporting online learning
have security deficiency [3]. There are a series of online
course management systems designed to enhance
collaborative learning, but then, the security aspect is been
ignored. This may the pave way for insecurity issues that can
affect managerial activities, such as students trying to get
access to their colleague’s information, Tutors and
administrators manipulating with students’ academic records,
etc. Based on these circumstances, Moneo et al. [7]
suggested the implementation of a system based upon Public
Key Infrastructure (PKI) models that offer essential security
properties and services in online collaborative learning,
which ensures availability, integrity, authenticity, and
confidentiality of data and information.
PKI consists of hardware, software, and procedures
needed to manage, store, and revoke digital certificates and
public keys. PKIs form the bases that allow technologies,
Authorized licensed use limited to: University of Exeter. Downloaded on June 21,2020 at 20:27:52 UTC from IEEE Xplore. Restrictions apply.
such as digital signature and encryption, across large user
populations. Hence, it provides elements needed for a secure
and trusted online transfer of information. Also, PKIs
facilitate the formation of a secure transfer of data between
users and devices ensuring authenticity, confidentiality, and
integrity of operation.
Furthermore, in trying to protect the availability,
integrity, confidentiality, and authenticity of the e-learning
management system Mohd Alwi and Fan [8] proposed a
model that was created by Microsoft in designing web
applications to evaluate security threats in e-learning systems
known as “IWAS”. This model provides five steps in
analyzing security threats in an e-learning environment, and
they are been listed as bellow;
• Identify security objectives
• Application overview
• Decompose application
• Identification of threats
III. DATABASE SECURITY RISK IN THE E-LEARNING
MANAGEMENT SYSTEM
A. Database Security Threats
The major concern in the e-learning management system
is the security threats against its database server and to
ensure the security of any database system, data recovery and
data visiting must be giving a concern. Data visiting can be
evaluated by using an appropriate authorization technique to
make sure that only legal users are permitted to access their
data and reject any unscrupulous encroachment to the
system. Also, data recovery refers to the ability of the
database system to recover its data securely and entirely.
Some of the security issues facing e-learning and database
management system are SQL injects, privilege elevation,
cross-site scripting attack, data leakage, improper error
processing, malware, denial of service, legitimate privilege
abuse, excessive privilege abuse, database communication
protocol vulnerabilities, and exploitation of vulnerable
databases [11-13].
• SQL injection is a technique whereby a user injects SQL
commands into the database server from a weak application
by controlling the syntax and capabilities of SQL. In other
words, the intruder cuckold database server to execute
unauthorized operation by adding an extra SQL statement or
command to the end of pre-defined inquire statement in
application programs. Hence, the attacker can influence the
query passed to the back-end database to snatch vital
information or to get control over the database server.
• Cross-site scripting is known as a client-side code
injection attack. The attacker aims to execute malicious
scripts in a web browser of the user by infusing malicious
code in an unpretentious web page or web application. The
user is been attacked when visiting the web page or
application that executes the malicious code. In the process,
the web application becomes the gateway to deliver
malicious scripts to the user’s browser. Some of the exposed
platforms that are normally used for Cross-site scripting
attacks are message boards, forums as well as a web
application and web pages that allow comments.
• Data leakage can be explained as the illegal transmission
of data from one point to another through electronic or
physical means. This theft normally occurs via the web page,
email, and also through mobile data storage devices. Data The goal of the e-learning system is to provide quality
leakage is an alarming issue for data security as far as the teaching and learning to everyone and to ensure the
database is concerned. It is a threat that any organization will authenticity, availability, integrity, and confidentiality of
want to protect itself from regardless of the size of the learners’ information and data. Authenticity in e-learning
organization or industry because of the damage it might implies, to identify users of the system and giving them the
cause. right to access their account. Hence, only authorized users
• The exploitation of vulnerable databases, most often should have access to the e-learning environment. To ensure
organizations take a couple of times to patch databases which availability of information means, that learners should have
makes them more vulnerable. In that situation, attackers access to information at any giving time. The beneficiaries
manage to exploit unpatched databases that still have default of the e-learning system largely depend on the internet for
accounts and configuration parameters. information; therefore, the required information should
always be available for users’ to access. Again, it is very
• Malware is one of the serious menaces when it comes to essential to secure the integrity of the learner’s information.
database cyber attacks. A hacker can design a malicious
Integrity in e-learning simply means protection of data from
code to interrupt the database system to stabilize an
an unauthorized person to make sure that, the published
organization’s database. One of such agents that targeted
victim’s databases is W32. Disttrack malware which is also information of a user cannot be altered. Integrity focuses on
known as Shamoon. This was able to wipe out data from access control which can be compromised by intruders;
infected PC hard disks [13]. therefore, there is the need to put pragmatic measures in
place to fish out anyone who tried to access the database of
B. Categories of E-threats Equations the e-learning management system.
The e-learning system allows users to access their
The possible security issues related to e-learning
information through a database system after their credentials
management system were analyzed and categorized by Alwi
are been certified by a database management system. Also,
and Fan [3] in table 1 below;
in other to get access to their information, a user must pass
TABLE I. SECURITY THREATS AND CATEGORIES OF E-THREATS the authentication when operating objects, tables, views,
triggers, stored procedures, etc. in the database. However, to
Security Threats Categories of E-threats make sure that the database system is protected against any
Worms, macros, denial of intruder, the rights allocation and constraints of accessing
Deliberate software attacks
service control must be implemented and this can be achieved
Bugs, programming errors, Technical software failures through the following database design principles [11].
Undetected loopholes And errors
A. Secure Database System Model
Employees mistakes, accidents Acts of human error or failure
A secure database system model can be created to
Unauthorized access, data Deliberate acts of espionage or safeguard the security of user’s data against any attack and
collection trespass this can be divided into four layers namely;
Destruction of information or A deliberate act of sabotage or • System layer. This layer comprises data access,
system vandalism
encryption, and decryption algorithm.
Technical hardware failures or
Equipment failure • Functional layer. This layer happens to be the key to the
errors
whole system which encompasses key distribution
Illegal confiscation of equipment
or information
Deliberate acts of theft mechanisms, fast indexing mechanisms, and derive control.
Compromises to intellectual • Interface layer. This is directly user-oriented, and it
Privacy, copyright, infringement
property consists of user authorization management, authentication,
Quality of service deviations from
database maintenance, and query management.
Power and WAN service issue
a service provider • Application layer. This section allows users to
manipulate and interacts with the database. In other words, it
Antiquated or out-dated Technological obsolescence
is the programming interface that unifies communication
Blackmailing for information Deliberate acts of information between a computer application and databases such as SQL
disclosure extortion Server, MySQL, etc.
B. Management Strategy of Database
IV. WAYS TO LESSEN DATABASE SECURITY THREATS IN THE
E-LEARNING MANAGEMENT SYSTEM The following are the strategies designed to lessen the
database against malicious attacks and it has been illustrated
Database security is a very important operation that any
in Figure 1;
organization should improve to run its activities smoothly.
A database stores the most sensitive information of any • Database privileges and access controls.
organization or institution data that can be vulnerable to
• Database license.
hackers, therefore much emphasis must be given to its
security in other not to expose the confidentiality and • Establish data security by using the system stored
integrity of its user’s information. procedure.
• Establish data security by using the view.

Authorized licensed use limited to: University of Exeter. Downloaded on June 21,2020 at 20:27:52 UTC from IEEE Xplore. Restrictions apply.
 • Create data security by using the database role.
• Systematic installation of password vulnerabilities.
• Systematic installation of patches (service packs
and hotfixes).
• Operating System file permissions and settings.
• Data encryption.
• Audits trail and monitoring database access.
• Data backup.
Fig 1. Management strategy of database
V. A PROPOSED MODEL FOR MANAGING E-THREADS
To have a secured and protected environment free from a
malicious attack against the database of the e-learning
system, this paper proposed the implementation of the
following techniques or tools (in Figure 2) such as; Network
Monitoring Device (e.g. Firewall or Intrusion Detection
System), Data Encryption, Digital Right Management, and
Biometric Verification. These techniques when implemented
will help to lessen some of the cybersecurity challenges
facing the e-learning environment against any malicious
attack.
Authorized licensed use limited to: University of Exeter. Downloaded on June 21,2020 at 20:27:52 UTC from IEEE Xplore. Restrictions apply.
Fig 2. Process Model for managing E-threats
A. Firewall
A firewall is defined as any hardware or software
network device such as a router, proxy, or gateway capable
of controlling the movement of network traffic and have the
capacity to either block or allow data pockets based on a
designed security rule [14]. The main work of a firewall is to
form protection between a specified network and external
source against malicious attack. To execute this task,
firewalls set a barrier for network movement at a computer’s
entry point known as ports, a place where exchanged of
information with the external devices normally occurred. For
example, a computer with an Internet Protocol (IP) address
192.168.1.102 is been permitted to connect to another
computer with IP address “172.18.2.1 over port 22”. Now
let’s picture IP address as a key to a house and port number
as a key to a room inside that house. To enter a particular
house, you need IP address but it does not guarantee you
access to a room in that house. Rather, only those who are
been authorized to a specific room have access to that room.
The analogy here is that a sophisticated firewall should be
robust against any external intruders but it should give
authorization for e-learner’s to have access to information.
B. Biometric Authentication
Biometric authentication or verification is a form of
security authorization that matches biometric characteristics
of a user to authenticate that a person trying to access a
particular system is verified to do so [15]. To maintain the
level of trust among the users of the e-learning system, the
security, integrity, and confidentiality of learner’s data must
be authenticated. The biometric authentication system is now
embraced in our modern society because of its uniqueness in
addressing security issues. Human beings have different
features of recognition such as speech, face, fingerprint, palm
prints, retina, palm veins, iris [16] which distinguishes one
from another; therefore using biometric authentication is
more secured as far as security issues are a concern.
Biometric authentication plays a vital role in protecting the
confidentiality of users' data in an e-learning system. There
are different techniques to achieve that, irrespective of the
learner’s characteristics. This can be knowledge-based
authentication, a situation where users are to enter a
password or pin before getting access. Another technique to
use is token-based authentication, this is where devices like a
key card or any biometric-based authentication such as
fingerprints, face scan, palm scan are used [17].
C. Data Encryption
Data encryption simply means keeping or hiding data in a
format that is not visible or readable to a casual search [18].
The main reason behind data encryption is to ensure the
confidentiality of the user’s information and data stored on
computer systems which can be transmitted using the
internet or intranet and other computer networks. There are a
variety of encryption techniques that can be implemented to
enhance the security of data such as secret-key algorithms
and Public-Key algorithms [19]. These techniques provide
confidentiality and enhance more security initiatives which
include authentication, integrity, and non-repudiation of data.
D. Digital Right Management
Digital Right Management (DRM) is another online
technique to protect digital media against copyright
infringement. The main idea behind DRM is to put a
restriction against unauthorized copying of digital media.
The application of DRM in e-learning is very important
because it does not only prevent unauthorized access to
information but also controls (editing, forwarding or sharing,
printing, preventing screen grabbing) of information. To
implement the DRM technique an application known as
“writer” is used. This application encrypts the content and
only authorized people with the decryption keys can have
access to that document.
VI. CONCLUSION
Despite all the advantages of the e-learning and database
management system which encompasses all spectrum of
learning, e-learning as a form of learning using technology,
largely depends on the internet for its execution, and every
technology has some element of cybersecurity issues and e-
learning is not exempted. However, regardless of all the
cybersecurity challenges enumerated by this paper facing the
e-learning and database management system, nevertheless,
the said technology stands to be one of the most embraced
technologies in our 21st century. The e-learning and database
management system have remarkable advantages that cannot
be overshadowed. Its ability to provide thousands of people
quality education at any time, everywhere in a more relaxed
environment is quite appreciable. This paper has enumerated
the various security threats and challenges in e-learning and
database management system. Also, the paper has provided
some remedies in safeguarding the integrity of data of the e-
learners and database management system. Therefore,
institutions, organizations, and government agencies should
provide financial funding to improve the quality of the e-
learning system, so that more people can have access to
education.
Authorized licensed use limited to: University of Exeter. Downloaded on June 21,2020 at 20:27:52 UTC from IEEE Xplore. Restrictions apply.
REFERENCES
[1] Sung, Y. T., Chang, K. E., & Yu, W. C. (2011). Evaluating the
reliability and impact of a quality assurance system for E-learning
courseware. Computers & Education, 57(2), 1615-1627.
[2] Ahmad, A., & Elhossiny, M. A. (2012). E-learning and security
threats. International Journal of Computer Science and Network
Security, 12(4), 15. http://paper.ijcsns.org/07_book/201204/
20120403.pdf
[3] Abouelmehdi, K., Beni-Hessane, A., & Khaloufi, H. (2018). Big
healthcare data: preserving security and privacy. Journal of Big Data,
5(1), 1.
[4] Hansen, L., & Nissenbaum, H. (2009). Digital disaster, cybersecurity,
and the Copenhagen School. International studies quarterly, 53(4),
1155-1175.
[5] Singh, S. K. (2011). Database Systems: Concepts, design, and
applications. India: Pearson Education.
[6] Dunn, C. M. (2010). Cybersecurity. In A. Collins (Ed.),
Contemporary Security Studies. Oxford: OUP.
[7] Moneo, J., Caballe, M. S., & Prieot, J. (2012). Security in learning
management systems. Catalonia,Spain: eLearning Papers.
[8] Alwi, N. H. M., & Fan, I. S. (2010). E-learning and information
security management. International Journal of Digital Society
(IJDS), 1(2), 148-156.
[9] Kwofie, B., & Henten, A. (2011). The advantages and challenges of
e-learning implementation: The story of a developing nation.
In WCES-2011 3rd World Conference on Education Sciences,
Bahcesehir University, Istanbul, Turkey.
[10] Rjaibi, N., Rabai, L. B. A., Aissa, A. B., & Louadi, M. (2012).
Cybersecurity measurement in-depth for e-learning
systems. International Journal of Advanced Research in Computer
Science and Software Engineering (IJARCSSE), 2(11), 107-120.
[11] Xiong, J., Xuan, L., Zhao, J., & Huang, T. (2012). Web and database
security, security-enhanced applications for information systems. In
C. Kalloniatis (Ed.), ISBN: 978-953-51-0643-2, InTech, Available
from: http://www.intechopen.com/books/security-enhanced-
applications-for-informationsystems/web-and-database-securit.
[12] Maurer, R. (2015). Top database security threats and how to mitigate
them. Society for Human Resource Management, Alexandria,
Virginia. www.shrm.org/resourcesandtools/hr-topics/risk-
management/pages/top-database-security-threats.aspx.
[13] Databases Vulnerabilities Costs of Data Breaches and Counter
Measures, August 26, 2013, https://resources.infosecinstitute.com
/databases-vulnerabilities-costs-of-data-breaches-and-
countermeasures/.
[14] What is a Firewall? Firewalls defined, explained, and explored
https://www.forcepoint.com/cybeedu/firewall.
[15] Biometric authentication, https://www.iovation.com/topics/biometric-
authentication.
[16] Chopra, A. (2016). Security Issues of Firewall. International Journal
of P2P Network Trends and Technology (IJPTT), 22(1). 4-9.
[17] Alotaibi, S. J., & Argles, D. (2011). FingerID: A new security model
based on fingerprint recognition for personal learning environments
(PLEs). In the Global Engineering Education Conference (EDUCON)
(pp. 142-151). IEEE 10.1109/EDUCON.2011.5773128.
[18] Andress J., & Winterfeld S. (2014). Cyberwarfare: techniques,
tactics, and tools for security practitioners. Elsevier.
[19] Li, S., & Kot, A. C. (2012). Fingerprint combination for privacy
protection. IEEE transactions on information forensics and
security, 8(2), 350-360. DOI:10.1109/TIFS.2012.2234740.