Idea List for GSoC

Here is the idea List for our project for GSoC. For more general information visit: https://www.digitale-nachhaltigkeit.unibe.ch/services_and_support/lernstick/index_eng.html

Before choosing a idea for a project proposal, research into the given ideas and technologies is required. Lernstick is based an a lot of different technologies and for some tasks you have to have an understanding about most of them. If you are interested in an idea and have questions please contact the given Mentor or ask on the mailing list.

The list is split into two parts Exam environment and general Tasks for Lernstick.

Lernstick

Full disk encryption

Lernstick is installed on removable Media like a USB thumb drive and depending on the use case students store their personal information on them. This data is stored on a partition called “persistence” and is currently not encrypted. Which is an issue because a thumb drive is easily lost or stolen. To prevent that their data is exposed to any one that gets that drive this idea proposes to implement encryption for the data partition. The challenge is to build a system that is robust enough to enable encryption by default without making Lernstick a lot tougher to use for administrators and users.

  • Designing the encryption architecture
    • Decryption for Updates
      • School update master key
      • Default encryption
    • User Interface
    • Managing keys in a user friendly manner
    • Backup strategies
  • Testing encryption support in Debian Live
  • Implementing encryption in DebianLive Copy
  • Create user Interface (Integration into LernstickWelcome)

Stretch goals

  • Creating visual passphrases for students that are still learing to read

Debian live supports Luks encrypted partitions. It currently probes all encrypted partitions which is not optimal, so changes to live-boot might be required. There is a basic PoC support for encryption in a branch for DebianLive Copy.

Debian, Boot procedures, Bash, Java

Advanced

Dr. Ronny Standtke: ronny.standtke@inf.unibe.ch

This project is to integrate/develop a teacher friendly version, to see what is on the monitors of a class and do other interactions(e.g. locking Screen, Distributing files). There are other Open Source projects out there (Veyon, Epoptes) that already do that, but lack some features to make them usable for BYOD. There are two ways to add a computer that should be supported. The first is a way that the student can register with an ID their computer to a the teachers computer, the other way is integration with the Exam Environment.

For the first problem can be solved by integrating a auto discovery feature to one of the current solutions and integrating that into Lernstick.

For the second problem there is a different problem to solve, that can benefit also the first part. In an exam we don't have unlimited bandwidth or completely stable Inter/Intranet connection. For that a solution has to be developed where reconnects are handled fine and the bandwidth is as low as possible.

Subtasks

  • Evaluating existing Open Source solutions
    • If current solutions doesn't work implementing a version that supports:
      • Viewing Screens
      • Locking Screens
      • Distributing files
  • Implementing discovery functionality
    • Multicast vs. Broadcast
    • Tunneling?
  • Developing an Client for Lernstick and the application
  • Benchmarking
  • Integration with Lernstick

Stretch goals

  • Integration with the Exam environment

Current status

In 2018 there was a student project trying to integrate Veyon by writing a separate application to do the auto discovery and integration into Veyon. This project was never fully finished and integrated, because some parts were missing/not fully working.

For Epoptes you can point the local client to a IP-Address as documented here, but this is not an optimal solution.

Required skills / knowledge

Linux, network (UDP/TCP, Boadcasting, Multicast), Java, can read code from different languages

Difficulty

Medium to Advanced

Possible Mentors

Dr. Ronny Standtke: ronny.standtke@inf.unibe.ch

Exam Environment

The exam environment is of the core use cases of Lernstick. It provides an flexible environment for mainly schools to do BYOD exams. This environment can be coupled with the exam server called Glados. With Glados the exam can be controlled from a central place. (E.g. collecting the exams after writing, deploying software based on the exam) You can see an early version of the environment here: https://www.youtube.com/watch?v=yPDJ_19uHIc

Other useful parts

Main contact: Roman Gruber: roman.gruber@inf.unibe.ch

Improving Exam documentation and backups

For an exam it is important to have good documentation how the exam was taken and have backups if anything unexpected happens. At the present we take screenshots at a given interval and backup them. This is suboptimal because the images change not that much and we create (massive) amount of traffic in an exam that we don't need. So the task is to implement a efficient way to document and backup the data of the students.

Required skills

PHP (for Glados), General knowledge about Debian and compression, (Java might be helpful)

Difficulty

Medium

Potential mentors

Roman Gruber: roman.gruber@inf.unibe.ch

The teacher should have the possibility to lock and unlock the students screen at will. This sould be scalable. It therfore sould work especially if there are 200+ students taking an exam at the same time. Combined with this, after the student has started a still locked exam, he/she should see a message on the screen indicating that the exam has no started yet (a locked screen), when the boot procedure has finished. The teacher sould then be able to unlock all (200+) screens at the same time (up to some seconds). This might be a challenging task, if we consider scalability and the fact that the exam systems don't have a established connection to the exam server all the time.

Required skills

PHP, Networking (multicast/broadcast)

Difficulty

Advanced

Potential mentors

Roman Gruber: roman.gruber@inf.unibe.ch

We (and the student) currently have no cryptographic proof that their data is the same as written. The task here is to add support for adding that functionality to Glados. One challenge here is to balance cryptographic accuracy and user experience. Currently the student gets a ticket ID. Maybe there is a way to add some functionality for singing that reuses that

In an exam Lernstick is normally booted from an USB thumb drive. Currently we have no checks in place for verifying that our image has been tampered with. The idea here is to look into securing our boot chain by using signed images and because most new devices have a trusted platform module (TPM) it might be possible to use that for challenge response tasks.

Required skills

Linux, PHP, Bash, Boot procedures, basing knowledge about cryptography

Difficulty

Advanced

Potential mentors

Roman Gruber: roman.gruber@inf.unibe.ch Dr. Ronny Standtke: ronny.standtke@inf.unibe.ch

Other Ideas

If you have other ideas to improve Lernstick with your project, feel free to submit your own project proposal. Here are some ideas to look into:

  • Migration to dracut
    • Instead of using a customized Debian-Live migrate to dracut
  • Delta Updates for packages
    • Snapshots
  • Reviewing and implementing Remote Desktop Support