I have a friend who is in education and is assembling quite a large repository of flash material with voice-overs. As the intended audience would be a dozen or so students, it is not ideal to host this on an internet website as the bandwidth constraints for all that voice-over would be rather large per client. Being a Linux devotee, I naturally started scratching my head for ways we could provide a solution for him.

Let me start with the requirements as that paints the picture:

1) MUST protect the course content at minimum with encryption - End users should have no access to these files except via the web server. We need to make sure nobody can mount the file-system and simply copy the material.

2) Should provide relief to the instruction facility's internet bandwidth - We can get internet access, but streaming all of that voice-over is likely too large of an impact.

3) It must be simple to use - Initial thoughts are a Live USB or a VM, but again #1's encryption requirement is imperative.

4) It should be lean - Doesn't need a GUI. Should boot to a screen showing what it's DHCP IP is and that's it.

5) Secure the guest OS as much as possible - All configurations should be capable via an admin webpage. I would also prefer it if the instructor didn't have a user account on the OS at all. Ideally, the OS boots, services run and auto-decrypts the class material and end users cannot touch it whatsoever.

So my first thought was an encrypted Live USB LAMP distro but am having difficulty finding such a creature. Also, I am not sure it would boot if the entire drive were encrypted. That led me to simply encrypting the class contents directory, but I am uncertain if a script / service can decrypt it only for the webserver user's use.

A VM is another option, but again, how to encrypt it and protect the data from the user and have it boot. I am fairly confident this is possible, just not sure of an approach on how to tackle it.

Any suggestions?

Hi stromcooper,

I am not sure I can provide a solution but let me add a few comments/questions which may help to bring the situation into better focus.

What exactly is the hardware architecture you are wanting to establish? It appears that you are planning to run a web server on the educational institution's LAN. Is this to be run on an existing server maintained by the institution or just run on a PC in the classroom?

It would seem that the files must be decrypted at some point in order for them to be viewed. Where, when and how again depends on the architecture. If they become decrypted when the Live USB server boots then they would be protected only by such security as the operating system on the server provides. And of course if an "end user" had physical access to the USB device they could copy the whole thing an run it whenever they wished to view the content. Running the server in the classroom might not be the best idea.

If the encrypted files need a passphrase to be manually input - who is trusted with the passphrase and at what point do the provide it? It sounds like you do not trust the instructor.

One idea you might investigate... Hulu.com provides flash content (TV shows etc.) which is encrypted during transmission and decrypted by flash player. I don't know how but I do know that saving the streaming content is challenging. There seems to be an ongoing battle between Hulu and tools such as streamtransport (a Windows program). Last time I tried Hulu was a step ahead of streamtransport. My point is, perhaps you can use the same technology as Hulu to stream the flash content to the students. I suspect it is something offered by Adobe.

Ken