Formal Security Analysis of Traditional and Electronic Exams

Abstract : Nowadays, students can be assessed not only by means of pencil-and-paper tests, but also by electronic exams which they take in examination centers or even from home. Electronic exams are appealing as they can reach larger audiences , but they are exposed to new threats that can potentially ruin the whole exam business. These threats are amplified by two issues: the lack of understanding of what security means for electronic exams (except the old concern about students cheating), and the absence of tools to verify whether an exam process is secure. This paper addresses both issues by introducing a formal description of several fundamental authentication and privacy properties, and by establishing the first theoretical framework for an automatic analysis of exam security. It uses the applied π-calculus as a framework and ProVerif as a tool. Three exam protocols are checked in depth: two Internet exam protocols of recent design, and the pencil-and-paper exam used by the University of Grenoble. The analysis highlights several weaknesses. Some invalidate authentication and privacy even when all parties are honest; others show that security depends on the honesty of parties, an often unjustified assumption in modern exams.
Type de document :
Communication dans un congrès
E-Business and Telecommunications - 11th International Joint Conference, ICETE 2014, Revised Selected Papers, Aug 2014, Vienne, Austria. 2015, 〈10.1007/978-3-319-25915-4_16〉
Liste complète des métadonnées

Littérature citée [39 références]  Voir  Masquer  Télécharger

https://hal.archives-ouvertes.fr/hal-01337412
Contributeur : Jannik Dreier <>
Soumis le : lundi 27 juin 2016 - 16:17:26
Dernière modification le : vendredi 6 juillet 2018 - 15:06:10

Fichier

icete2014.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Jannik Dreier, Rosario Giustolisi, Ali Kassem, Pascal Lafourcade, Gabriele Lenzini, et al.. Formal Security Analysis of Traditional and Electronic Exams. E-Business and Telecommunications - 11th International Joint Conference, ICETE 2014, Revised Selected Papers, Aug 2014, Vienne, Austria. 2015, 〈10.1007/978-3-319-25915-4_16〉. 〈hal-01337412〉

Partager

Métriques

Consultations de la notice

863

Téléchargements de fichiers

107