Skip to Main content Skip to Navigation
Journal articles

Formal Security Analysis of Traditional and Electronic Exams

Abstract : Nowadays, students can be assessed not only by means of pencil-and-paper tests, but also by electronic exams which they take in examination centers or even from home. Electronic exams are appealing as they can reach larger audiences , but they are exposed to new threats that can potentially ruin the whole exam business. These threats are amplified by two issues: the lack of understanding of what security means for electronic exams (except the old concern about students cheating), and the absence of tools to verify whether an exam process is secure. This paper addresses both issues by introducing a formal description of several fundamental authentication and privacy properties, and by establishing the first theoretical framework for an automatic analysis of exam security. It uses the applied π-calculus as a framework and ProVerif as a tool. Three exam protocols are checked in depth: two Internet exam protocols of recent design, and the pencil-and-paper exam used by the University of Grenoble. The analysis highlights several weaknesses. Some invalidate authentication and privacy even when all parties are honest; others show that security depends on the honesty of parties, an often unjustified assumption in modern exams.
Complete list of metadatas

Cited literature [39 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01337412
Contributor : Jannik Dreier <>
Submitted on : Monday, June 27, 2016 - 4:17:26 PM
Last modification on : Thursday, March 26, 2020 - 1:16:33 AM

File

icete2014.pdf
Files produced by the author(s)

Identifiers

Citation

Jannik Dreier, Rosario Giustolisi, Ali Kassem, Pascal Lafourcade, Gabriele Lenzini, et al.. Formal Security Analysis of Traditional and Electronic Exams. Communications in Computer and Information Science, Springer Verlag, 2015, ⟨10.1007/978-3-319-25915-4_16⟩. ⟨hal-01337412⟩

Share

Metrics

Record views

1213

Files downloads

662