Formal Security Analysis of Traditional and Electronic Exams

Abstract : Nowadays, students can be assessed not only by means of pencil-and-paper tests, but also by electronic exams which they take in examination centers or even from home. Electronic exams are appealing as they can reach larger audiences , but they are exposed to new threats that can potentially ruin the whole exam business. These threats are amplified by two issues: the lack of understanding of what security means for electronic exams (except the old concern about students cheating), and the absence of tools to verify whether an exam process is secure. This paper addresses both issues by introducing a formal description of several fundamental authentication and privacy properties, and by establishing the first theoretical framework for an automatic analysis of exam security. It uses the applied π-calculus as a framework and ProVerif as a tool. Three exam protocols are checked in depth: two Internet exam protocols of recent design, and the pencil-and-paper exam used by the University of Grenoble. The analysis highlights several weaknesses. Some invalidate authentication and privacy even when all parties are honest; others show that security depends on the honesty of parties, an often unjustified assumption in modern exams.
Document type :
Conference papers
Liste complète des métadonnées

Cited literature [39 references]  Display  Hide  Download
Contributor : Jannik Dreier <>
Submitted on : Monday, June 27, 2016 - 4:17:26 PM
Last modification on : Tuesday, December 18, 2018 - 4:38:25 PM


Files produced by the author(s)



Jannik Dreier, Rosario Giustolisi, Ali Kassem, Pascal Lafourcade, Gabriele Lenzini, et al.. Formal Security Analysis of Traditional and Electronic Exams. E-Business and Telecommunications - 11th International Joint Conference, ICETE 2014, Revised Selected Papers, Aug 2014, Vienne, Austria. ⟨10.1007/978-3-319-25915-4_16⟩. ⟨hal-01337412⟩



Record views


Files downloads