Formal Analysis of Electronic Exams

Abstract : Universities and other educational organizations are adopting computer and Internet-based assessment tools (herein called e-exams) to reach widespread audiences. While this makes examination tests more accessible, it exposes them to new threats. At present, there are very few strategies to check such systems for security, also there is a lack of formal security definitions in this domain. This paper fills this gap: in the formal framework of the applied π-calculus, we define several fundamental authentication and privacy properties and establish the first theoretical framework for the security analysis of e-exam protocols. As proof of concept we analyze two of such protocols with ProVerif. The first " secure electronic exam system " proposed in the literature turns out to have several severe problems. The second protocol, called Remark!, is proved to satisfy all the security properties assuming access control on the bulletin board. We propose a simple protocol modification that removes the need of such assumption though guaranteeing all the security properties.
Type de document :
Communication dans un congrès
11th International Conference on Security and Cryptography (SECRYPT 2014), Aug 2014, Vienne, Austria. 2014, 〈10.5220/0005050901010112〉
Liste complète des métadonnées

Littérature citée [32 références]  Voir  Masquer  Télécharger

https://hal.archives-ouvertes.fr/hal-01337413
Contributeur : Jannik Dreier <>
Soumis le : samedi 25 juin 2016 - 23:47:03
Dernière modification le : vendredi 6 juillet 2018 - 15:06:10

Fichier

secrypt2014.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Jannik Dreier, Rosario Giustolisi, Ali Kassem, Pascal Lafourcade, Gabriele Lenzini, et al.. Formal Analysis of Electronic Exams. 11th International Conference on Security and Cryptography (SECRYPT 2014), Aug 2014, Vienne, Austria. 2014, 〈10.5220/0005050901010112〉. 〈hal-01337413〉

Partager

Métriques

Consultations de la notice

747

Téléchargements de fichiers

157