References of "Giustolisi, Rosario"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailTrustworthy exams without trusted parties
Bella, Giampaolo; Giustolisi, Rosario; Lenzini, Gabriele UL et al

in Computer and Security (2017), 67

Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam ... [more ▼]

Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam scandals confirm, also invigilators and authorities may pose security threats. The introduction of computers into the different phases of an exam, such as candidate registration, brings new security issues that should be addressed with the care normally devoted to security protocols. This paper proposes a protocol that meets a wide set of security requirements and resists threats that may originate from candidates as well as from exam administrators. By relying on a combination of oblivious transfer and visual cryptography schemes, the protocol does not need to rely on any trusted third party. We analyse the protocol formally in ProVerif and prove that it verifies all the stated security requirements. [less ▲]

Detailed reference viewed: 147 (6 UL)
Full Text
Peer Reviewed
See detailPrivacy-Preserving Verifiability: A Case for an Electronic Exam Protocol
Giustolisi, Rosario; Iovino, Vincenzo UL; Lenzini, Gabriele UL

in Giustolisi, Rosario; Iovino, Vincenzo; Lenzini, Gabriele (Eds.) Privacy-Preserving Verifiability: A Case for an Electronic Exam Protocol (2017)

We introduce the notion of privacy-preserving verifiability for security protocols. It holds when a protocol admits a verifiability test that does not reveal, to the verifier that runs it, more pieces of ... [more ▼]

We introduce the notion of privacy-preserving verifiability for security protocols. It holds when a protocol admits a verifiability test that does not reveal, to the verifier that runs it, more pieces of information about the protocol’s execution than those required to run the test. Our definition of privacy-preserving verifiability is general and applies to cryptographic protocols as well as to human security protocols. In this paper we exemplify it in the domain of e-exams. We prove that the notion is meaningful by studying an existing exam protocol that is verifiable but whose verifiability tests are not privacy-preserving. We prove that the notion is applicable: we review the protocol using functional encryption so that it admits a verifiability test that preserves privacy to our definition. We analyse, in ProVerif, that the verifiability holds despite malicious parties and that the new protocol maintains all the security properties of the original protocol, so proving that our privacy-preserving verifiability can be achieved starting from existing security. [less ▲]

Detailed reference viewed: 144 (11 UL)
Full Text
Peer Reviewed
See detailOn the Possibility of Non-Interactive E-Voting in the Public-key Setting
Giustolisi, Rosario; Iovino, Vincenzo UL; Rønne, Peter

in Financial Cryptography and Data Security, FC 2016 International Workshops, BITCOIN, VOTING, and WAHC, Christ Church, Barbados, February 26, 2016, Revised Selected Papers (2016)

In 2010 Hao, Ryan and Zielinski proposed a simple decentralized e-voting protocol that only requires 2 rounds of communication. Thus, for k elections their protocol needs 2k rounds of communication ... [more ▼]

In 2010 Hao, Ryan and Zielinski proposed a simple decentralized e-voting protocol that only requires 2 rounds of communication. Thus, for k elections their protocol needs 2k rounds of communication. Observing that the first round of their protocol is aimed to establish the public-keys of the voters, we propose an extension of the protocol as a non-interactive e-voting scheme in the public-key setting (NIVS) in which the voters, after having published their public-keys, can use the corresponding secret-keys to participate in an arbitrary number of one-round elections. We first construct a NIVS with a standard tally function where the number of votes for each candidate is counted. Further, we present constructions for two alternative types of elections. Specifically in the first type (dead or alive elections) the tally shows if at least one voter cast a vote for the candidate. In the second one (elections by unanimity), the tally shows if all voters cast a vote for the candidate. Our constructions are based on bilinear groups of prime order. As definitional contribution we provide formal computational definitions for privacy and verifiability of NIVSs. We conclude by showing intriguing relations between our results, secure computation, electronic exams and conference management systems [less ▲]

Detailed reference viewed: 134 (17 UL)
Full Text
See detailOn the Possibility of Non-Interactive E-Voting in the Public-key Setting
Giustolisi, Rosario; Iovino, Vincenzo UL; Roenne, Peter UL

in IACR Cryptology ePrint Archive (2015), 2015

Detailed reference viewed: 110 (8 UL)
Full Text
See detailOn the verifiability of (electronic) exams
Dreier, Jannik; Giustolisi, Rosario; Kassem, Ali et al

Report (2014)

The main concern for institutions that organize exams is to detect when students cheat. Actually more frauds are possible and even authorities can be dishonest. If institutions wish to keep exams a ... [more ▼]

The main concern for institutions that organize exams is to detect when students cheat. Actually more frauds are possible and even authorities can be dishonest. If institutions wish to keep exams a trustworthy business, anyone and not only the authorities should be allowed to look into an exam’s records and verify the presence or the absence of frauds. In short, exams should be verifiable. However, what verifiability means for exams is unclear and no tool to analyze an exam’s verifiability is available. In this paper we address both issues: we formalize several individual and universal verifiability properties for traditional and electronic exams, so proposing a set of verifiability properties and clarifying their meaning, then we implement our framework in ProVerif, so making it a tool to analyze exam verifiability. We validate our framework by analyzing the verifiability of two existing exam systems – an electronic and a paper-and-pencil system. [less ▲]

Detailed reference viewed: 101 (1 UL)