Reference : Formal Security Analysis of Traditional and Electronic Exams
Scientific journals : Article
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/24020
Formal Security Analysis of Traditional and Electronic Exams
English
Dreier, Jannik []
Giustosi, Rosario []
Kassem, Ali []
Lafourcade, Pascal []
Lenzini, Gabriele mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Ryan, Peter mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
30-Dec-2015
Communications in Computer and Information Science
Springer
554
E-Business and Telecommunications
294-318
Yes
International
1865-0929
[en] Electronic Exams ; Formal Verification ; Authentication ; Privacy ; Applied pi-calculus ; Proverif
[en] Nowadays, students can be assessed not only by means of pencil-and-paper tests but also by electronic exams which they take in examination centers or even from home. Electronic exams are appealing as they can reach larger audiences, but they are exposed to new threats that can potentially ruin the whole exam business. These threats are amplified by two issues: the lack of understanding of what security means for electronic exams (except the old concern about students cheating), and the absence of tools to verify whether an exam process is secure. This paper addresses both issues by introducing a formal description of several fundamental authentication and privacy properties, and by establishing the first theoretical framework for an automatic analysis of exam security. It uses the applied π-calculus as a framework and ProVerif as a tool. Three exam protocols are checked in depth: two Internet exam protocols of recent design, and the pencil-and-paper exam used by the University of Grenoble. The analysis highlights several weaknesses. Some invalidate authentication and privacy even when all parties are honest; others show that security depends on the honesty of parties, an often unjustified assumption in modern exams.
SnT
University of Luxembourg - UL
Researchers ; Professionals
http://hdl.handle.net/10993/24020

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
submitted.pdfAuthor preprint324.87 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.