Secure Internet Exams Despite Coercion

RAKEEI, Mohammadamin; GIUSTOLISI, Rosario; LENZINI, Gabriele

doi:10.1007/978-3-031-25734-6_6

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Secure Internet Exams Despite Coercion

RAKEEI, Mohammadamin; GIUSTOLISI, Rosario; LENZINI, Gabriele

2023 • In Garcia-Alfaro, Joaquin (Ed.) Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2022 International Workshops, DPM 2022 and CBT 2022, Revised Selected Papers

Peer reviewed

Permalink
https://hdl.handle.net/10993/61967

DOI
10.1007/978-3-031-25734-6_6

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

2207.12796.pdf

Author preprint (186.81 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Coercion-resistance; Exponentiation mixnet; Formal verification; Proverif; Security flaws; Security protocol design; Exponentiations; Mixnets; Property; Protocol design; Security protocols; Theoretical Computer Science; Computer Science (all)

Abstract :

[en] We study coercion-resistance for online exams. We propose two new properties, Anonymous Submission and Single-Blindness which preserve the anonymity of the links between tests, test takers, and examiners even when the parties coerce one another into revealing secrets. The properties are relevant: not even Remark!, a secure exam protocol that satisfies anonymous marking and anonymous examiners, results to be coercion resistant. Then, we propose a coercion-resistance protocol which satisfies, in addition to known anonymity properties, the two novel properties we have introduced. We prove our claims formally in ProVerif. The paper has also another contribution: it describes an attack (and a fix) to an exponentiation mixnet that Remark! uses to ensure unlinkability. We use the secure version of the mixnet in our new protocol.

Disciplines :

Computer science

Author, co-author :

RAKEEI, Mohammadamin ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC

GIUSTOLISI, Rosario ; University of Luxembourg > Faculty of Science, Technology and Medicine > Department of Computer Science > Department of Computer Science ; Department of Computer Science, IT University of Copenhagen, Copenhagen, Denmark

LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC

External co-authors :

yes

Language :

English

Title :

Secure Internet Exams Despite Coercion

Publication date :

24 February 2023

Event name :

17th DPM International Workshop on Data Privacy Management

Event date :

26-09-2022 => 30-09-2022

Main work title :

Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2022 International Workshops, DPM 2022 and CBT 2022, Revised Selected Papers

Editor :

Garcia-Alfaro, Joaquin

Publisher :

Springer Science and Business Media Deutschland GmbH

ISBN/EAN :

978-3-03-125733-9

Peer reviewed :

Peer reviewed

Additional URL :

https://link.springer.com/content/pdf/10.1007/978-3-031-25734-6_6

Funding text :

Acknowledgement. Rakeei and Lenzini’s research is supported by the ANR and FNR international project INTER/AN/20/14926102 - “Secure and Veriflable Electronic Testing and Assessment Systems” (SEVERITAS). Giustolisi is supported by the Villum Foundation, within the project “Enabling User Accountable Mechanisms in Decision Systems”.

Available on ORBilu :

since 05 September 2024

Statistics

Number of views

26 (7 by Unilu)

Number of downloads

5 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. ACM Sigplan Not. 36(3), 104–115 (2001)
Arapinis, M., Bursuc, S., Ryan, M.: Privacy-supporting cloud computing by in-browser key translation. J. Comput. Secur. 21(6), 847–880 (2013)
Bella, G., Giustolisi, R., Lenzini, G.: Secure exams despite malicious management. In: PST 2014, pp. 274–281. IEEE (2014)
Bella, G., Giustolisi, R., Lenzini, G., Ryan, P.Y.: Trustworthy exams without trusted parties. Comput. Secur. 67, 291–307 (2017)
Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: CSFW 2001, pp. 82–96. IEEE (2001)
Castella-Roca, J., Herrera-Joancomarti, J., Dorca-Josa, A.: A secure e-exam management system. In: ARES 2006. IEEE (2006)
Dreier, J., Giustolisi, R., Kassem, A., Lafourcade, P., Lenzini, G.: A framework for analyzing verifiability in traditional and electronic exams. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 514–529. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17533-1 35
Dreier, J., Giustolisi, R., Kassem, A., Lafourcade, P., Lenzini, G., Ryan, P.Y.A.: Formal analysis of electronic exams. In: SECRYPT 2014. SciTePress (2014)
Dubuis, E., et al.: Verifizierbare internet-wahlen an schweizer hochschulen mit univote. INFORMATIK 2013 (2013)
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theor 31(4), 469–472 (1985)
Foley, S.N., Jacob, J.L.: Specifying security for computer supported collaborative working. J. Comput. Secur. 3, 233–253 (1995)
Furnell, S., et al.: A security framework for online distance learning and training. Internet Res. 8(3), 236–242 (1998)
Giustolisi, R.: Modelling and Verification of Secure Exams. Information Security and Cryptography, Springer, Germany (2018)
Giustolisi, R., Iovino, V., Lenzini, G.: Privacy-preserving verifiability-A case for an electronic exam protocol. In: SECRYPT. SciTePress (2017)
Giustolisi, R., Lenzini, G., Ryan, P.Y.A.: Remark!: a secure protocol for remote exams. In: Christianson, B., Malcolm, J., Matyáš, V., Švenda, P., Stajano, F., Anderson, J. (eds.) Security Protocols 2014. LNCS, vol. 8809, pp. 38–48. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12400-1 5
Haenni, R., Koenig, R.E.: A generic approach to prevent board flooding attacks in coercion-resistant electronic voting schemes. Comput. Secur. 33, 59–69 (2013)
Haenni, R., Spycher, O.: Secure internet voting on limited devices with anonymized {DSA} public keys. In: EVT/WOTE (2011)
Huszti, A., Pethö, A.: A secure electronic exam system. Publicationes Math. Debrecen 77(3–4), 299–312 (2010)
Kanav, S., Lammich, P., Popescu, A.: A conference management system with verified document confidentiality. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 167–183. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9 11
Locher, P., Haenni, R.: A lightweight implementation of a shuffle proof for electronic voting systems. Informatik 2014 (2014)
Ryan, P.Y.A.: Crypto santa. In: Ryan, P.Y.A., Naccache, D., Quisquater, J.-J. (eds.) The New Codebreakers. LNCS, vol. 9100, pp. 543–549. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49301-4 33
Watson, G. R., Sottile, J.: Cheating in the Digital Age: Do Students Cheat More in Online Courses? Online Journal of Distance Learning Administration (2010)
Weippl, E.: Security in E-learning, vol. 6 of Advances in Information Security. Springer, cham (2005)