Secure Internet Exams Despite Coercion

RAKEEI, Mohammadamin; GIUSTOLISI, Rosario; LENZINI, Gabriele

doi:10.1007/978-3-031-25734-6_6

Télécharger

Communication publiée dans un ouvrage (Colloques, congrès, conférences scientifiques et actes)

Secure Internet Exams Despite Coercion

RAKEEI, Mohammadamin; GIUSTOLISI, Rosario; LENZINI, Gabriele

2023 • In Garcia-Alfaro, Joaquin (Ed.) Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2022 International Workshops, DPM 2022 and CBT 2022, Revised Selected Papers

Peer reviewed

Permalien
https://hdl.handle.net/10993/61967

DOI
10.1007/978-3-031-25734-6_6

Documents (1)Envoyer vers Détails Statistiques Bibliographie Publications similaires

Documents

Texte intégral

2207.12796.pdf

Preprint Auteur (186.81 kB)

Télécharger

Tous les documents dans ORBilu sont protégés par une licence d'utilisation.

Envoyer vers

RIS BibTex APA Chicago Permalink X Linkedin

Détails

Mots-clés :

Coercion-resistance; Exponentiation mixnet; Formal verification; Proverif; Security flaws; Security protocol design; Exponentiations; Mixnets; Property; Protocol design; Security protocols; Theoretical Computer Science; Computer Science (all)

Résumé :

[en] We study coercion-resistance for online exams. We propose two new properties, Anonymous Submission and Single-Blindness which preserve the anonymity of the links between tests, test takers, and examiners even when the parties coerce one another into revealing secrets. The properties are relevant: not even Remark!, a secure exam protocol that satisfies anonymous marking and anonymous examiners, results to be coercion resistant. Then, we propose a coercion-resistance protocol which satisfies, in addition to known anonymity properties, the two novel properties we have introduced. We prove our claims formally in ProVerif. The paper has also another contribution: it describes an attack (and a fix) to an exponentiation mixnet that Remark! uses to ensure unlinkability. We use the secure version of the mixnet in our new protocol.

Disciplines :

Sciences informatiques

Auteur, co-auteur :

RAKEEI, Mohammadamin ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC

GIUSTOLISI, Rosario ; University of Luxembourg > Faculty of Science, Technology and Medicine > Department of Computer Science > Department of Computer Science ; Department of Computer Science, IT University of Copenhagen, Copenhagen, Denmark

LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC

Co-auteurs externes :

yes

Langue du document :

Anglais

Titre :

Secure Internet Exams Despite Coercion

Date de publication/diffusion :

24 février 2023

Nom de la manifestation :

17th DPM International Workshop on Data Privacy Management

Date de la manifestation :

26-09-2022 => 30-09-2022

Titre de l'ouvrage principal :

Data Privacy Management, Cryptocurrencies and Blockchain Technology - ESORICS 2022 International Workshops, DPM 2022 and CBT 2022, Revised Selected Papers

Editeur scientifique :

Garcia-Alfaro, Joaquin

Maison d'édition :

Springer Science and Business Media Deutschland GmbH

ISBN/EAN :

978-3-03-125733-9

Peer reviewed :

Peer reviewed

URL complémentaire :

https://link.springer.com/content/pdf/10.1007/978-3-031-25734-6_6

Subventionnement (détails) :

Acknowledgement. Rakeei and Lenzini’s research is supported by the ANR and FNR international project INTER/AN/20/14926102 - “Secure and Veriflable Electronic Testing and Assessment Systems” (SEVERITAS). Giustolisi is supported by the Villum Foundation, within the project “Enabling User Accountable Mechanisms in Decision Systems”.

Disponible sur ORBilu :

depuis le 05 septembre 2024

Statistiques

Nombre de vues

91 (dont 12 Unilu)

Nombre de téléchargements

30 (dont 1 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

OpenCitations

citations OpenAlex

Bibliographie

Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. ACM Sigplan Not. 36(3), 104–115 (2001)
Arapinis, M., Bursuc, S., Ryan, M.: Privacy-supporting cloud computing by in-browser key translation. J. Comput. Secur. 21(6), 847–880 (2013)
Bella, G., Giustolisi, R., Lenzini, G.: Secure exams despite malicious management. In: PST 2014, pp. 274–281. IEEE (2014)
Bella, G., Giustolisi, R., Lenzini, G., Ryan, P.Y.: Trustworthy exams without trusted parties. Comput. Secur. 67, 291–307 (2017)
Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: CSFW 2001, pp. 82–96. IEEE (2001)
Castella-Roca, J., Herrera-Joancomarti, J., Dorca-Josa, A.: A secure e-exam management system. In: ARES 2006. IEEE (2006)
Dreier, J., Giustolisi, R., Kassem, A., Lafourcade, P., Lenzini, G.: A framework for analyzing verifiability in traditional and electronic exams. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 514–529. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17533-1 35
Dreier, J., Giustolisi, R., Kassem, A., Lafourcade, P., Lenzini, G., Ryan, P.Y.A.: Formal analysis of electronic exams. In: SECRYPT 2014. SciTePress (2014)
Dubuis, E., et al.: Verifizierbare internet-wahlen an schweizer hochschulen mit univote. INFORMATIK 2013 (2013)
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theor 31(4), 469–472 (1985)
Foley, S.N., Jacob, J.L.: Specifying security for computer supported collaborative working. J. Comput. Secur. 3, 233–253 (1995)
Furnell, S., et al.: A security framework for online distance learning and training. Internet Res. 8(3), 236–242 (1998)
Giustolisi, R.: Modelling and Verification of Secure Exams. Information Security and Cryptography, Springer, Germany (2018)
Giustolisi, R., Iovino, V., Lenzini, G.: Privacy-preserving verifiability-A case for an electronic exam protocol. In: SECRYPT. SciTePress (2017)
Giustolisi, R., Lenzini, G., Ryan, P.Y.A.: Remark!: a secure protocol for remote exams. In: Christianson, B., Malcolm, J., Matyáš, V., Švenda, P., Stajano, F., Anderson, J. (eds.) Security Protocols 2014. LNCS, vol. 8809, pp. 38–48. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12400-1 5
Haenni, R., Koenig, R.E.: A generic approach to prevent board flooding attacks in coercion-resistant electronic voting schemes. Comput. Secur. 33, 59–69 (2013)
Haenni, R., Spycher, O.: Secure internet voting on limited devices with anonymized {DSA} public keys. In: EVT/WOTE (2011)
Huszti, A., Pethö, A.: A secure electronic exam system. Publicationes Math. Debrecen 77(3–4), 299–312 (2010)
Kanav, S., Lammich, P., Popescu, A.: A conference management system with verified document confidentiality. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 167–183. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9 11
Locher, P., Haenni, R.: A lightweight implementation of a shuffle proof for electronic voting systems. Informatik 2014 (2014)
Ryan, P.Y.A.: Crypto santa. In: Ryan, P.Y.A., Naccache, D., Quisquater, J.-J. (eds.) The New Codebreakers. LNCS, vol. 9100, pp. 543–549. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49301-4 33
Watson, G. R., Sottile, J.: Cheating in the Digital Age: Do Students Cheat More in Online Courses? Online Journal of Distance Learning Administration (2010)
Weippl, E.: Security in E-learning, vol. 6 of Advances in Information Security. Springer, cham (2005)