• DocumentCode
    3780034
  • Title

    Formal analysis of electronic exams

  • Author

    Jannik Dreier;Rosario Giustolisi;Ali Kassem;Pascal Lafourcade;Gabriele Lenzini;Peter Y. A. Ryan

  • Author_Institution
    Institute of Information Security, ETH Zurich, Zurich, Switzerland
  • fYear
    2014
  • Firstpage
    1
  • Lastpage
    12
  • Abstract
    Universities and other educational organizations are adopting computer and Internet-based assessment tools (herein called e-exams) to reach widespread audiences. While this makes examination tests more accessible, it exposes them to new threats. At present, there are very few strategies to check such systems for security, also there is a lack of formal security definitions in this domain. This paper fills this gap: in the formal framework of the applied n-calculus, we define several fundamental authentication and privacy properties and establish the first theoretical framework for the security analysis of e-exam protocols. As proof of concept we analyze two of such protocols with ProVerif. The first “secure electronic exam system” proposed in the literature turns out to have several severe problems. The second protocol, called Remark!, is proved to satisfy all the security properties assuming access control on the bulletin board. We propose a simple protocol modification that removes the need of such assumption though guaranteeing all the security properties.
  • Keywords
    "Protocols","Authentication","Privacy","Computers","Testing","Electronic voting"
  • Publisher
    ieee
  • Conference_Titel
    Security and Cryptography (SECRYPT), 2014 11th International Conference on
  • Type

    conf

  • Filename
    7509478