On the Verifiability of (Electronic) Exams

The main concern for institutions that organize exams is to detect when students cheat. Actually more frauds are possible and even authorities can be dishonest. If institutions wish to keep exams a trustworthy business, anyone and not only the authorities should be allowed to look into an exam’s records and verify the presence or the absence of frauds. In short, exams should be verifiable. However, what verifiability means for exams is unclear and no tool to analyze an exam’s verifiability is available. In this paper we address both issues: we formalize several individual and universal verifiability properties for traditional and electronic exams, so proposing a set of verifiability properties and clarifying their meaning, then we implement our framework in ProVerif, so making it a tool to analyze exam verifiability. We validate our framework by analyzing the verifiability of two existing exam systems – an electronic and a paper-and-pencil system.

[1]  Nataliya Guts,et al.  Reliable Evidence: Auditability by Typing , 2009, ESORICS.

[2]  Steve A. Schneider,et al.  A Peered Bulletin Board for Robust Use in Verifiable Voting Systems , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[3]  Attila Pethö,et al.  A secure electronic exam system , 2010 .

[4]  Gabriele Lenzini,et al.  What security for electronic exams? , 2013, 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS).

[5]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[6]  Ralf Küsters,et al.  Accountability: definition and relationship to verifiability , 2010, CCS '10.

[7]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[8]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[9]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[10]  Pascal Lafourcade,et al.  Defining verifiability in e-auction protocols , 2013, ASIA CCS '13.

[11]  Gabriele Lenzini,et al.  Formal analysis of electronic exams , 2014, 2014 11th International Conference on Security and Cryptography (SECRYPT).

[12]  Josh Benaloh Verifiable secret-ballot elections , 1987 .

[13]  Peter Y. A. Ryan,et al.  The modelling and analysis of security protocols: the csp approach , 2000 .

[14]  Mark Ryan,et al.  Election Verifiability in Electronic Voting Protocols , 2010, ESORICS.

[15]  Michael J. Fischer,et al.  A robust and verifiable cryptographically secure election scheme , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[16]  Kazue Sako,et al.  Efficient Receipt-Free Voting Based on Homomorphic Encryption , 2000, EUROCRYPT.

[17]  Rolf Haenni,et al.  Secure Internet Voting on Limited Devices with Anonymized DSA Public Keys , 2011, EVT/WOTE.

[18]  Mark Ryan,et al.  Towards Automatic Analysis of Election Verifiability Properties , 2010, ARSPA-WITS.

[19]  Gabriele Lenzini,et al.  Remark!: A Secure Protocol for Remote Exams , 2014, Security Protocols Workshop.

[20]  Jordi Herrera-Joancomartí,et al.  A secure e-exam management system , 2006, First International Conference on Availability, Reliability and Security (ARES'06).