Formal Analysis of Electronic Exams

Jannik Dreier; Rosario Giustolisi; Ali Kassem; Pascal Lafourcade; Gabriele Lenzini; Peter Y. A. Ryan

doi:10.5220/0005050901010112

Formal Analysis of Electronic Exams

Jannik Dreier, Rosario Giustolisi, Ali Kassem, Pascal Lafourcade, Gabriele Lenzini, Peter Y. A. Ryan

2014

Abstract

Universities and other educational organizations are adopting computer and Internet-based assessment tools (herein called e-exams) to reach widespread audiences. While this makes examination tests more accessible, it exposes them to new threats. At present, there are very few strategies to check such systems for security, also there is a lack of formal security definitions in this domain. This paper fills this gap: in the formal framework of the applied pi-calculus, we define several fundamental authentication and privacy properties and establish the first theoretical framework for the security analysis of e-exam protocols. As proof of concept we analyze two of such protocols with ProVerif. The first “secure electronic exam system” proposed in the literature turns out to have several severe problems. The second protocol, called Remark!, is proved to satisfy all the security properties assuming access control on the bulletin board. We propose a simple protocol modification that removes the need of such assumption though guaranteeing all the security properties.

Download

Paper Citation

in Harvard Style

Dreier J., Giustolisi R., Kassem A., Lafourcade P., Lenzini G. and Y. A. Ryan P. (2014). Formal Analysis of Electronic Exams . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 101-112. DOI: 10.5220/0005050901010112

in Bibtex Style

@conference{secrypt14,
author={Jannik Dreier and Rosario Giustolisi and Ali Kassem and Pascal Lafourcade and Gabriele Lenzini and Peter Y. A. Ryan},
title={Formal Analysis of Electronic Exams},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={101-112},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005050901010112},
isbn={978-989-758-045-1},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - Formal Analysis of Electronic Exams
SN - 978-989-758-045-1
AU - Dreier J.
AU - Giustolisi R.
AU - Kassem A.
AU - Lafourcade P.
AU - Lenzini G.
AU - Y. A. Ryan P.
PY - 2014
SP - 101
EP - 112
DO - 10.5220/0005050901010112