Trustworthy exams without trusted parties

Giampaolo Bella, Rosario Giustolisi, Gabriele Lenzini, Peter Yvain Anthony Ryan

Research output: Journal Article or Conference Article in JournalJournal articleResearchpeer-review

Abstract

Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam scandals confirm, also invigilators and authorities may pose security threats. The introduction of computers into the different phases of an exam, such as candidate registration, brings new security issues that should be addressed with the care normally devoted to security protocols.

This paper proposes a protocol that meets a wide set of security requirements and resists threats that may originate from candidates as well as from exam administrators. By relying on a combination of oblivious transfer and visual cryptography schemes, the protocol does not need to rely on any trusted third party. We analyse the protocol formally in ProVerif and prove that it verifies all the stated security requirements.
Original languageEnglish
JournalComputers & Security
Volume67
Pages (from-to)291-307
ISSN0167-4048
DOIs
Publication statusPublished - 2017
Externally publishedYes

Keywords

  • Assessment
  • ProVerif
  • Pseudonym
  • Formal methods
  • Security protocols

Fingerprint

Dive into the research topics of 'Trustworthy exams without trusted parties'. Together they form a unique fingerprint.

Cite this