Secure exams despite malicious management

Interdisciplinary Research Group in Socio-technical Cybersecurity

Secure exams despite malicious management

Giampaolo Bella, Rosario Giustolisi, Gabriele Lenzini
Abstract:
An exam is a practise for assessing the knowledge of a candidate from an examination she takes. Exams are used in various contexts, such as in university tests and public competitions. We begin by identifying various security and privacy requirements that modern exams should meet, especially in the prospect of them being supported by information and communication technologies. These requirements extend well beyond ensuring authenticating the candidate and preventing her from cheating. Cheating is routinely enforced by invigilation by trusted parties, whereas we discuss that an exam should meet its security and privacy requirements against stronger threat models, including malicious exam authorities. Thus exams must be designed with the care normally devoted to security protocols, and in such a mindset we present WATA IV, a new protocol that meets our security and privacy requirements even when an exam manager is malicious.
Authors:
Giampaolo Bella, Rosario Giustolisi, Gabriele Lenzini
Publication date:
2014
Published in:
2014 Twelfth Annual International Conference on Privacy, Security and Trust
Reference:
Bella, G., Giustolisi, R., & Lenzini, G. (2014, July). Secure exams despite malicious management. In 2014 Twelfth Annual International Conference on Privacy, Security and Trust (pp. 274-281). IEEE.

Get in touch with us

SnT – Interdisciplinary Centre for Security, Reliability and Trust
29, Avenue J.F Kennedy L-1855 Luxembourg
info-irisc-lab@uni.lu