Interdisciplinary Research Group in Socio-technical Cybersecurity
Trustworthy exams without trusted parties
Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam scandals confirm, also invigilators and authorities may pose security threats. The introduction of computers into the different phases of an exam, such as candidate registration, brings new security issues that should be addressed with the care normally devoted to security protocols. This paper proposes a protocol that meets a wide set of security requirements and resists threats that may originate from candidates as well as from exam administrators. By relying on a combination of oblivious transfer and visual cryptography schemes, the protocol does not need to rely on any trusted third party. We analyse the protocol formally in ProVerif and prove that it verifies all the stated security requirements.
Giampaolo Bella, Rosario Giustolisi, Gabriele Lenzini, Peter Y.A.Ryan
Computer and Security
Bella, G., Giustolisi, R., Lenzini, G., & Ryan, P. Y. (2017). Trustworthy exams without trusted parties. Computers & Security, 67, 291-307.
Get in touch with us
SnT – Interdisciplinary Centre for Security, Reliability and Trust
29, Avenue J.F Kennedy L-1855 Luxembourg