Trustworthy exams without trusted parties

Interdisciplinary Research Group in Socio-technical Cybersecurity

Trustworthy exams without trusted parties

Giampaolo Bella, Rosario Giustolisi, Gabriele Lenzini, Peter Y.A.Ryan
Abstract:
Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam scandals confirm, also invigilators and authorities may pose security threats. The introduction of computers into the different phases of an exam, such as candidate registration, brings new security issues that should be addressed with the care normally devoted to security protocols. This paper proposes a protocol that meets a wide set of security requirements and resists threats that may originate from candidates as well as from exam administrators. By relying on a combination of oblivious transfer and visual cryptography schemes, the protocol does not need to rely on any trusted third party. We analyse the protocol formally in ProVerif and prove that it verifies all the stated security requirements.
Authors:
Giampaolo Bella, Rosario Giustolisi, Gabriele Lenzini, Peter Y.A.Ryan
Publication date:
June, 2017
Published in:
Computer and Security
Reference:
Bella, G., Giustolisi, R., Lenzini, G., & Ryan, P. Y. (2017). Trustworthy exams without trusted parties. Computers & Security, 67, 291-307.

Get in touch with us

SnT – Interdisciplinary Centre for Security, Reliability and Trust
29, Avenue J.F Kennedy L-1855 Luxembourg
info-irisc-lab@uni.lu