Secure exams despite malicious management

Author

Bella, Giampaolo ; Giustolisi, Rosario ; Lenzini, Gabriele

Author_Institution

Dipt. di Mat. e Inf., Univ. di Catania, Catania, Italy

fYear

2014

fDate

23-24 July 2014

Firstpage

274

Lastpage

281

Abstract

An exam is a practise for assessing the knowledge of a candidate from an examination she takes. Exams are used in various contexts, such as in university tests and public competitions. We begin by identifying various security and privacy requirements that modern exams should meet, especially in the prospect of them being supported by information and communication technologies. These requirements extend well beyond ensuring authenticating the candidate and preventing her from cheating. Cheating is routinely enforced by invigilation by trusted parties, whereas we discuss that an exam should meet its security and privacy requirements against stronger threat models, including malicious exam authorities. Thus exams must be designed with the care normally devoted to security protocols, and in such a mindset we present WATA IV, a new protocol that meets our security and privacy requirements even when an exam manager is malicious.

Keywords

computer aided instruction; data privacy; security of data; trusted computing; WATA IV; exam manager; information and communication technologies; malicious exam authorities; malicious management; privacy requirements; public competitions; secure exams; security protocols; security requirements; trusted parties; university tests; Authentication; Cryptography; Educational institutions; Privacy; Protocols; Testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Privacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on

Conference_Location

Toronto, ON

Print_ISBN

978-1-4799-3502-4

Type

conf

DOI

10.1109/PST.2014.6890949

Filename

6890949