Practical Security for Electronic Examinations on Students’ Devices

  • Bastian KüppersEmail author
  • Marius Politze
  • Richard Zameitat
  • Florian Kerber
  • Ulrik Schroeder
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 857)


Allowing students to use their own devices for electronic assessments allows institutions of higher education to reduce their expenses for specialized computer labs. There are, however, concerns about the security of these kind of examinations if the devices are not fully controlled by the examining institution. In addition to these concerns, several other issues have to be taken into account for electronic assessment: equality of treatment, student identification and proof of authorship need to be ensured by an electronic assessment software framework. In this paper, we present our approach to such a framework. Using a client-server model, the proposed assessment framework meets the previously mentioned issues by establishing a trusted platform on students’ devices and uses digital signatures and asymmetric encryption to identify the students. A remote attestation protocol allows on-line verification of the integrity of the software platform on the students’ devices during an assessment. Therefore, our framework, thus provides the means to conduct practically secure electronic examinations.


Electronic examinations Electronic assessment Computer aided assessment Computer based assessment Bring your own device Remote attestation Code obfuscation 


  1. 1.
    ETH Zurich, Educational Development and Technology: Safe Exam Browser.
  2. 2.
    Biella, D., Engert, S., Huth, D.: Design and delivery of an e-assessment solution at the University of Duisburg-Essen. In: Proceedings EUNIS 2009. EUNIS Proceedings (2009)Google Scholar
  3. 3.
    Bücking, J.: eKlausuren im Testcenter der Universität Bremen: Ein Praxisbericht (2010)Google Scholar
  4. 4.
    Dahlstrom, E., Brooks, C., Grajek, S., Reeves, J.: Undergraduate Students and IT (2015)Google Scholar
  5. 5.
    Poll, H.: Student Mobile Device Survey 2015: National Report: College Students (2015)Google Scholar
  6. 6.
    Willige, J.: Auslandsmobilität und digitale Medien: Arbeitspapier Nr. 23 (2016)Google Scholar
  7. 7.
    Schneider, D.R., Halbherr, T.: E-Assessment Challenges: How to Conduct Secure E-Assessments with Open-Source Solutions and BYOD, Talk at EDUCAUSE 2013 (2013)Google Scholar
  8. 8.
    Søgaard, T.M.: Mitigation of cheating threats in digital BYOD exams, Master’s Thesis (2016)Google Scholar
  9. 9.
    Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. ACM SIGOPS Oper. Syst. Rev. 39(5), 1–16 (2005)CrossRefGoogle Scholar
  10. 10.
    Garay, J.A., Huelsbergen, L.: Software integrity protection using timed executable agents. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 189–200 (2006)Google Scholar
  11. 11.
    Eldefrawy, K., Rattanavipanon, N., Tsudik, G.: HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) (2017)Google Scholar
  12. 12.
    Hoffman, N.: VM Checking and Detecting (2014).
  13. 13.
    Merkle, R.C.: A digital signature based on a conventional encryption function. In: Advances in Cryptology - CRYPTO 1987: Proceedings, pp. 369–378 (1988)CrossRefGoogle Scholar
  14. 14.
    Namiot, D., Sneps-Sneppe, M.: On Micro-services Architecture. Int. J. Open Inf. Technol. 2(9), 24–27 (2014)Google Scholar
  15. 15.
    Politze, M., Decker, B., Eifert, T.: pSTAIX - a process-aware architecture to support research processes. In: Eibl, M., Gaedke, M. (eds.) INFORMATIK 2017: Digitale Kulturen. Beitrage der 47. Jahrestagung der Gesellschaft fr Informatik e.V. (GI). Köllen (GI Edition Lecture Notes in Informatics Proceedings (LNI)), Bonn (2017)Google Scholar
  16. 16.
    Küppers, B., Politze, M., Schroeder, U.: Reliable e-assessment with GIT: practical considerations and implementation (2017).
  17. 17.
    Microsoft: How TLS/SSL Works: Logon and Authentication (2003).
  18. 18.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of obfuscating programs. In: Advances in Cryptology - CRYPTO 2001, Proceedings, pp. 1–18 (2001)Google Scholar
  19. 19.
    Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical Report 148, Department of Computer Science, University of Auckland (1997)Google Scholar
  20. 20.
    Collberg, C., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation tools for software protection. Technical Report TR00-03, The Department of Computer Science, University of Arizona (2000)Google Scholar
  21. 21.
    Doherty, E.P.: Digital Forensics for Handheld Devices, 1st edn. (2012). ISBN 9781439898772Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Bastian Küppers
    • 1
    • 3
    Email author
  • Marius Politze
    • 1
  • Richard Zameitat
    • 1
  • Florian Kerber
    • 2
  • Ulrik Schroeder
    • 3
  1. 1.IT CenterRWTH Aachen UniversityAachenGermany
  2. 2.IT Security Research GroupRWTH Aachen UniversityAachenGermany
  3. 3.Learning Technologies Research GroupRWTH Aachen UniversityAachenGermany

Personalised recommendations