A Secure Exam Protocol Without Trusted Parties

  • Giampaolo Bella
  • Rosario GiustolisiEmail author
  • Gabriele LenziniEmail author
  • Peter Y. A. Ryan
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 455)


Relying on a trusted third party (TTP) in the design of a security protocol introduces obvious risks. Although the risks can be mitigated by distributing the trust across several parties, it still requires at least one party to be trustworthy. In the domain of exams this is critical because parties typically have conflicting interests, and it may be hard to find an entity who can play the role of a TTP, as recent exam scandals confirm. This paper proposes a new protocol for paper-based and computer-based exams that guarantees several security properties without the need of a TTP. The protocol combines oblivious transfer and visual cryptography to allow candidate and examiner to jointly generate a pseudonym that anonymises the candidate’s test. The pseudonym is revealed only to the candidate when the exam starts. We analyse the protocol formally in ProVerif and prove that it satisfies all the stated security requirements.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL 2001. ACM (2001)Google Scholar
  2. 2.
    Arapinis, M., Bursuc, S., Ryan, M.: Privacy-supporting cloud computing by in-browser key translation. J. of Computer Security 21(6), 847–880 (2013)Google Scholar
  3. 3.
    Auernheimer, B., Tsai, M.: Biometric authentication for web-based course examinations. In: HICSS 2005, p. 294b. IEEE (2005)Google Scholar
  4. 4.
    Bella, G., Giustolisi, R., Lenzini, G.: Secure exams despite malicious management. In: PST 2014, pp. 274–281. IEEE (2014)Google Scholar
  5. 5.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: CSFW 2001, pp. 82–96. IEEE (2001)Google Scholar
  6. 6.
    Castella-Roca, J., Herrera-Joancomarti, J., Dorca-Josa, A.: A secure e-exam management system. In: ARES 2006. IEEE (2006)Google Scholar
  7. 7.
    Dolev, D., Yao, A.C.: On the Security of Public Key Protocols. IEEE Trans. on Information Theory 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Dreier, J., Giustolisi, R., Kassem, A., Lafourcade, P., Lenzini, G., Ryan, P.Y.A.: Formal analysis of electronic exams. In: SECRYPT 2014. SciTePress (2014)Google Scholar
  9. 9.
    Dreier, J., Giustolisi, R., Kassem, A., Lafourcade, P., Lenzini, G.: On the verifiability of (electronic) exams. Tech. Rep. TR-2014-2, Verimag (2014)Google Scholar
  10. 10.
    Essex, A., Clark, J., Hengartner, U., Adams, C.: How to print a secret. In: HotSec 2009. USENIX Association (2009)Google Scholar
  11. 11.
    Flock, E.: APS embroiled in cheating scandal. Washington Post, July 2011Google Scholar
  12. 12.
    Foley, S.N., Jacob, J.L.: Specifying Security for Computer Supported Collaborative Working. J. of Computer Security 3, 233–253 (1995)Google Scholar
  13. 13.
    Giustolisi, R., Lenzini, G., Ryan, P.Y.A.: Remark!: A secure protocol for remote exams. In: Christianson, B., Malcolm, J., Matyáš, V., Švenda, P., Stajano, F., Anderson, J. (eds.) Security Protocols 2014. LNCS, vol. 8809, pp. 38–48. Springer, Heidelberg (2014) Google Scholar
  14. 14.
    Guénard, F.: La Fabrique des Tricheurs: La fraude aux examens expliquée au ministre, aux parents et aux professeurs. Jean-Claude Gawsewitch (2012)Google Scholar
  15. 15.
    Hallak, J., Poisson, M.: Corrupt Schools, Corrupt Universities: What Can be Done?. Ethics and corruption in education, Education Planning, UNESCO (2007)Google Scholar
  16. 16.
    Huszti, A., Pethö, A.: A secure Electronic Exam System. Publicationes Mathematicae Debrecen 77(3–4), 299–312 (2010)MathSciNetzbMATHGoogle Scholar
  17. 17.
    Kanav, S., Lammich, P., Popescu, A.: A conference management system with verified document confidentiality. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 167–183. Springer, Heidelberg (2014) Google Scholar
  18. 18.
    Maffei, M., Pecina, K., Reinert, M.: Security and privacy by declarative design. In: CSF 2013, pp. 81–96. IEEE (2013)Google Scholar
  19. 19.
    Naor, M., Shamir, A.: Visual cryptography. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 1–12. Springer, Heidelberg (1995) CrossRefGoogle Scholar
  20. 20.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992) Google Scholar
  21. 21.
    Tzeng, W.G.: Efficient 1-out-of-n Oblivious Transfer Schemes with Universally Usable Parameters. IEEE Trans. on Computers 53(2), 232–240 (2004)CrossRefGoogle Scholar
  22. 22.
    Weippl, E.: Security in E-Learning, Advances in Information Security, vol. 16. Springer (2005)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  1. 1.Dipartimento di Matematica e InformaticaUniversità di CataniaCataniaItaly
  2. 2.SnTUniversity of LuxembourgLuxembourgLuxembourg

Personalised recommendations