Formal Security Analysis of Traditional and Electronic Exams

  • Jannik DreierEmail author
  • Rosario Giustolisi
  • Ali Kassem
  • Pascal Lafourcade
  • Gabriele Lenzini
  • Peter Y. A. Ryan
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 554)


Nowadays, students can be assessed not only by means of pencil-and-paper tests, but also by electronic exams which they take in examination centers or even from home. Electronic exams are appealing as they can reach larger audiences, but they are exposed to new threats that can potentially ruin the whole exam business. These threats are amplified by two issues: the lack of understanding of what security means for electronic exams (except the old concern about students cheating), and the absence of tools to verify whether an exam process is secure. This paper addresses both issues by introducing a formal description of several fundamental authentication and privacy properties, and by establishing the first theoretical framework for an automatic analysis of exam security. It uses the applied \(\pi \)-calculus as a framework and ProVerif as a tool. Three exam protocols are checked in depth: two Internet exam protocols of recent design, and the pencil-and-paper exam used by the University of Grenoble. The analysis highlights several weaknesses. Some invalidate authentication and privacy even when all parties are honest; others show that security depends on the honesty of parties, an often unjustified assumption in modern exams.


Electronic exams Formal verification Authentication Privacy Applied Pi-Calculus ProVerif 



We would like to thank the authors of [8] for the helpful discussions on our findings concerning their protocol.


  1. 1.
    Hjeltnes, T., Hansson, B.: Cost effectiveness and cost efficiency in e-learning. In: QUIS - Quality, Interoperability and Standards in e-learning, Norway (2005)Google Scholar
  2. 2.
    Weippl, E.: Security in E-Learning. Advances in Information Security, vol. 6. Springer Science + Business Media, Heidelberg (2005)Google Scholar
  3. 3.
    Copeland, L.: School cheating scandal shakes up atlanta (2013).
  4. 4.
    Watson, R.: Student visa system fraud exposed in BBC investigation (2014).
  5. 5.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL, pp. 104–115. ACM (2001)Google Scholar
  6. 6.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: CSFW, pp. 82–96. IEEE Computer Society (2001)Google Scholar
  7. 7.
    Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. J. Log. Algebr. Program. 75, 3–51 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Huszti, A., Pethő, A.: A secure electronic exam system. Publicationes Mathematicae Debrecen 77, 299–312 (2010)MathSciNetzbMATHGoogle Scholar
  9. 9.
    Giustolisi, R., Lenzini, G., Ryan, P.Y.A.: Remark!: a secure protocol for remote exams. In: Christianson, B., Malcolm, J., Matyáš, V., Švenda, P., Stajano, F., Anderson, J. (eds.) Security Protocols 2014. LNCS, vol. 8809, pp. 38–48. Springer, Heidelberg (2014) Google Scholar
  10. 10.
    Dreier, J., Giustolisi, R., Kassem, A., Lafourcade, P., Lenzini, G., Ryan, P.Y.A.: Formal analysis of electronic exams. In: SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, pp. 101–112. SciTePress (2014)Google Scholar
  11. 11.
    Castellà-Roca, J., Herrera-Joancomartí, J., Dorca-Josa, A.: A secure e-exam management system. In: ARES. IEEE Computer Society (2006)Google Scholar
  12. 12.
    Herrera-Joancomartí, J., Prieto-Blázquez, J., Castellà-Roca, J.: A secure electronic examination protocol using wireless networks. In: ITCC, vol. 2. IEEE Computer Society (2004)Google Scholar
  13. 13.
    Bella, G., Costantino, G., Coles-Kemp, L., Riccobene, S.: Remote management of face-to-face written authenticated though anonymous exams. In: CSEDU, vol. 2. SciTePress (2011)Google Scholar
  14. 14.
    Giustolisi, R., Lenzini, G., Bella, G.: What security for electronic exams? In: 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1–5 (2013)Google Scholar
  15. 15.
    Furnell, S., Onions, P., Knahl, M., Sanders, P., Bleimann, U., Gojny, U., Röder, H.: A security framework for online distance learning and training. Internet Res. 8, 236–242 (1998)CrossRefGoogle Scholar
  16. 16.
    Dreier, J., Lafourcade, P., Lakhnech, Y.: Vote-independence: a powerful privacy notion for voting protocols. In: Garcia-Alfaro, J., Lafourcade, P. (eds.) FPS 2011. LNCS, vol. 6888, pp. 164–180. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  17. 17.
    Dreier, J., Lafourcade, P., Lakhnech, Y.: A formal taxonomy of privacy in voting protocols. In: ICC, pp. 6710–6715. IEEE (2012)Google Scholar
  18. 18.
    Dreier, J., Lafourcade, P., Lakhnech, Y.: Defining privacy for weighted votes, single and multi-voter coercion. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 451–468. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  19. 19.
    Backes, M., Hritcu, C., Maffei, M.: Automated verification of remote electronic voting protocols in the applied Pi-calculus. In: CSF, pp. 195–209. IEEE Computer Society (2008)Google Scholar
  20. 20.
    Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur. 17, 435–487 (2009)Google Scholar
  21. 21.
    Delaune, S., Kremer, S., Ryan, M.: Verifying properties of electronic voting protocols. In: Proceedings of the IAVoSS Workshop On Trustworthy Elections (WOTE 2006), Cambridge, pp. 45–52 (2006)Google Scholar
  22. 22.
    Dong, N., Jonker, H., Pang, J.: Analysis of a receipt-free auction protocol in the applied Pi calculus. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 223–238. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  23. 23.
    Dreier, J., Lafourcade, P., Lakhnech, Y.: Formal verification of e-auction protocols. In: Basin, D., Mitchell, J.C. (eds.) POST 2013 (ETAPS 2013). LNCS, vol. 7796, pp. 247–266. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  24. 24.
    Dreier, J., Jonker, H., Lafourcade, P.: Defining verifiability in e-auction protocols. In: ASIACCS, pp. 547–552. ACM (2013)Google Scholar
  25. 25.
    Arapinis, M., Bursuc, S., Ryan, M.: Privacy-supporting cloud computing by in-browser key translation. J. Comput. Secur. 21, 847–880 (2013)Google Scholar
  26. 26.
    Dreier, J., Jonker, H., Lafourcade, P.: Secure auctions without cryptography. In: Ferro, A., Luccio, F., Widmayer, P. (eds.) FUN 2014. LNCS, vol. 8496, pp. 158–170. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  27. 27.
    Meadows, C., Pavlovic, D.: Formalizing physical security procedures. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 193–208. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  28. 28.
    Basin, D., Capkun, S., Schaller, P., Schmidt, B.: Formal reasoning about physical properties of security protocols. ACM Trans. Inf. Syst. Secur. 14(2), 1–28 (2011)CrossRefGoogle Scholar
  29. 29.
    Blaze, M.: Toward a broader view of security protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2004. LNCS, vol. 3957, pp. 106–120. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  30. 30.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29, 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  31. 31.
    Delaune, S., Kremer, S., Ryan, M.D.: Coercion-resistance and receipt-freeness in electronic voting. In: Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW 2006), Venice, pp. 28–39. IEEE Computer Society Press (2006)Google Scholar
  32. 32.
    Ryan, P.Y.A., Schneider, S.A., Goldsmith, M., Lowe, G., Roscoe, A.W.: The Modelling and Analysis of Security Protocols: The CSP Approach. Addison-Wesley Professional, USA (2000)Google Scholar
  33. 33.
    Ryan, M., Smyth, B.: Applied Pi calculus. In: Formal Models and Techniques for Analyzing Security Protocols. IOS Press (2011)Google Scholar
  34. 34.
    Ryan, P.Y.A., Schneider, S.A.: Process algebra and non-interference. J. Comput. Secur. 9, 75–103 (2001)Google Scholar
  35. 35.
    Golle, P., Jakobsson, M.: Reusable anonymous return channels. In: Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society, WPES 2003, pp. 94–100. ACM (2003)Google Scholar
  36. 36.
    Elgamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31, 469–472 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  37. 37.
    Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  38. 38.
    Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied Pi-calculus and automated verification of the direct anonymous attestation protocol. IEEE Symp. Secur. Priv. 2008, 202–215 (2008)Google Scholar
  39. 39.
    Haenni, R., Spycher, O.: Secure internet voting on limited devices with anonymized DSA public keys. In: Proceedings of the 2011 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections, EVT/WOTE 2011. USENIX (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Jannik Dreier
    • 1
    Email author
  • Rosario Giustolisi
    • 2
  • Ali Kassem
    • 3
  • Pascal Lafourcade
    • 4
  • Gabriele Lenzini
    • 2
  • Peter Y. A. Ryan
    • 2
  1. 1.Institute of Information SecurityETH ZurichZürichSwitzerland
  2. 2.SnT/University of LuxembourgLuxembourg cityLuxembourg
  3. 3.CNRS, VERIMAGUniversité Grenoble AlpesGrenobleFrance
  4. 4.LIMOSUniversity d’AuvergneClermont-FerrandFrance

Personalised recommendations