formal analysis of electronic exams
play

Formal Analysis of Electronic Exams Jannik Dreier 1 , Rosario - PowerPoint PPT Presentation

Aug 21, 2022 •258 likes •966 views

Formal Analysis of Electronic Exams Jannik Dreier 1 , Rosario Giustolisi 2 , Ali Kassem 3 , Pascal Lafourcade 4 , Gabriele Lenzini 2 and Peter Y. A. Ryan 2 1 Institute of Information Security, ETH Zurich 2 SnT/University of Luxembourg 3 Universit

  1. Formal Analysis of Electronic Exams Jannik Dreier 1 , Rosario Giustolisi 2 , Ali Kassem 3 , Pascal Lafourcade 4 , Gabriele Lenzini 2 and Peter Y. A. Ryan 2 1 Institute of Information Security, ETH Zurich 2 SnT/University of Luxembourg 3 Université Grenoble Alpes, CNRS, VERIMAG 4 University d’Auvergne, LIMOS 11th International Conference on Security and Cryptography (SECRYPT 2014), Vienna August 28, 2014 1/47

  2. E-exam 2/47

  3. E-exam Information technology for the assessment of knowledge and skills. 2/47

  4. Educational assessment 3/47

  5. E-exam: Players and Organization Three Roles: Candidate Examination Authority Examiner 4/47

  6. E-exam: Players and Organization Three Roles: Candidate Examination Authority Examiner Four Phases: 1. Registration 2. Examination 3. Marking 4. Notification 4/47

  7. Threats. . . ◮ Candidate cheating ◮ Bribed, corrupted or unfair examiners ◮ Dishonest/untrusted exam authority ◮ Outside attackers ◮ . . . 5/47

  8. . . . and their Mitigation Most existing e-exam systems assume trusted authorities and focus on student cheating : ◮ Exam centers ◮ Software solutions, e.g. ProctorU 6/47

  9. . . . and their Mitigation Most existing e-exam systems assume trusted authorities and focus on student cheating : ◮ Exam centers ◮ Software solutions, e.g. ProctorU Yet also the other threats are real: ◮ Atlanta Public Schools cheating scandal (2009) ◮ UK student visa tests fraud (2014) 6/47

  10. . . . and their Mitigation Most existing e-exam systems assume trusted authorities and focus on student cheating : ◮ Exam centers ◮ Software solutions, e.g. ProctorU Yet also the other threats are real: ◮ Atlanta Public Schools cheating scandal (2009) ◮ UK student visa tests fraud (2014) So what about dishonest authorities or hackers attacking the system? 6/47

  11. . . . and their Mitigation Most existing e-exam systems assume trusted authorities and focus on student cheating : ◮ Exam centers ◮ Software solutions, e.g. ProctorU Yet also the other threats are real: ◮ Atlanta Public Schools cheating scandal (2009) ◮ UK student visa tests fraud (2014) So what about dishonest authorities or hackers attacking the system? ⇒ need for better protocols and systems (cf. case studies) 6/47

  12. . . . and their Mitigation Most existing e-exam systems assume trusted authorities and focus on student cheating : ◮ Exam centers ◮ Software solutions, e.g. ProctorU Yet also the other threats are real: ◮ Atlanta Public Schools cheating scandal (2009) ◮ UK student visa tests fraud (2014) So what about dishonest authorities or hackers attacking the system? ⇒ need for better protocols and systems (cf. case studies) ⇒ precise formal definitions of required properties 6/47

  13. Plan Introduction Model and Properties Authentication Properties Privacy Properties Case Studies Huszti & Pethő’s Protocol Remark! Protocol Conclusion 7/47

  14. Plan Introduction Model and Properties Authentication Properties Privacy Properties Case Studies Huszti & Pethő’s Protocol Remark! Protocol Conclusion 8/47

  15. Model ◮ Processes in the applied π -calculus [ ? ] ◮ Annotated using events ◮ Authentication properties as correspondence between events ◮ Privacy properties as observational equivalence between instances ◮ Automatic verification using ProVerif [ ? ] 9/47

  16. Model

  17. Model 1. Registration

  18. Model 1. Registration Register reg ( )

  19. Model 1. Registration Register reg ( ) 2. Examination

  20. Model 1. Registration Register reg ( ) 2. Examination Questions

  21. Model 1. Registration Register reg ( ) 2. Examination Questions Answer submitted ( ) collected ( ) , , , ,

  22. Model 1. Registration Register reg ( ) 2. Examination Questions Answer submitted ( ) collected ( ) , , , , 3. Marking

  23. Model 1. Registration Register reg ( ) 2. Examination Questions Answer submitted ( ) collected ( ) , , , , 3. Marking Form distrib ( ) , , , ,

  24. Model 1. Registration Register reg ( ) 2. Examination Questions Answer submitted ( ) collected ( ) , , , , 3. Marking Form distrib ( ) , , , , Mark marked ( ) , , , ,

  25. Model 1. Registration Register reg ( ) 2. Examination Questions Answer submitted ( ) collected ( ) , , , , 3. Marking Form distrib ( ) , , , , Mark marked ( ) , , , , 4. Notification

  26. Model 1. Registration Register reg ( ) 2. Examination Questions Answer submitted ( ) collected ( ) , , , , 3. Marking Form distrib ( ) , , , , Mark marked ( ) , , , , 4. Notification Mark notified ( ) , 10/47

  27. Plan Introduction Model and Properties Authentication Properties Privacy Properties Case Studies Huszti & Pethő’s Protocol Remark! Protocol Conclusion 11/47

  28. Answer Origin Authentication All collected answers originate from registered candidates, and only one answer per candidate is accepted. Definition: On every trace: 1. Registration Register reg ( ) 2. Examination Questions preceeded by distinct occurence Answer submitted ( ) collected ( ) , , , , 12/47

  29. Form Authorship Answers are collected as submitted, i.e. without modification. Definition: On every trace: 1. Registration Register reg ( ) 2. Examination Questions Answer submitted ( ) collected ( ) , , , , preceeded by distinct occurence 13/47

  30. Form Authenticity Answers are marked as collected. Definition: On every trace: 2. Examination Questions Answer submitted ( ) collected ( ) , , , , preceeded by dist. occ. 3. Marking Form distrib ( ) , , , , Mark marked ( ) , , , , 14/47

  31. Mark Authenticity The candidate is notified with the mark associated to his answer. Definition: On every trace: 3. Marking Form distrib ( ) , , , , Mark marked ( ) , , , , 4. Notification Mark notified ( ) , preceeded by distinct occurence 15/47

  32. Plan Introduction Model and Properties Authentication Properties Privacy Properties Case Studies Huszti & Pethő’s Protocol Remark! Protocol Conclusion 16/47

  33. Question Indistinguishability No premature information about the questions is leaked. Definition: Observational equivalence of two instances up to the end of registration phase: Exam 1 Exam 2 Question 1 Question 2 ≈ l 17/47

  34. Question Indistinguishability No premature information about the questions is leaked. Definition: Observational equivalence of two instances up to the end of registration phase: Exam 1 Exam 2 Question 1 Question 2 ≈ l Can be considered with or without dishonest candidates. 17/47

  35. Anonymous Marking An examiner cannot link an answer to a candidate. Definition: Up to the end of marking phase: Exam 1 Exam 2 Answer 1 Answer 2 ≈ l Answer 2 Answer 1 18/47

  36. Anonymous Marking An examiner cannot link an answer to a candidate. Definition: Up to the end of marking phase: Exam 1 Exam 2 Answer 1 Answer 2 ≈ l Answer 2 Answer 1 Can be considered with or without dishonest examiners and authorities. 18/47

  37. Anonymous Examiner A candidate cannot know which examiner graded his copy. Definition: Exam 1 Exam 2 Answer 1 Answer 2 Mark 1 Mark 2 ≈ l Answer 2 Mark 2 Answer 1 Mark 1 Can be considered with or without dishonest candidates. 19/47

  38. Mark Privacy Marks are private. Definition: Exam 1 Exam 2 Answer 1 Mark 1 Answer 1 Mark 2 ≈ l Can be considered with or without dishonest candidates, examiners and authorities. 20/47

  39. Mark Anonymity Marks can be published, but may not be linked to candidates. Definition: Exam 1 Exam 2 Answer 1 Mark 1 Answer 1 Mark 2 ≈ l Answer 2 Answer 2 Mark 2 Mark 1 Can be considered with or without dishonest candidates, examiners and authorities. Implied by Mark Privacy. 21/47

  40. Plan Introduction Model and Properties Authentication Properties Privacy Properties Case Studies Huszti & Pethő’s Protocol Remark! Protocol Conclusion 22/47

  41. Plan Introduction Model and Properties Authentication Properties Privacy Properties Case Studies Huszti & Pethő’s Protocol Remark! Protocol Conclusion 23/47

  42. Application: Huszti & Pethő’s Protocol “A Secure Electronic Exam System” [ ? ] using ◮ ElGamal Encryption ◮ a Reusable Anonymous Return Channel (RARC) [ ? ] for anonymous communication ◮ a network of servers providing a timed-release service using Shamir’s Secret Sharing: A subset of servers can combine their shares to de-anonymize a candidate after the exam Goal: ensure ◮ authentication and privacy in presence of dishonest ◮ candidates ◮ examiners ◮ exam authorities 24/47

  43. Results Formal Verification with ProVerif [ ? ]: Property Result Time Answer Origin Authentication × < 1 s Form Authorship × < 1 s Form Authenticity × < 1 s Mark Authenticity × < 1 s Question Indistinguishability × < 1 s Anonymous Marking × 8 m 46 s Anonymous Examiner × 9 m 8 s Mark Privacy × 39 m 8 s Mark Anonymity × 1h 15 m 58 s 25/47

  44. Main reason Given its security definition, the RARC ◮ provides anonymity, but not necessarily secrecy ◮ does not necessarily provide integrity or authentication ◮ is only secure against passive attackers Corrupted parties or active attackers can break secrecy and anonymity , as the following attack shows. 26/47

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Analysis of Electronic Exams Rosario Giustolisi 4 , Ali Kassem 1 , Gabriele Lenzini 4 ,

Security Analysis of Electronic Exams Rosario Giustolisi 4 , Ali Kassem 1 , Gabriele Lenzini 4 ,

Security Analysis of Electronic Exams Rosario Giustolisi 4 , Ali Kassem 1 , Gabriele Lenzini 4 , Peter Y. A. Ryan 4 , Jannik Dreier 3 , Ylis Falcone 2 and Pascal Lafourcade 5 1 Univ. Grenoble Alpes, VERIMAG, Grenoble, France 2 Univ. Grenoble

1.16k views • 111 slides
Formal Analysis of Electronic Voting Systems Mark Ryan University of Birmingham joint work with

Formal Analysis of Electronic Voting Systems Mark Ryan University of Birmingham joint work with

Formal Analysis of Electronic Voting Systems Mark Ryan University of Birmingham joint work with Ben Smyth Steve Kremer Imperial College 21 April 2010 Outline Potential &amp; current situation 1 Desired properties 2 Example 3 Modelling

958 views • 60 slides
A Framework for Analyzing Verifiability in Traditional and Electronic Exams Jannik Dreier 1 ,

A Framework for Analyzing Verifiability in Traditional and Electronic Exams Jannik Dreier 1 ,

A Framework for Analyzing Verifiability in Traditional and Electronic Exams Jannik Dreier 1 , Rosario Giustolisi 2 , Ali Kassem 3 , Pascal Lafourcade 4 and Gabriele Lenzini 2 1 Institute of Information Security, ETH Zurich 2 SnT/University of

676 views • 30 slides
Exams Exams Manager Mrs Curry 2 Preparation &amp; Organisation Exams Officers role to

Exams Exams Manager Mrs Curry 2 Preparation &amp; Organisation Exams Officers role to

Exams Exams Manager Mrs Curry 2 Preparation &amp; Organisation Exams Officers role to organise and prepare for exams. Student role organisation and preparation for exams. This means taking time to revise, giving you the best

530 views • 16 slides
Exams Exams Officer Mrs Curry 2 Preparation &amp; Organisation The Exams Officers role

Exams Exams Officer Mrs Curry 2 Preparation &amp; Organisation The Exams Officers role

Exams Exams Officer Mrs Curry 2 Preparation &amp; Organisation The Exams Officers role to organise and prepare for exams. The Students role organisation and preparation for exams. This means taking time to revise,

570 views • 14 slides
Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal

Introduction to Formal Analysis Mark Greenstreet CpSc 513 Term 1, 2015/16 Formal verification uses algorithms to rigorously prove properties of hardware or software design. 20 years ago, we had the FDIV bug: 42.0 / 7.0 = 8.0 Formal

576 views • 6 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking,

Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking,

Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking, Theorem Proving SMT Solving, Abstraction, and Static Analysis With SAL, PVS, and Yices, and more John Rushby Computer Science Laboratory SRI

1.89k views • 161 slides
Formal Analysis of Correctness of a Strategy for the KRK Chess Endgame Fifth Workshop on Formal

Formal Analysis of Correctness of a Strategy for the KRK Chess Endgame Fifth Workshop on Formal

Formal Analysis of Correctness of a Strategy for the KRK Chess Endgame Fifth Workshop on Formal and Automated Theorem Proving and Applications. Belgrade, February 3-4, 2012. Marko Malikovi Mirko ubrilo Predrag Janii Faculty of Humanities

406 views • 27 slides
Monitoring Electronic Exams Ali Kassem 1 , Ylis Falcone 2 and Pascal Lafourcade 3 1 Univ.

Monitoring Electronic Exams Ali Kassem 1 , Ylis Falcone 2 and Pascal Lafourcade 3 1 Univ.

Monitoring Electronic Exams Ali Kassem 1 , Ylis Falcone 2 and Pascal Lafourcade 3 1 Univ. Grenoble Alpes, VERIMAG, Grenoble, France 2 Univ. Grenoble Alpes, Inria, LIG, Grenoble 3 Universit Clermont Auvergne, LIMOS, France The 15th International

927 views • 69 slides
Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus is on preventing fraud on the part of Protocol people building and running system. Electronic voting over the internet Dale Neal Must

508 views • 5 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot &amp; CNRS VTSA 2015 1 / 149 Outline Introduction 1 Formal

861 views • 68 slides
FSA General FSA ECDIS Formal Safety Assessment Electronic Chart Display and

FSA General FSA ECDIS Formal Safety Assessment Electronic Chart Display and

FSA General FSA ECDIS Formal Safety Assessment Electronic Chart Display and Information System Rolf Skjong, dr, chief scientist Stavanger, 8 January 2006 Background Use of risk assessment Nuclear Industry in 60s:

296 views • 28 slides
Survey of Revoting in Evoting: A formal analysis perspective Islam Faisal Hussam El-Araby

Survey of Revoting in Evoting: A formal analysis perspective Islam Faisal Hussam El-Araby

Survey of Revoting in Evoting: A formal analysis perspective Islam Faisal Hussam El-Araby Muhammad Faisal Supervised by Prof. Sherif El-Kassas Evoting Use of electronic means in the voting process The voting process Electorate, Candidates

756 views • 19 slides
Mastery Exams in Calculus I A Preliminary Report Ryan Higginbottom Washington &amp; Jefferson

Mastery Exams in Calculus I A Preliminary Report Ryan Higginbottom Washington &amp; Jefferson

Mastery Exams in Calculus I A Preliminary Report Ryan Higginbottom Washington &amp; Jefferson College April 4, 2009 Overview The History of Mastery Exams Description of Mastery Exams The Impact of Mastery Exams The Future of Mastery Exams

691 views • 39 slides
Science Exams Both have 6 exams in total Higher and foundation to choose between Triple

Science Exams Both have 6 exams in total Higher and foundation to choose between Triple

Science Exams Both have 6 exams in total Higher and foundation to choose between Triple 2 exams for each subject Each exam is 1hr 45mins long Double 6 exams for the double option Each exam is 1hr 15mins long What Focus on

445 views • 7 slides
for airlines joinsherpa.com May, 2020 Sherpas Partners 2 Leadership Team Max Tremaine

for airlines joinsherpa.com May, 2020 Sherpas Partners 2 Leadership Team Max Tremaine

for airlines joinsherpa.com May, 2020 Sherpas Partners 2 Leadership Team Max Tremaine Ivan Sharko CEO CPO Toronto Headquarters Jake Kotzer Andrew Dias Team: 18 Director of Director of Delivery Growth &amp; Partnerships &amp;

524 views • 26 slides
Handouts Board Finances &amp; the Role of Treasurer June 2012 (Amended Version) Education Act

Handouts Board Finances &amp; the Role of Treasurer June 2012 (Amended Version) Education Act

National Programme of Training for Boards of Management of Primary Schools Handouts Board Finances &amp; the Role of Treasurer June 2012 (Amended Version) Education Act 1998 S. 18 (1) A board shall keep all proper and usual accounts and

391 views • 14 slides
Tutorial: Online Shopping Roman Kontchakov Birkbeck, University of London Based on Chapter 10 of

Tutorial: Online Shopping Roman Kontchakov Birkbeck, University of London Based on Chapter 10 of

Information Systems Concepts Tutorial: Online Shopping Roman Kontchakov Birkbeck, University of London Based on Chapter 10 of Maciaszek, L.A.: Requirements Analysis and System Design (3rd edition) Addison Wesley, 2007 Outline Use Case

571 views • 14 slides
123&amp;4#&quot;*5&amp;678#&amp;'&quot;92:&amp;

123&amp;4#&quot;*5&amp;678#&amp;'&quot;92:&amp;

9/28/16 !&quot;#&quot;$%&amp;$'(&quot;()*+%,-..,/( 0+%+11&quot;23(4,&amp;##(.2( 5$678&quot;9+:(;+11.$&lt;( !&quot;#$%&amp;'(&amp;)&quot;*$#+,$$-&amp;'./-&amp; '0,/&amp; 123&amp;4#&quot;*5&amp;678#&amp;'&quot;92:&amp;

590 views • 26 slides
The CFRE Application Process: Step by Step webinar will start shortly. The CFRE Application

The CFRE Application Process: Step by Step webinar will start shortly. The CFRE Application

The CFRE Application Process: Step by Step webinar will start shortly. The CFRE Application Process: Step by Step You will be emailed a copy of the slides and a link to the recording within 24 hours Everything you want to know Who is

586 views • 42 slides
Hold Everything We Need RPA, or is it AI? EXPLOITING AI FOR PROCESS EXCELLENCE

Hold Everything We Need RPA, or is it AI? EXPLOITING AI FOR PROCESS EXCELLENCE

Hold Everything We Need RPA, or is it AI? EXPLOITING AI FOR PROCESS EXCELLENCE ajburgess.com thatspacecadetglow.com Robotic Process Automation The use of flexible software tools to automate manual activities for the delivery of

1.03k views • 73 slides
Briefing Slides From Application to Assessment Why should you apply? Who can apply?

Briefing Slides From Application to Assessment Why should you apply? Who can apply?

Briefing Slides From Application to Assessment Why should you apply? Who can apply? When to apply? What is the process? Why should you apply? SPARK Certification Benefits 1. Endorsement of centre quality 2. Information to guide

322 views • 21 slides
Financial Management for Non-Profit Finance Staff The Painless, Common-Sense Approach Learning

Financial Management for Non-Profit Finance Staff The Painless, Common-Sense Approach Learning

Financial Management for Non-Profit Finance Staff The Painless, Common-Sense Approach Learning Objectives Describe the role that finance staff play in budgeting and financial management Understand the importance of the fiscal budgeting

791 views • 45 slides

More recommend