Design and Analysis of Secure Exam Protocols

Except for the traditional threat that candidates may want to cheat, exams have historically not been seen like a serious security problem. That threat is routinely thwarted by having invigilators ensure that candidates do not misbehave during testing. However, as recent exam scandals confirm, also invigilators and exam authorities may have interest in frauds, hence they may pose security threats as well. Moreover, new security issues arise from the recent use of computers, which can facilitate the exam experience for example by allowing candidates to register from home. Thus, exams must be designed with the care normally devoted to security protocols. This dissertation studies exam protocol security and provides an in-depth understanding that can be also useful for the study of the security of similar systems, such as public tenders, personnel selections, project reviews, and conference management systems. It introduces an unambiguous terminology that leads to the specification of a taxonomy of various exam types, depending on the level of computer assistance. It then establishes a theoretical framework for the formal analysis of exams. The framework defines several authentication, privacy, and verifiability requirements that modern exams should meet, and enables the security of exam protocols to be studied. Using the framework, we formally analyse traditional, computer-assisted, and Internet-based exam protocols. We find some security issues and propose modifications to partially achieve the desired requirements. This dissertation also designs three exam protocols that guarantee a wide set of security requirements. It introduces a novel protocol for Internet-based exams to thwart a malicious exam authority with minimal trust assumptions. Then, it proposes secure protocols suitable for both computer-assisted and traditional pen-and-paper exams. A combination of oblivious transfer and visual cryptography schemes allows us to overcome the constraint of face-to-face testing and to remove the need of a trusted third party. Moreover, the protocols ensure accountability as they support the identification of the principal that is responsible for their failure. We evaluate the security of our protocols by a formal analysis in ProVerif. Finally, this dissertation looks at exams as carried out through a modern browser, Safe Exam Browser (SEB). It was specifically designed to carry out Internet-based exams securely, and we confirm it immune to the security issues of certificate validation. Using UML and CSP, we advance a formal analysis of its requirements that are not only logically conditioned on the technology but also on user actions. By extending this analysis onto other browsers, we state general best-practice recommendations to browser vendors.