%0 Conference Proceedings
%T A Secure Exam Protocol Without Trusted Parties
%+ Università degli studi di Catania = University of Catania (Unict)
%+ University of Luxembourg [Luxembourg]
%A Bella, Giampaolo
%A Giustolisi, Rosario
%A Lenzini, Gabriele
%A Ryan, Peter, A.
%Z Part 7: Applied Cryptography
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 30th IFIP International Information Security Conference (SEC)
%C Hamburg, Germany
%Y Hannes Federrath
%Y Dieter Gollmann
%3 ICT Systems Security and Privacy Protection
%V AICT-455
%P 495-509
%8 2015-05-26
%D 2015
%R 10.1007/978-3-319-18467-8_33
%Z Computer Science [cs]Conference papers
%X Relying on a trusted third party (TTP) in the design of a security protocol introduces obvious risks. Although the risks can be mitigated by distributing the trust across several parties, it still requires at least one party to be trustworthy. In the domain of exams this is critical because parties typically have conflicting interests, and it may be hard to find an entity who can play the role of a TTP, as recent exam scandals confirm. This paper proposes a new protocol for paper-based and computer-based exams that guarantees several security properties without the need of a TTP. The protocol combines oblivious transfer and visual cryptography to allow candidate and examiner to jointly generate a pseudonym that anonymises the candidate’s test. The pseudonym is revealed only to the candidate when the exam starts. We analyse the protocol formally in ProVerif and prove that it satisfies all the stated security requirements.
%G English
%Z TC 11
%2 https://inria.hal.science/hal-01345141/document
%2 https://inria.hal.science/hal-01345141/file/337885_1_En_33_Chapter.pdf
%L hal-01345141
%U https://inria.hal.science/hal-01345141
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-TC11
%~ IFIP-AICT-455
%~ IFIP-SEC