Jordi Castell` -Roca† ,Jordi Herrera-Joancomarti‡ and Aleix Dorca-Josa§ a † Rovira i Virgili University of Tarragona, Dept. of Computer Engineering and Maths, Av. Paisos Catalans, 26, E-43007 Tarragona, Catalonia ‡ Universitat Oberta de Catalunya, Av. Tibidabo 39, 08035 Barcelona § Universitat d’Andorra, Placa de la Germandat, 7, AD600 Sant Juli` de L` ria, Principat d’Andorra ¸ a o E-mail: † firstname.lastname@example.org, ‡ email@example.com, § firstname.lastname@example.org
Secure electronic exams are one of the most difﬁcult challenges in e-learning security. The relevance of the examination process for any academic institution implies that different security mechanisms must be applied in order to preserve some security properties during different examination stages. In this paper, we present a secure e-exam management system where all exam related information is in digital format. We propose a cryptographic scheme that has to be executed in order to achieve the desired security levels at every exam stage. Keys words: e-learning security, electronic exams (eexam), cryptographic protocols.
In e-learning environments, students and teachers use Internet on a regular basis in order to follow/receive lectures, ask/answer questions and send/receive assessments. However, e-learning (or in general distance learning) universities rely on an examination process in which students hold a face to face exam in a physical place determined by the university under supervised conditions. Such conditions ensure the correctness of the exam, a difﬁcult task to achieve in a virtual exam model. Face to face exams allow to check students identity and ensure exam authoring using traditional means (checking an identity card and ensuring no one helps the student during the exam). Ensure student identity and authoring in a virtual or distance exam has been pointed out as a hard problem in the literature  with a difﬁcult solution. Then, e-learning institutions still need face to face exams. However, face to face exams represent an important effort for e-learning institutions. Typically, e-learning universities do not have enough
physical facilities for all students so they have to rent buildings in order to allow students to hold their exams. Furthermore, exam management becomes more complex since such external examination centers must be provided with all management mechanism to ensure that students will be able to perform their exam in a desired location and later on, all exam answers will be properly collected and sent to the teachers that have to correct them. For all those reasons, improving exam management systems has clear advantages for distance learning institutions. In order to simplify exam management it is desirable that all exam stages can be performed electronically, so exams are turned into e-exams. Notice that we use the term eexams to refer to exams (in fact, all exam stages) that can be performed by electronic means. However, we do not assume that e-exams are distance or virtual exams, since such property implies different security concerns. In this paper, we assume that students hold the exam in a supervised environment, but electronically, that means the student uses a computer to take the exam. Intrinsically, exam management needs to achieve a good security level, since the correctness of this process ensures somehow the quality of the university. For that reason, the design an electronic management system for exams should take a special care of security. Security in e-learning environments has been addressed in different literature works. A high level overview of this topic can be found in [6, 5, 3, 14]. All these works share the main ideas regarding the way to achieve better security levels in e-learning environments. Public key infrastructures (PKI) are identiﬁed as an adequate technology in order to provide conﬁdentiality, authenticity, integrity and non-repudiation,...