Thursday, November 5, 2015

Secure Distribution of Examination Question papers

During various examinations the secure distribution of Question Papers is an important aspect of the entire examination. In case the paper is compromised the entire examination must be scraped and redone. This introduces a lot of cost to the examination body.

Here we attempt to develop a mechanism to securely deliver question papers for an examination on the day of the examination. Our goals encompass:
  • Secure delivery of the document to exam centers
  • Robustness of system
  • Cost effectiveness
  • Scalability
In order to facilitate this system we will use already existing technology and infrastructure, namely Internet and mobile penetration of India. We will adopt the use of technologies such as websites, public key encryption and hashing.

Common terms used here are:
  • Host: The body/institution responsible for the conduction of the examination.
  • Exam: The examination under discussion.
  • Center: A place where candidates may take the examination. May be an institution/independent body
  • Paper: The examination question paper

The resources needed to complete this objective are:
  • A website controlled by the Host.
  • Printers at the Center
  • Proper backups for printing are necessary in case primary printers fail.
The method employed is:
  • The Host encrypts the paper using PrivateKey1.
  • The resulting document is again encrypted using PrivateKey2
  • This document is made available for download on the website that the Host controls N days prior to the examination, N being selected based on the scale of the examination.
  • Along with this PublicKey2 is made available on the website to authenticate that the downloaded document was indeed indeed generated by the Host.
  • On the day of the examination, the PublicKey1 is declared using one of the mass communication methods discussed later.
  • With PublicKey2 and PublicKey1 the Center can now read the paper.
  • The center now prints copies of the paper as per requirement.
  • It stamps each paper with it's seal/stamp/hologram to verify that this physical paper was generated at the Center.
This method has several weaknesses and strengths. Some are:
  • The points of attack on the paper are reduced to only the Website and the Center.
  • Attacks on the website require a high skill set and thus limits the number of attackers to the system.
  • With proper precautions the chances of take down are limited.
  • Proper security of the website ensures proper security of paper distribution.
  • Authentication of the paper is done through public-key cryptography
Some weaknesses are:
  • There is no way to ensure that the Center prints what is received. They may print a different paper.
  • This can be remedied with a punishment system. After the examination, the Host publishes the paper as plain text.
  • If this is found to be different from what was given to the candidate at the Center, the candidate can report it.
  • In case of a candidate reporting an institute, investigation comprising of the stamped paper with the candidate and the paper published will be undertaken by the Host.
  • If Center is found guilty, it can be blacklisted and possibly a lawsuit filed against it for breach of contract.

For mass communication, SMS, email, content on website can be used to distribute PublicKey1. This has a two fold advantage.
  • People who receive can also forward the messages to their peers.
  • Distribution is organic. False keys will be eliminated by peer review.

With such a system in place it becomes possible to distribute exam papers securely and without much risk.