340
3, AUGUST 2009
Enhanced Security for Online Exams
Using Group Cryptography
Im Y. Jung and Heon Y. Yeom
Abstract—While development of the Internet has contributed to
the spread of online education, online exams have not been widely
adopted. An online exam is defined here as one that takes place over
the insecure Internet, and where no proctor is in the same location
as the examinees. This paper proposes an enhanced secure online
exam management environment mediated by group cryptography
using remote monitoring and control of ports and input. The target
domain of this paper is that of online exams for math or English
contests in middle or high school, as well as exams in online uni-
versity courses with students in remote locations.
Index Terms—Cheating control, e-monitoring, group cryptog-
raphy, online exam, secure exam management.
I. INTRODUCTION
NLINE education has expanded rapidly [1]–[3]. Even
O so, the off-line test is usually chosen as the evaluation
method for both off-line education and online education. The se-
curity of online examinations remains a problem. In some cases,
the person writing the exam on a networked computer is moni-
tored by a proctor at some predetermined location [4], [5]. But,
the requirement for an exam location goes against the acces-
sibility, the major attraction of e-learning or distance learning.
The requirement may also negate the cost savings generated by
e-learning or pose obstacles for remote students.
Simplification and automation of educational processes are
other benefits of online education [6], [7], and online exams
inherit these advantages.
To remove the requirement for human intervention in secure
online exam management so as to capitalize on the advantages
of online processes, this paper proposes a solution to the issue of
security and cheating for online exams. This solution uses an en-
hanced Security Control system in the Online Exam (SeCOnE)
which is based on group cryptography with an e-monitoring
scheme. The cryptography supports enhanced security control
for the online exam process, as well as authentication and in-
tegrity. The e-monitoring provides a proctor function to remote
examinees to prevent cheating, and thus removes the require-
ment of having to go to a fixed location. The target of this paper
is online exams for mathematics or English contests in middle
Manuscript received June 25, 2007; revised June 11, 2008. First published
May 12, 2009; current version published August 05, 2009.
The authors are with the School of Computer Science Engineering, Seoul
National University, Seoul 151-742, Republic of Korea (e-mail: iyjung@dcslab.
snu.ac.kr).
Color versions of one or more of the figures in this paper are available online
at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TE.2008.928909
0018-9359/$26.00 © 2009 IEEE
IEEE TRANSACTIONS ON EDUCATION, VOL. 52, NO.
or high school, and exams in online university courses with stu-
dents at remote locations. This paper addresses the problem of
administering an online exam at a fixed time with the same ques-
tions for all examinees, just like an off-line exam, but without re-
stricting the physical location of the examinees. As the SeCOnE
system enables many kinds of tests to be given online, it can pro-
vide teachers with better evaluation standards for students and
may contribute to improving the quality of education. The rest
of this paper is organized as follows. Section II describes pre-
vious work on guaranteeing the security of online exams, as well
as current applications of the online exam in distance learning.
Section III analyzes the requirements for a secure online exam.
Section IV describes the system architecture and the manage-
ment of enhanced secure online exams system using SeCOnE.
Section V demonstrates the soundness of the proposed scheme
by analyzing the scheme for preventing and detecting cheating,
the security settings, and the overhead in SeCOnE. Conclusions
and areas of future research are presented in Section VI.
II. RELATED WORK
One proposal for secure online exams [4] was based on a se-
cure exam protocol with an omnipotent central manager who
controlled all the information for students, teachers, problem
sheets, answer sheets, and grades. The weakness of this system
was that the manager was assumed to be absolutely honest.
Moreover, a restricted room was required for the exam, to pre-
vent cheating. Thus, the proposed exam scheme did not share
the advantages of online education.
The security problems related to online exams include not
only unauthorized access to the problem sheets before the
exams, but also modification of the questions, the answers,
and the grades [4]. In addition, different cheating patterns exist
[8], [9], including copying the answers of others, exchanging
answers, searching the Internet for answers, using the data and
software saved on the student’s local computer [10], [11], and
discussing the exam by e-mail, phone, or instant messaging.
Several methods of combating this include giving a different
problem set to each student [7], [9], restricting the exam room
[10], [12], or limiting the number of answer submissions to
one [10]. Research has focused on methods to check student
identities and to communicate securely between teachers and
students [4], [13], rather than on countermeasures against
cheating on online exams.
Cheating on off-line exams is also a big problem. According
to some studies [6], [14], as the level of communication between
teachers and students decreases, the tendency to cheat increases.
This effect has a direct impact on online exams, when students
may have little contact with their teachers.
JUNG AND YEOM: ENHANCED SECURITY FOR ONLINE EXAMS
Most modern online education uses Web-based commercial
course management software [15] such as WebCT [10], Black-
board [9], or software developed in-house. This software is not
used widely for online exams, due to security vulnerabilities,
and the system must rely on students’ honesty or their having
an honor code [16].
Previous Web-based approaches to online exams have high-
lighted easy accessibility and simplified exam management
[7], [8], [12], [13]. However, authentication through only a
user name and password can be the weak point in the security
of online exams. The very environment in which students can
use a Web browser and the Internet enables them to search the
Internet and to communicate with others for help during the
exam.
One proposal was to use a Webcam to prevent cheating by
randomly transmitting pictures of students during online exams
[8]. However, several soundless pictures of a student do not
show what that student is doing or why he or she is doing it,
or even if cheating is taking place through Web searching, the
use of saved data, or chatting.
Considerable discussion has taken place on group protocols
and group-mediated communications to ensure secure commu-
nications among group members [17], [18]. This discussion
has included the consideration of secure group composition,
secure intergroup communication using a public key, and secure
intragroup communication using the symmetric key through
the Diffie-Hellman key exchange [19]. This paper adopts two
groups for secure communication between distributed entities
in the online exam system. The intergroup communication is
protected through public key infrastructure (PKI), while intra-
group communication uses several symmetric Diffie-Hellman
keys. The “group” in this paper is a concept for entities with
similar roles.
III. REQUIREMENTS FOR A SECURE ONLINE EXAM
The requirements for a secure online exam are as follows.
• Accessibility Online exams should be possible without re-
gard to location and time.
• Monitoring The absence of proctoring on online exams
may relax [6], [14] the examinees and encourage cheating
[8]. Therefore, it is necessary for an online exam manage-
ment system to have some monitoring method to prevent
and to detect cheating.
• Management Online exam management includes problem
creation, problem sheet distribution, answer sheet collec-
tion, marking, grade posting, and handling of appeals. The
cost savings of online exams mitigate the burden of exam
enforcement and induce many examinees located at very
remote sites to participate in the exam. Educators can ob-
tain more objective standards for evaluation. The automatic
management of exams lets the examinees know their exam
performance very quickly. Online exams permit both edu-
cators and examinees to achieve their objectives efficiently.
An online exam should also have the following features.
• Authenticity The identities of the examinee, examiner,
marker, and proctor should be all authenticated and veri-
fied at every step in the online exam process, because it is
difficult to identify them “face-to-face” online.
341
• Integrity Problems and answers should both be checked for
their integrity, to detect unauthorized changes. Only one
submission of the answer sheet should be allowed, and the
submission of answers after the exam has ended should be
prohibited. The unauthorized deletion or the modification
of the materials related to the exam should be impossible,
or at least detectable.
• Secrecy The problem sets should be available to the ex-
aminees only during the exam period. The answer sheets
should be kept securely before grading.
• Copy Prevention and Detection Types of cheating dis-
cussed in this paper are
— impersonating an examinee;
— getting help from others, or helping an examinee with
the exam;
— discussing the exam with others;
— using unauthorized electronic material that may be
helpful in completing the exam; and
— intercepting or interfering with communications during
an online exam.
Cheating should not be permitted during the exam, or at
the very least, should be detected after the fact.
IV. AN ENHANCED SECURITY CONTROL
IN THE SeCONE SYSTEM
A. Architecture of the SeCOnE System
As shown in Fig. 1, all entities in the SeCOnE system per-
form their roles as members of either group or . re-
ceives the problems and the right answers from , and then
distributes the problems and collects the answer sheets from .
A proctor monitors the examinees through using the mon-
itor data in . Through , an examinee belonging to and
managed by , can take the online exam. The group agents
and create a set of public and private keys [20] for each
group. They distribute this set of keys to their group members at
each exam, and exchange the public keys with each other. The
public key of each group is used for secure intergroup commu-
nications. For secure communications among group members,
they use the symmetric keys created by the Diffie-Hellman key
exchange [21].
B. Equipment
The examinees’ computers should be equipped with We-
bcams and microphones. High-quality Webcams are readily
available now and are constantly improving [22], [23]. There-
fore, the use of Webcams in online exams is not considered
unreasonable.
C. The SeCOnE System Software
The SeCOnE system software is divided into two parts de-
pending on the role, that is, whether it is on the client side ,
or server side .
The operating system of the examinees’ computers and the
proctor’s computer is assumed to be Windows XP or Windows
2000. However, the program semantics are not confined to Win-
dows because the APIs to control the examinee’s computer and
342 IEEE TRANSACTIONS ON EDUCATION, VOL. 52, NO. 3, AUGUST 2009

Fig. 1. The system architecture of SeCOnE.

Fig. 2. Online exam setup.

Fig. 3. Scheduler architecture.

to handle the multimedia data are also available in Linux and input the problems, the right answers, the exam duration,
Unix environments. and the time assigned for each problem, the examiner is
1) Server Side: verified through with by the Exam Setup Man-
• Scheduler agement module in . Through the Problem/Answer
As shown in Figs. 2 and 3, through the Examiner/Ex- Management module, the problems, the right answers,
aminee management module, obtains the temporary and the time allocated to the problems are saved in the
identity of the examiner from directly when an database (DB), which is accessed only by . When
online exam is set up. The identity is encrypted with the connects to with its identity, and its IP,
symmetric key shared by and . To , the Examiner/Examinee management module
JUNG AND YEOM: ENHANCED SECURITY FOR ONLINE EXAMS
Fig. 4. Online exam client state transition diagram.
Fig. 5. Monitor server architecture.
sends them to and requests the verification of the ex-
aminee. As is encrypted with , exam are managed by Question management. Inquiries
cannot know its identity nor can verify the examinee.
After the verification, saves and in the
DB and sends to . Then, it sends the prob-
lems and the time assigned for the exam to
through the Exam Process Management module.
According to the exam management policy of the
SeCOnE system, at the end of the exam or earlier, the
answer sheets submitted by the examinees are delivered
to the Exam Process Management module, which saves
the answers in the DB, then the Grade Management
module marks them with the correct answers provided
by . The grades are also kept in the DB. The an-
swer sheets marked by can be referenced by
through the Grade Management module when subjec-
tive questions are included in the problems. The grades
are distributed to the s after all the examinees have
submitted their answer sheets. If an examinee, whose
identity is , is not satisfied with his or her grade
, he or she sets up an appeal to
through the Exam Process Management module. The
claim is delivered to through the Claim Manage-
ment module, and a regrading is initiated. The Time
Control module manages the exam time, and the Exam
State Management module checks the states of all s managed through the Video Stream Management, Audio
according to Fig. 4. The Authentication Management
module is responsible for the integrity checking of the
communication messages and the examinee authenti-
343
cation. The inquiries from the examinees during the
are saved in the DB first so that can provide the
replies for them one by one. When the replies are
checked by the Question Management module, they
are immediately transmitted to the , which sent out
the questions. Secure intragroup communication goes
through the Intragroup Communication Control module
in . This module manages the symmetric keys shared
between and the other members in .
• Monitor Server
As shown in Fig. 5, when the Examinee Management
module in receives the examinee’s IP from ,
it prepares a directory to save the monitor data of the
examinee in a file server. The module also verifies
the examinee by comparing the IP with that from
as shown in Fig. 2. The monitor data are saved with
the reference photos for the examinees from ; the
photos were taken when authenticated the exam-
inees. During or after the exam, a proctor connecting
through can verify an examinee by comparing
the stored reference photo and the monitor data. The
Online Exam Client Handler module notifies the ports
to which video, audio, and screen captures of are
sent. Then, the three types of the monitor data are
Stream Management, and Screen Capture Management
modules, respectively. Before the exam starts, a proctor
should connect to through and test whether
344 IEEE TRANSACTIONS ON EDUCATION, VOL. 52, NO. 3, AUGUST 2009

Fig. 6. Online exam client architecture.

the monitor data are reaching and being saved in . the task bar, and the icons in the background of the
Of course, to connect to , should be verified computer screen are hidden and the execution of a new
in advance with its temporary identity issued by process, or a new thread, on a new desktop is prohibited.
. The monitor data such as video, audio, and screen The video of the examinees is captured using the VFW
snapshots are saved with the time stamps that tell when and WAVE APIs. As Windows programming APIs, they
they were created and when they arrived at . are based on vfw32.lib and winmm.lib, respectively.
connects to through the Monitor Client Handling The video stream from the Webcam is compressed
module and obtains the monitor data. using H.263 [26] and sent to . The audio stream
• Examinee Group Agent from the microphone is sent to without compres-
prepares two sets of public and private keys, sion because of its small size. The screen snapshot
and is processed through the Capture API to reduce its
when is created. The former set is for and the resolution and its size, and is then sent to . The
latter is for itself. also issues one-time identi- modules that produce the three types of monitor data,
ties for the members of after the authentication of that is, the Video Stream Control, Audio Stream Control,
the examinees. Verification with the Webcam should and Screen Capture modules, operate as simultaneous
be carried out through the client to by an exam threads until the exam ends. The online exam proceeds
administrator. under the control of the Online Exam Process Control
• Exam Admin Group Agent module. The problems and the grades are distributed to
As , creates and the examinees through the Problem Management and
when registers itself to Grade Management modules, respectively. submits
and is created. also issues one-time iden- the answers to through the Answer Management
tities for its group members after authenticating them. module, and the exam time is managed by the Time
As shown in Fig. 2, sends the identity of and Control module. An appeal is sent to through the
the of to . It also sends the identity of the Grade Management module. The questions during the
examiner to . Through the identities, the s exam are handled by the Question Window module.
for the examinees and the public key of the group, The Exam Setup Management module obtains the tem-
and check the integrity of the data that the members porary identity of and the IP of from . The
of and sent and received each other. communications between and are through the
• Proctor Client Intragroup Communication Control module. The Exam
connects to to supervise the exam by the monitor State Management module in manages the states of
data during the exam and even afterward. The proctor shown in Fig. 4. If failures in the state transition or
should first register at and be authenticated with a abnormal execution of a program occur in the SeCOnE
temporary identity when connecting to though system, the examinees can no longer submit answers.
.
2) Client Side D. Enhanced Security Handling for the Online Exam Process
• Online exam client
In , which is installed on the examinee’s computer, 1) Setup for the Exam Environment: All examinees down-
all communications except those related to the online load and install it on their computers. One monitor per ex-
exam process are prohibited by closing all the ports irrel- aminee is assumed. runs as a full screen program and closes
evant to the exam using a filter-hook driver [24]. More- all ports except those required for the online exam and checks
over, as shown in Fig. 6, other applications on the exam- the Webcam and microphone. After the environment for the
inee’s computer, except , are prohibited from starting online exam is set up and the examinee is authenticated, the
up by a keyboard-hook [25]. In addition, the start menu, problem sheet is distributed. opens the problem sheet for
JUNG AND YEOM: ENHANCED SECURITY FOR ONLINE EXAMS 345

Fig. 7. A secure online exam process.

the examinee upon receipt of the message from to start the requests the verification of to and checks the
exam. integrity of the problems and the answers. By checking the
2) Setup of an Online Exam: Fig. 2 shows the setup of state of s, manages the state of the online exam to detect
an online exam initiated by , which registers itself to abnormal situations such as faults in state transition, as shown
and receives its temporary identity in the form in Fig. 4.
of . When an examinee registers with 4) Grading: As shown in Fig. 7, after submits
through , he or she receives in the form of and is authenticated by , marks the
from as a member of and . answer sheet with the right answers provided by and
Then, as shown in Fig. 7, connects to and requests gives the grade . If subjective questions occur in the
its authentication by sending and . problems, the final grade is decided by the marker
After registers with , sends , , and through . or is distributed to
for to . sends and to when all the examinees finish their exams. verifies the
to be a reference for detecting cheating. When notifies integrity of the grade with its digital signatures
of , checks whether the IP is in the IP list or , and opens them to the examinee whose
of the examinees from . If the IP is valid, requests identity is .
the transmission tests of the monitor data for the examinee. 5) Appeal: If the examinee, whose identity is , is not
When the data stream of video, audio, and the screen shots satisfied with his or her grade, he or she can submit an ap-
for examinees are transmitted to and successfully saved, peal with the grade to through
a proctor inspects them through and decides whether the as shown in Fig. 8. When the marker checks the appeal and re-
online exam environment is ready for the examinees. grades as , then sends to the examinee.
3) Control of the Online Exam: After the online exam is
set up, sends the problem sheet , its digital signature
V. ANALYSIS
signed by , and the identity of the exam-
iner to as shown in Fig. 7.
A. Security Proof for SeConE and E-monitoring
checks the integrity of with and requests
verification of the examiner by sending to . 1) Online Exam Process and System Modeling:
After verifying that no anomalies exist in the problem sheet, Fulfillment of Security Requirements: The SeCOnE system
sends the ready message to . When receives the ready provides an easy and automated exam process. Also, because the
message from all the examinees, it sends the start message to system does not restrict the examinees’ location at the time the
all the s. At that point, lets examinees see the problems online exam is given, the system preserves accessibility. This
one by one. The monitor data for all examinees are transmitted is made possible through the e-monitoring and the enhanced
to the monitor server until the exam ends. sends security control in SeCOnE.
, , , , Through the e-monitoring method proposed, the examinees
, as well as its answer sheet, to . can be watched, just like in an off-line exam. Any cheating that
346
Fig. 8. Appeal of a grade and reassessment.
was not noticed during the exam can be detected through the
monitor data saved on the monitor server.
The enhanced security for the online exam is controlled
through the intergroup communication based on PKI, the intra-
group communication using symmetric keys and the temporary
identity. The exam administrative group and the examinee
group are set for every exam. All the entities related to an exam
belong to one of those two groups. Agents for the two groups
issue the temporary identities to their group members. Neither
they nor the group members themselves know the identities of
the other group members. Furthermore, a group member does
not know his or her temporary identity, because it is issued in
an encrypted form protected by the public key of the verifier,
the other group agent. The identities are exchanged by the
group agents. Thus, when a group member receives a message,
he or she requests the verification for the sender from the group
agent. In addition, message integrity for problems, answers,
and grades is guaranteed through the use of digital signatures.
Because temporary identities are used in the online exam, it
is very important to confirm the identity of someone who is
issued a temporary identity. In this paper, that confirmation is
performed via a Webcam. An exam administrator connecting
to the agent program verifies the person to be authenticated,
using the Webcam. In this process, a reference photograph of
the group member is taken and saved in the monitor server for
later detection of possible impersonation.
Because the online exam client controls the examinee’s exam
environment by providing the problems one by one, the exam-
inee cannot submit answers more than once, or cancel or change
an answer after submitting it. The exam cannot be deleted or
canceled unless the examinee halts the online exam client on his
or her computer. In SeCOnE, the number of answers to be sub-
mitted can be compromised according to the problems and the
exam policy. This feature contributes to reducing the chance of
cheating, as well as to the introduction of a flexible online exam
management.
The problems are managed by the online exam client after
they are issued by the scheduler, but they are not opened before
the scheduler sends the message to start the exam. The message
is sent only after the online exam environment has been set up
and all the online exam clients send the “ready” message to the
scheduler. Therefore, it is possible for all examinees to take the
IEEE TRANSACTIONS ON EDUCATION, VOL. 52, NO. 3, AUGUST 2009
online exam simultaneously. If, however, it is difficult for all ex-
aminees to take an online exam at the same time, examiners can
prepare one set of problems for each of several exam times so
that the examinees can choose the time that suits them best. The
grades are marked with the correct answers already provided by
the examiner and automatically saved in the database (DB) if
no subjective questions were asked. The grades, as well as the
problems and the right answers, are kept secure because access
to the DB is restricted to the scheduler. And, because all exam-
inees’ computers are restricted from engaging in Internet com-
munications except for those related to the online exam process,
Internet-related accidents in the online exam process should be
rare.
Completeness of System Modeling: In the SeCOnE system,
online exams have been described using the same semantics
that apply to offline exams. Through the examiner , the
person setting the exam can provide the problems and their
right answers. Through the marker, she or he can mark the sub-
jective questions and decide the final grades for the examinees.
Through the proctor, she or he can supervise the examinees
with the monitor data saved in the monitor server in near
real time. The problems, their right answers, and the answer
sheets from examinees are managed by the scheduler. The
authentication, which traditionally was based only on a user
name and password, is strengthened by the group management.
This process includes verification by Webcam and issuance of
temporary identities for every exam. No entity can know all
the information, such as the real identities of the entities or the
cryptographic keys in the system. This precaution avoids the
potential for system compromise due to the failure of a single
entity because of maliciousness or an external attack.
The SeCOnE system is based on an open architecture, and
the scheduler and the monitor server are scalable depending on
the predicted load for them. Having the monitor data saved in
the monitor server reduces the probability that cheating during
an exam will be missed by the proctor. In this system, more
proctors are not required as the number of examinees increases,
as would be the case in an off-line exam.
B. Cheating Prevention and Detection Through E-monitoring
Cheating is any behavior that places the fairness of the exam
in doubt. Although not all cheating techniques may be covered,
JUNG AND YEOM: ENHANCED SECURITY FOR ONLINE EXAMS 347

the scheme proposed in this paper is a way to avoid simply

relying on the examinee’s sense of honor not to cheat. The
SeCOnE system adopts five methods to prevent and detect
cheating. First, the identities of entities in the system are
verified by a Webcam, and the reference photos taken during
the verification process are saved for authentication during the
exam. Second, the monitor data for the examinees are recorded
and saved during exam. With continuous recording of video and
audio during the exam rather than isolated images, a proctor
can better understand the examinee’s situation and reduce the
chance of false-positives or negatives in the determination of
cheating, even after the exam. Third, through the screen shots
saved in parallel with videos of an examinee, a proctor can
better determine what the examinee is actually doing with his
or her computer. Fourth, all communications by the examinees,
except for those required for the online exam, are disabled
through port control. All ports except those required for the
online exam are disabled and the ports used can be chosen
randomly for each examinee; the ports to be used have only
to be sent to the exam administrative group with the IP of the
exam client. Therefore, cheating through a fixed port can be
rare. Fifth, all other programs except the online exam client
are deactivated by controlling the inputs of the examinees.
By cutting off electronic communications and disabling other
computer programs or inputs on the examinees’ computers, the
examinees can be prohibited from cheating using their local
computer or the Internet.

C. Overhead
1) The System Architecture of SeCOnE: The physical equip-
ment for an online exam includes computers with Webcams and
microphones.
The communications for an online exam take place mainly
before and after the exam time. During the exam, only the mon-
itor data, a few messages to check the exam state, and ques-
tions, if any, flow to the server side. Because SeCOnE has an
open architecture, the scheduler and the monitor servers should
be made up of as many machines as required to provide their
services with as small a latency as possible during the online
exam; this number of machines will depend on the number of
examinees.
2) Online Exam Management: Communications before
exam time are required to authenticate the entities in the
SeCOnE system and to setup the exam process. The system
requires key management services for the symmetric and public
keys as well as for the secure cryptographic scheme, but the
encryption and decryption do not take place during the exam.
3) Cheating Prevention and Detection: The overhead related
to preventing and detecting cheating is related to the transmis-
sion delay and the storage requirements for the monitor data.
To analyze these issues, a prototype of the SeCOnE system was
constructed and the amount of data per second created by the
online exam client was measured.
A Logitech QuickCam Pro4000 with an embedded micro-
phone was used. The online exam client was installed on a Pen-
tium IV 3.00 GHz CPU computer with 1 GB RAM running
Fig. 9. The performance of monitor data delivery. (a) MAX, AVG, and MIN
buffer requirements at the gateways of nodes. (b) Node delay per packet.
Windows XP. For the video data, the frame rate was set to 15
and the maximum allowed drop rate was 50%. Video data was
compressed using H.263. The audio data were not compressed.
Screen images were captured twice a second, at a resolution of
1280 1024 pixels, and then lowered to 256 colors, reduced to
quarter the original size, and converted to GIF. For a 1-h exam,
the amount of data saved on the monitor server for each exam-
inee is 720 MB, which could be stored on a single CD.
The load estimation for the monitor server with many ex-
aminees was also analyzed using queuing theory and a corre-
sponding simulation. The modeling and the simulation indicated
how many monitor servers should be provided, and how long
the transmission delay would be as a function of the number
of examinees. It was assumed that the arrival rate at the mon-
itor server followed the Poisson distribution, and the monitor
server itself was considered as M/M/1. Link or node failures, or
the propagation delay, were not considered. The performance
of the model was measured using the value of , which is the
average time for a packet to stay in the monitor server, and B,
which is the size of the packet buffer in the gateway at the mon-
itor server to avoid dropping packets above the probability
as (1). is the total number of examinees, is the arrival rate
at . The service rate in the monitor server can be derived
as (2) where is the time required to copy one packet of
the monitor data because one copy is saved in the monitor server
348
and the other copy is transferred to the proctor who requested it
for monitoring purposes
(1)
(2)
When the distribution of packet lengths is assumed to be ex-
ponential with 515 bits/packet and the link capacity is fixed
as 100Mb/s, the is given as 5.15 . The copy time
is measured on a Pentium IV 3.2 GHz computer with 2 GB
RAM, running FreeBSD-4.11. The values of and
were 4.25 /packet and 4 packets/s, respectively, averaged over
1000 trials. To obtain , the drop ratio bound was set to
. Fig. 9(a) shows the maximum (MAX), average (AVG),
and minimum (MIN) buffer requirements of at the gateways
of nodes for the given . In Fig. 9(b), the delay per packet
in a node affects the delay of the monitor data delivered to the
monitor server. As the number of examinees increases, the total
volume of the monitor data also increases. Even though the
transmission environment of the monitor data was simplified
in the modeling, one monitor server is expected to be able to
cope with up to 30 examinees without major problems. But, the
monitor servers can be augmented according as the number of
examinees increases.
VI. CONCLUSIONS AND FUTURE WORK
This paper describes how the SeCOnE system provides both
a secure online exam management and a scheme for the preven-
tion and detection of cheating using e-monitoring. The measures
for preventing and detecting cheating proposed in this paper
cover cheating methods identified for the online exam process
via computer or Internet, although it may not address all possible
cheating methods. This paper is targeted towards exams admin-
istered through the Internet at a fixed time with one problem set,
but without any restriction on the exam location. A powerful
feature is that SeCOnE can be applied to an exam administered
at different times. In this case, the examiner should prepare as
many problem sets as there are exam times, in order to prevent
cheating during the exam. One overhead cost for this system
is in the preparation of the equipment, such as Webcams and
microphones, to monitor and to authenticate the entities. A net-
work load due to monitor data transfer and the storage is another
overhead to be considered, but this is not a major obstacle when
data compression is used and more monitor servers are prepared.
Future research will consider the effects of malicious entities
in the system, and the processes involved in handling failures.
REFERENCES
[1] Golden Gate University [Online]. Available: http://www.ggu.edu/cy-
bercampus/DegreesCourses/ClassSchedule
[2] Univ. Phoenix Online [Online]. Available: http://online.phoenix.edu/
Degree_Programs.asp
[3] New York University [Online]. Available: http://www.scps.nyu.edu/
areas-of-study/online/
IEEE TRANSACTIONS ON EDUCATION, VOL. 52, NO. 3, AUGUST 2009
[4] C.-R. Jordi, H.-J. Jordi, and D.-J. Aleix, “A secure E-exam manage-
ment system,” in Proc. 1st Int. Conf. Avilabil., Reliab. Security, 2006.
[5] TOEFL [Online]. Available: http://www.ets.org/bin/getprogram.cgi?
Source=toefl&newRegURL=&test=TOEFL&greClosed=new&gre
ClosedCountry=China&browserType=Other&toeflType=&redirect
=&t_country1=group_Korea%28Rok%29
[6] N. Rowe, “Cheating in online student assessment: beyond plagiarism,”
The Online J. Distance Learn. Administr., vol. 7, no. 2, 2004.
[7] J. McGough, J. Mortensen, J. Johnson, and S. Fadali, “A Web-based
testing system with dynamic question generation,” in Proc. 31th ASEE/
IEEE Frontiers in Educ. Conf., Reno, NV, 2001, vol. 3, pp. S3C–23.
[8] C. C. Ko and C. D. Cheng, “Secure Internet examination system based
on video monitoring,” Internet Res.: Electron. Netw. Appl. Policy, vol.
14, no. 1, pp. 48–61, 2004.
[9] The Blackboard Northern Illinois Univ. [Online]. Available:
http://www.blackboard.niu.edu/blackboard/
[10] C. Rogers, “Faculty perceptions about e-cheating during online
testing,” J. Comput. Sci. Colleges, vol. 22, no. 2, pp. 206–212, 2006.
[11] D. L. McCabe, L. K. Trevino, and K. D. Butterfield, “Cheating in aca-
demic institutions: A decade of research,” Ethics Behav., vol. 11, no.
3, pp. 219–232, 2001.
[12] F. DePiero, “Netexam: a Web-based assessment tool for Abet2000,” in
Proc. 31st ASEE/IEEE Frontiers in Educ. Conf., Reno, NV, 2001, vol.
2, pp. F3A–13.
[13] A. Shafarenko and D. Barsky, “A secure examination system with
multi-node input on the world-wide Web,” in Proc. Int. Workshop on
Adv. Learn. Technol., 2000, pp. 97–100.
[14] J. Burgoon, M. Stoner, J. Bonito, and N. Dunbar, “Trust and deception
in mediated communication,” in Proc. 36th Hawaii Int. Conf. Syst. Sci.,
2003, pp. 44–54.
[15] W. L. Goffe and K. Sosin, “Teaching with technology: May you live in
interesting times,” J. Econom. Educ., vol. 36, no. 3, pp. 278–291, 2005.
[16] J. C. Adams and A. A. Armstrong, “A Web-based testing: A study in
insecurity,” World Wide Web, vol. 1, no. 4, pp. 193–208, 1998.
[17] D. Agarwal, O. Chevassut, M. R. Thompson, and G. Tsudik, “An in-
tegrated solution for secure group communication in wide-area net-
works,” in Proc. IEEE Symp. Comput. Commun., 2001, pp. 22–28.
[18] K. Berket, D. A. Agarwal, P. M. Melliar-Smith, and L. E. M. Ernest,
“Overview of the intergroup protocols,” Lecture Notes in Comput. Sci.,
vol. 2073, pp. 316–325, 2001.
[19] E. Bresson, O. Chevassut, and D. Pointcheval, “Provably-secure au-
thenticated group Diffie-Hellman key exchange,” ACM Trans. Inf. Syst.
Security J., vol. 10, no. 3, 2007, Article 10.
[20] K. D.-P. N, A. Rouskas, and S. Gritzalis, “A PKI approach for de-
ploying modern secure distributed e-learning and m-learning environ-
ments,” Comput. Educ., vol. 48, no. 1, pp. 1–16.
[21] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE
Trans. Inf. Theory, vol. IT-22, pp. 644–654, Nov. 1976.
[22] Linksys WebCAM [Online]. Available: http://www.
linksys.com/servlet/Satellite?c=L_Product_C2&child page-
name=US%2FLayout&cid=1175229403526&pagename=
Linksys%2FCommon%2FVisitorWrapper&lid=0352686883B01
[23] Logitech WebCAM [Online]. Available: http://www.logitech.com/
index.cfm/ webcam_communications/webcams/&cl=kr,ko
[24] Filter-Hook Drivers, MSDN Library [Online]. Available: http://msdn2.
microsoft.com/en-us/library/ms802735.aspx
[25] Keyboard Control MSDN Library [Online]. Available: http://msdn2.
microsoft.com/en-us/library/ms644985.aspx
[26] Draft ITU-T Recommendation H.263 ITU-T, 1996.
[27] J. Georage and J. Carlson, “Group support systems and deceptive com-
munication,” in Proc. 32th Hawaii Int. Conf. Syst. Sci., 1999, vol. 1, no.
1, p. 1038.
[28] Korea’s Education Broadcasting Station [Online]. Available:
http://www.ebs.co.kr/Contents/TV/,
[29] BBC On-line Learning site [Online]. Available: http://www.bbc.co.uk/
learning/
[30] K. O. Jones, J. Reid, and R. Bartlet, “E-learning and E-cheating,” in
Proc. 3rd E-Learn. Conf., 2006.
[31] T. Wielicki, “Integrity of online testing in E-learning: empirical study,”
in Proc. 4th Ann. Int. Conf. Pervasive Comput. Commun. Workshops
(PERCOMMW’06), 2006, pp. 206–210.
[32] Y. Zhenming, Z. Liang, and Z. Guohua, “A novel Web-based online
examination system for computer science education,” in Proc. 33rd
ASEE/IEEE Frontiers in Educ. Conf., 2003, pp. S3F_7–S3F_10.
[33] D. M. Eplion and T. J. Keefe, “On-line EXAMs: Strategies to detect
cheating and minimize its impact,” in Proc. 10th Ann. Technol. Conf.,
2005.
JUNG AND YEOM: ENHANCED SECURITY FOR ONLINE EXAMS
[34] Anonymous Marking of Final Examiniation at UCR Senate Executive
Committee Univ. Cape Town, UCT Administrative Document [On-
line]. Available: http://www.uct.ac.za/downloads/uct.ac.za/about/poli-
cies/anonymous_marking.pdf
[35] Exam Anonymity Univ. Winsor Student Committee [Online].
Available: http://cronus.uwindsor.ca/units/vpacademic/5yearplan/sc-
main.nsf/3feb40e0b3f9c0ea85256959004f19f6/2d700d00f1d793
01852573cc0053a6ac/$FILE/SC080117–5.2.pdf
[36] J. Simon, “Blatant cheating detected in an online examination,” in Proc.
2nd Asia-Pacific Educ. Integrity Conf., 2005.
Im Y. Jung received the B.S. degree in chemistry from Pohang University of
Science and Technology in 1993 and a second B.S. degree in computer science
from Seoul National University in 1999. She received the M.S. degree in com-
puter science and engineering also from Seoul National University in 2001.
349
From February 2001, she was a researcher for three years with the Electronics
and Telecommunications Research Institute (ETRI), South Korea. She is cur-
rently a Ph.D. degree candidate at Seoul National University. Her current re-
search interests include e-Science, Grid computing, distributed computing, se-
curity, large data management system, workflow system, and fault tolerance.
Heon Y. Yeom received the B.S. degree in computer science from Seoul Na-
tional University, Seoul, Korea, in 1984 and the M.S. and Ph.D. degrees in com-
puter science from Texas A&M University, College Station, in 1986 and 1992,
respectively.
From 1986 to 1990, he was with Texas Transportation Institute as a Systems
Analyst and from 1992 to 1993, he was with Samsung Data Systems as a Re-
search Scientist. He joined the Department of Computer Science, Seoul Na-
tional University, in 1993, where he currently is a Professor and teaches and
conducts research on distributed systems, multimedia systems, and transaction
processing.