A Secure Examination System with Multi-Mode Input on the Web Alex Shafarenko Dept Computer Science University of Hertfordshire

Challenges of automated examination Authentication and security – Assurance of personal identity –Tamper-free data connection Prevention of Plagiarism and of Solution by Imitation – Multi-form input: text, diagrams, math, etc, –Concealment of question pattern via random presentation

Challenges of automated examination Assessment automation –Graded assessment of answers –Adaptive grading of complexity Flexibility –Random selection from a large question base –Self-steering

Authentication and Security: Web-supported techniques Password protection inadequate –standard password-protection schemes are used for access prevention, not authentication(no password - no access, but if you have one, you can be anybody) –relies on password owner keeping it secret –password owner should not benefit from divulging password

Examination candidates –require authentication, not access restriction (can see all content, but have to be a particular person to submit answers) –may tell their password to a colleague and benefit from it Authentication by certificate –Involves responding to a code challenge –Similar to password protection, except cannot be eavesdropped on –Still vulnerable to voluntary disclosure

Authentication of human subjects Unix workstations

Secure the browser

Examination Procedure Before session: Invigilator logs in to server, obtains session code Invigilator enters session code to his/her w/station Candidate list with auth. codes is produced Invigilator logs in to each w/station special "candidate" account is logged in log-in script starts browser with o/lay windows short-cuts and external access is disabled browser displays intial dialog screen Session starts Candidates enter the room in any order when a w/station is free Each candidates presents an ID and gets the auth. code He or she proceeds to a free w/station Enters name and auth. code initial dialog screen communicates login data to server server checks and then invalidates auth. code server uploads the exam paper candidate enters his or her answers session terminates, candidate leaves browser displays initial dialog

Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Xxx xxxxx xxxx xxxx xxxx xxxxxx xxx Structure of the test Web page answer applets “submit” applet Timer applet

Communication solution text-base interface

Multi-choice examination method: decision space Selection choice n out of m ; yes/no … Semantic choice Choose the right answer out of all possible English sentences Structural choice Choose the right answer out of all possible clusters of building blocks S y n t h e t i c v i e w Build your answer by selection of n blocks out of m into a set Build your answer by putting building blocks into a structure Build your answer by putting building blocks into a semantic entity

Formula input applet

Graph input applet

Other issues Test page scripting –extended HTML with choice and randomisation directives –language for specifying correct answers and assessment procedures –adaptive testing

Conclusions Secure exam system is developed and evaluated on a large group of students Java “security” issues and lack of exam- relevant security have been overcome Needs XML support for exam database Needs GUI for exam paper preparation