Secure Online Examination System for e-learning

1Jegatha Deborah L 2Karthika R 3Vijayakumar P

Department of Computer Science Department of Computer Science Department of Computer Science

Engineering, Engineering, Engineering,
University College of Engineering University College of Engineering University College of Engineering
Tindivanam, Tindivanam, Tindivanam,
Tindivanam, Tamilnadu, India. Tindivanam, Tamilnadu, India. Tindivanam, Tamilnadu, India.
blessedjeny@gmail.com karti.rn@gmail.com vijibond2000@gmail.com

4Bharat S. Rawal 5Yong Wang

Information Sciences and Technology, Department of Computer Science and Mathematics,

Pennsylvania State University, Abington, Alcorn State University Lorman,
PA 19046, USA MS 39096, USA
bsr@psu.edu wangyong_75252 @yahoo.com

Abstract—As advancements in information and throughout the exam. Rather dynamic security policy must be
communication technology increases rapidly in our day to day life, enforced for conducting the e-exams if the student writes the
the e-learning system has gained more attention in the educational exam through the device such as a mobile/tablet.
institutions. Many educational institutions try to progress from
pen-paper examination to online examination for many reasons, If the student wants to write the exam, then the
including personalized environment, secured system, and accurate authentication of the student must be ensured. Previous works
evaluation. This research work focuses on a simple scheme for [6] have suggested QR-code based authentication, in which the
mutual authentication between the student and the server and student will be given an access stamp to write the exams. The
secure delivery of question paper from the server. The access stamp is generated by the server, which consists of
experimental results shown in this research work are based on a student details such as registration number, subject name, seat
set of survey questions given for students and instructors. The no, hall no, etc. The exam access stamp is generated for each
results are promising towards the use of the proposed system student by the following steps.
during the examination
1. The server generates the private key and public key
Keywords— e-learning, online examination, mutual using the RSA algorithm. The private key is used for
authentication signing the QR-code access stamp, and the public key
is used to verify the signature.
I. INTRODUCTION 2. For each student, the server produces an exam access
In the present era, e-learning has witnessed tremendous stamp with the above said student details.
growth in many educational institutions and organizations. The 3. The SHA-1 algorithm is applied to the access stamp to
main advantage of e-learning is that it can reach to all categories get the message digest which is the hashed value of the
of people in which the age, place or time to learn the contents is exam access stamp.
not a barrier [1]. The most prominent tool of this e-learning 4. The private key is used to sign the message digest.
system is the Learning Management System (LMS). The LMS 5. Now the signed message digest is used to generate the
is used by many educational institutions and organizations QR-code.
which served as a platform to access the e-learning contents [2].
In e-learning scenario, the learners can decide on the device such The student's device will be installed with the exam
as mobile/tablet/laptop to use for learning the contents. Since the software, and he enters his user name and password into the
information can be accessed from any place, the security of an software to write the exam. When the student enters the exam
e-learning system is of primary concern [3], [4], [5]. Once the hall, the invigilator will distribute the QR-code based exam
learners have learned the contents, they must be assessed by access stamp. After collecting the exam access stamp, the
conducting exams. Hence, for accessing the performance of the student scans the QR-code based exam access stamp with the
learner, exam plays a prominent role in an e-learning system. help of the device camera which he has to write the exam. But
The traditional method of e-exam needs dedicated the drawback of this approach is, many universities consist of
examination centers along with computers for conducting the many blocks and each block may have many floors. In turn, each
exams. Moreover, to provide security measures during the exam, floor may have a large number of rooms. The student needs to
security policies need to be framed for conducting the exam. locate his exam hall correctly to collect the exam access stamp
Here, the students use the configured system setup for writing during the examination time. But finding the exact location of
their exam, which uses the security policy that never changes the exam hall will be a tedious process, and hence the student

XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE

will find it difficult to locate his exam hall for collecting the proof of cheating. This system thus prevents malpractice during
exam access stamp. the examination without the help of a proctor. This system
eliminates the need for a proctor to monitor the examination and
The next approach is NFC-based authentication strategy [6] hence, prevents the students from attempting to exchange
. Each student will be given NFC-enabled identity card which information. Monitoring of images of every student by the
stores the student information such as registration number, proctor is not feasible. It causes overloading of network and
name, etc. in its encrypted form using the private key. All the storage issues.
exam halls will have an NFC-card reader, so when a student
enters the exam hall, he swipes his card in the device. The server Yair Levy et al. [13] developed a system which makes use
checks the student information stored in the database for of biometrics to verify the identity of the student. It focuses on
completing the authentication. The limitation of this approach is the use of fingerprint for authentication. The student logins into
that the students may give his NFC- enabled identity card to the system after scanning his fingerprint in the fingerprint
another person in order to write the exam instead of him. scanner. This system overcomes the security issues regarding
authentication using biometrics in addition to the traditional
To avoid this, previous works [7], [8], [9] have suggested password system. But, it requires integration and additional
face recognition for authenticating the students during the online hardware.
examination. But the major drawback of face recognition is the
computational complexity of the algorithms. Hence, to ensure Jordi Herrera-Joancomart´I et al. [14] proposed a system
student authentication during the online examination process, where the examination is conducted in a mobile laboratory
we propose the following objectives in our research work. where dedicated mobile devices connected through wireless
networks are used for attending the exam. This system provides
 Automatic verification of students’ identity by the flexibility to the examination system without compromising the
server. security. This system requires a dedicated mobile laboratory
 To develop a simple authentication dialogue for the which increases the cost of the system and is also difficult to
process of completing the authentication to be done obtain in all organizations.
mutually between the student and the server.
 Secure distribution and collection of question papers III. PROPOSED WORK
and answers respectively. The proposed work consists of three phases, namely
Registration phase, Authentication phase, and Online
The rest of the paper is organized as follows. Section 2 addresses examination phase. The registration phase is used for allowing
the survey of the related works. Section 3 discusses the proposed each student to complete the registration process for getting a
work. Section 4 gives the experimental analysis, and the final user name, password and unique secret key for each student. In
section 5 gives the conclusion of the work and future the authentication phase, the students are allowed to complete
enhancements. the mutual authentication process in order to participate in the
online examination system. During the online examination
II. RELATED WORKS phase, students are getting a set of questions from the server, and
Andrea Huszti et al. [10] described a cryptographic scheme each student answers for the questions and submits it back to the
that possesses security requirements, such as authenticity, server. The flow of communication between the student and the
anonymity, secrecy, robustness, correctness without the server for mutual authentication is shown in Fig.1.
existence of a trusted third party. It is based on cryptographic A. Registration
primitives and generation of pseudonyms from the student’s
Each university/organization will have a registration center.
original master key. A pseudonym is a fake identity of the
The student who wants to write the exam must collect a QR-
student which is created to avoid teacher’s partiality on a student
code based hall ticket along with a device for participating in the
in evaluating their exam papers. The proposed protocol also
online exam system. In order to collect these two items, each
provides the student with a receipt and proof of a successful
student must contact the registration center in offline mode, and
submission. The master key should be kept secret by the student.
they receive these items. The QR-code base hall ticket contains
The loss of master key leaves him/her unable to attend the exam.
registration number, name, subject, device id, unique secret key,
Jordi Castella-Roca et al. [11] proposed a secure e-exam etc. as shown in Table 1.
management system where all exam related information is in TABLE 1. QR-CODE BASED HALL TICKET
digital format. A cryptographic scheme is proposed that has to
be executed in order to achieve the desired security levels at Registration Name Subject Device Unique Session
every exam stage. The manager is the central authority that Number id Secret key
controls the exams. It manages the exam questions, answers, Key
solutions, and grades. A system based on different cryptographic
protocols offers a high security level for all exam stages. It does
not provide any method to prevent malpractices. B. Authentication
During the authentication phase, the students scan the QR-
C.C.Ko et al. [12] proposed a system which uses the web code based hall ticket using the device received from the
camera to monitor the students and prevent the students from registration center. After scanning the QR-code, it fetches the
cheating during an examination. The system captures the images student id (Si), device id (Di) and the unique secret key (Ki)
of the student at regular intervals for monitoring and stores it as
from the QR-code and encrypts the {Si, Di} with the unique The encrypted question paper received by the students can
secret key (Ki) along with a Time Stamp (TS) as shown in be decrypted with the session key (Ks) which is known to the
equation (1). students. Now, the students will write their exams with the help
of the personalized and interactive device. The device is user
X= < EKi { Si, Di, TS1} || Si > (1) friendly and easy to use. The students can use the graphics
The server contains the database where a unique secret key feature to highlight their text and different colors for writing
(Ki) is maintained for each student as shown in Table 1. The their answers. This enhances the aesthetic view of the answers
server fetches this unique secret key (Ki) from the table and uses written by the student.
it to decrypt the message sent from the student side as shown in
equation (1). The decryption is done through the following The security policies need to be imposed to prevent the
equation misbehavior of the students while writing their exam. Once the
question paper is downloaded, the server disconnects the wifi by
DKi < EKi { Si, Di, TS1} || Si > (2) imposing specific security policies as discussed in [6]. This is
After decrypting the contents, the server compares the done to prevent the misbehavior of the students during the online
student id (Si) within the decrypted message with the student id exam. Now, the server and the student exchange the heartbeat
(Si) outside the message. If both the student id are same, then signal as shown in equation 6 to ensure that the student does not
the server generates a session key (Ks) and encrypts it using the violate the rules and misbehave during the exam. To exchange
unique secret key (Ki) and sends it to the student along with the heartbeat signal at a regular interval in the order of seconds,
server ID (IDs) and incremented Time Stamp (TS2) as shown in an agent program is running in the system given to each student.
the below equation (3). The heart beat signal is sent by the student system to show an “I-
Y= <EKi { Ks, TS2, IDs } || IDs> (3) am-alive” message to the server.
On receiving this message from the server, the student EKs {exchange heartbeat signals} (6)
performs decryption with respect to Ki, and it compares the After completing the exam, the answers submitted by the
incremented Time Stamp and server ID. Once the session key is student are encrypted with the session key and sends back to the
obtained successfully from the server, the student sends back the server as shown in equation (7).
acknowledgement by encrypting the timestamp (TS3) using the
session key as follows. EKs {submits the answers} (7)
Finally, when the answers are submitted, the session is
EKs {TS3} (4) closed, and the student logs out of the online examination
After completing this step, the simple mutual authentication system. To assess the performance of the students, ontology
process will be completed, which ensures the mutual generation is done for the answer keys given by the instructor
authentication between the server and the students. and the answers submitted by the student during the online
C. Online examination exam. Later, ontology alignment is done between the two
ontologies as explained in our previous work [15] to assess the
In this phase, once the mutual authentication is completed,
performance of the student. Based on this assessment, the true
the server encrypts the exam question paper using the session
evaluation will also be performed as discussed in our work [16].
key as given in equation (5).
EKs {Exam question paper} (5) IV. EXPERIMENTAL ANALYSIS
The encrypted question paper received by the students can To evaluate the experiments of the online examination
be decrypted with the session key (Ks) which is known to the system, survey questions were prepared separately for the
students. Now, the students will write their exams with the help students and the faculties. These questions were given to the 10
of the personalized and interactive device. The device is user instructors working in the Department of Computer Science and
friendly and easy to use. The students can use the graphics Engineering at University College of Engineering Tindivanam
feature to highlight their text and different colors for writing and 60 students those who are studying in the same department.
their answers. This enhances the aesthetic view of the answers The questions were measured on a five point scale, such as
written by the student. strongly disagree (1), Disagree (2), Neutral (3), Agree (4) and
strongly agree (5). The survey questions for the students and the
faculties were given in Table 2 and Table 3.
TABLE 2. SURVEY QUESTIONS FOR STUDENTS

Q. No Questions
1. I choose online exam rather than writing the exam
in the paper
2. I would be comfortable with the online exam
3. Performance assessment would be better using
online exam
4. The online exam prevents malpractice
5. The online exam gives us accurate valuation results
Fig. 1. Mutual authentication during the online examination
 TABLE 3. SURVEY QUESTIONS FOR INSTRUCTORS network policies in the system to prevent the malpractice by the
Q. Questions students during the online examination.
No REFERENCES
1. I choose to conduct online exam rather than
allowing the students to write the exam in the [1] Abdallah Moubayed, Mohammadnoor Injadat, Ali Bou Nassif, Hanan
paper Lutfiyya, and Abdallah Shami, “E-Learning: Challenges and Research
Opportunities Using Machine Learning & Data Analytics,” IEEE Access,
2. An online exam would be useful to minimize the Vol. 6, pp. 39117-39138, August 2018.
time [2] S. Wexler, N. Grey, D. Miller, F. Nguyen, and A. Barnevelda,“Learning
3. Online exam enhances the evaluation of student management systems: The good, the bad, the ugly and the truth,” The E-
answers learning Guild Res. 360 Rep. on Learning Manage. Syst., May 2008.
[3] R. Raitman, L. Ngo, N. Augar, and W. Zhou, “Security in the online e-
4. The Online Examination system is easy to use learning environment,” in Proc. 5th IEEE Int. Conf. Adv. Learn., Jul.
2005, pp. 702–706.
5. Students will give positive feedback for the [4] E. Weipple and M. Ebner, “Security & privacy challenges in e-learning
online examination system 2.0,” in Proc. E-Learn., Nov. 2008, pp. 4001–4007.
[5] N. H. M. Alwi and I. S. Fan, “E-learning and information security
management,” Int. J. Digital Soc., vol. 1, no. 2, pp. 148–156, Jun.2010.
The feedback obtained from the survey questions is shown [6] M.Kaiiali, A.Ozkaya,andH.Atlun,H.Haddad,M.Alier, “Designing a
in Fig. 2 and Fig. 3 which depicts the positive attitude of the Secure Exam Management System (SEMS) for M-Learning
students and instructors for preferring the online examination Environments,” IEEE Transactions on Learning Technologies, Vol. 9, pp.
system when compared to pen-paper examination. 258-271, 2016.
[7] Z. Xu, T. Zhang, Y. Zeng, J. Wan, and W. Wu, “A secure mobile payment
framework based on face authentication,” in Proc. Int. MultiConf. Eng.
Comput. Scientists,Mar. 2015, pp. 495–501.
[8] S. Yi, I. Yoon, C. Oh, and Y. Yi, “Real-time integrated face detection and
Strongly agree recognition on embedded GPGPUs,” in Proc. IEEE 12th Symp.
Embedded Syst. Real-Time Multimedia, pp. 98– 107, Oct. 2014.
[9] G. Wang, Y. Xiong, J. Yun, and J. R. Cavallaro, “Accelerating computer
Agree vision algorithms using the openCL framework on the mobile GPU—A
case study,” in Proc. IEEE Int. Conf. Acoustics, Speech, Signal Process.,
May 2013, pp. 2629–2633.
Neutral [10] Andre Huszti and Attila Peths ,”A Secure Electronic Exam System,”
Pub.Math.Debrecen, vol. 77, pp. 299-312, Jun. 2010.
[11] Jordi Castilla-Roca, Jordi Herrera Joancomarti, and Aleix Dorca-Josa, “A
Disagree Secure E-Exam Management System,” Proceedings of the First
International Conference on Availability, Reliability and Security,2006.
[12] C.C.Ko and C.D.Chang,”Secure Internet Examination System based on
Video monitoring,” Internet Research: Electronic Networking
Applications and Policy, vol. 14, No. 1, pp. 48-61, 2004.
Fig. 2. Students’ feedback
[13] Y.Levy and M.M. Ramim ”A Theoretical Approach for Biometrics
Authentication of e-Exams,” American Journal of Educational
Research, Vol. 3, No. 10, 1224-1229, 2015.
Strongly agree
[14] Jodi Herrera- Joancomarti, Josep Prieto-Blazquez, Jordi Castella-Roca,
“A Secure Electronic Examination Protocol using Wireless Networks,”
Proceedings of the International Conference on Information Technology:
Agree Coding and Computing,2004.
[15] L.Jegatha Deborah, R.Karthika, S.Audithan, and B.Kiran Bala,
“Enhanced Expressivity using Deontic Logic and Reuse Measure of
Neutral Ontologies,” Eleventh International Conference on Data Mining and
Warehousing, ICDMW 2015 Proceedings of the Eleventh
International Conference on Data Mining and Warehousing in
Disagree Elsevier Procedia Computer Science, vol.54,pp 318-326, 2015.
[16] R.Karthika, L.Jegatha Deborah, P Vijayakumar,” Intelligent e-learning
System based on Fuzzy Logic”, Neural Computing and Applications,
Accepted for publication.
Fig. 3. Instructors’ feedback

V. CONCLUSION
This research work proposes a simple mutual authentication
dialogue to enable the students and the server for completing the
mutual authentication. Moreover, the online examination system
securely distributes and collects the question papers and answers
to the students and from the students respectively. The future
enhancement of this work can be done by imposing dynamic