Remote Management of Face-to-Face Written Authenticated Though Anonymous Exams

Authentication and anonymity are inherently difficult to combine. In case of face-to-face, written, university exams or public competitions, the candidates should be authenticated to prevent exchange of person, but the written exams they produce should be anonymous during the marking to ensure fairness of the marking. Complications rise still when the entire exam management should take place remotely, that is via the Internet, thus involving remote publication of marks and remote consultation/acceptance of those marks. This management would be useful, for example, also for the final, face-to-face, written exam concluding lectures delivered via electronic learning techniques. To our knowledge, no software currently exists beside ours to support this delicate combination of authentication and anonymity along with other typical exam preparation utilities. WATA2.0 (Bella et al., 2009) supports the management of Written Authenticated Though Anonymous exams non-remotely, that is by having WATA2.0 run locally on the examiner's computer. Upgrading the system towards remote management turns out far from trivial because novel though fundamental security threats arise. These have required much more than SSL-secured connections to a remoteWATA server: a complete redesign. In particular, the identity of a candidate is no longer matched to a written exam through identical barcodes but, rather, through barcodes that decrypt via exclusive-OR to the candidate's details. The new system, WATA3.0, is currently used at the University of Catania, and the migration from the previous version has been seamless. The innovative design of WATA3.0, its user experience, interface and implementation are presented.