Security is one of the main problems in Web-based assessment systems, particularly in guaranteeing the non-repudiation of test submissions. The authors have developed EVAWEB, a Web-based assessment sys tem that addresses this issue by using digital signatures. Moreover, the use of this technology in EVAWEB provides a real context to students for learning how digital signatures work. This article focuses on the enhancements that have been incorporated into EVAWEB in order to develop an improved second version of the system.
TopIntroduction
Security and privacy issues stand as some of the main problems of existing e-learning systems (Chan, Leung, & Li, 2003; Warren & Hutchinson, 2003). Particularly, online assessment has been largely debated because of difficulties with properly authenticating students and making their submissions nonrepudiable. Non-repudiation is defined by the International Organization for Standardization (ISO) as the security property that provides protection against false denial of having been involved in a communication (ISO/IEC 7498-2, 1988). Non-repudiation of submitting and receiving a test is a desirable property in online assessment. This property is usually provided by logs in most known e-learning systems such as WebCT or Blackboard. Although digital signatures provide non-repudiation security servicesnon-repudiation security services (ISO/IEC 13888-3, 1997; Zhou, 2001), these systems do not include this technology yet.
On the other hand, the understanding of digital signatures is crucial for students in information technologies and, to some extent, also for the general public as electronic signatures have been given legal recognition recently in several countries. Traditionally, computer security curricula of undergraduate computer engineering programs include laboratory sessions that allow students to learn digital signature technology in practice using tools such as PGP and OpenSSL. As in many study areas, the student learning process can be enhanced if learning by doing in context is used instead of making the students solve a set of naïve academic exercises (Hsu & Backhouse, 2002).
The authors have developed EVAWEB (González-Tablas, Wouters, & Ramos, 2004; González-Tablas, Wouters, Ramos, & Ribagorda, 2007), a Web-based assessment system that focuses on non-repudiation requirements through the use of digital signatures. Furthermore, EVAWEB enhances the students’ learning of digital signatures by providing them a real context to practice this technology. It has been developed in the context of an innovative education experience for the teaching of security in information technologies at higher education levels. The students learn the concepts involved in digital signatures, using them in their own assessment process. It is important to note that EVAWEB does not intend to be used in real distant education but in proctored environments. The higher security required for nonproctored exams would need stronger authentication solutions.
The evaluation of EVAWEB by some students of Universidad Carlos III de Madrid has turned out as an above-average success, but, at the same time, results highlighted the need for improvements in the system (González-Tablas et al., 2007). In this article, the enhancements that have been incorporated into EVAWEB in order to obtain a second version of the system arepresented.Theimprovementsaremainlyfocusedonarchitecture,functionality,portability, interface, database, and security aspects.
The remainder of the article is organized as follows. First, previous work is reviewed. Second, the functionalities and architecture of EVAWEB Version 1 (v1) are described. Then, the enhancements that have been incorporated into EVAWEB are shown. Finally, the conclusions and future work are exposed.