An Efficient Approach for Exchanging

—In some e-learning and blended-learning institutions, such as the Saudi Electronic University (SEU) in Saudi Arabia, prior to the students under-taking exams, the exam questions are distributed to and shared among faculty members. This is done by email which poses a high security risk. Hence, using email for the exchange of confidential files such as exams in learning institutions can cause the issues of latency, human error, and related security concerns. Therefore, this paper presents a system to secure the digital content of exam questions and their transmission in e-learning institutions, enabling the control of access to content with suitable management features for security, auditing, and archiving using leading technology solutions for content management and security. The results of our simulation showed that the proposed sys-tem provides a faster and more secure access to and exchange of exams be-tween the instructors and the college and the campus supervisor. Moreover, our system reduces the likelihood that there will be errors in exams and subsequent delay.


Introduction
This is a proposal for the design and implementation of a module that can be used in colleges and universities to secure and share sensitive content related to exams and questions used frequently in these environments. In universities, it has now become an increasingly common practice for exam questions to be exchanged and shared among instructors so that each can have his/her own copy prior to the commencement of the exam. Even though this might ensure that the questions will not be jeopardized in simple form, when one considers all the modern techniques and penetration tools available, in addition to the human error factor, there is a strong possibility that the content might be exposed to high risks [1,17].
Our intention was to present a solution that would enable faculty members to exchange the contents of exams in a secure manner. Additionally, our proposed system features a workflow engine, auditing, and archiving features, which should make this solution an appropriate tool for controlling the transmission of documents and content in SEU. To realize this solution and its benefits, we utilized cloud computing. Cloud

Objective
Our proposed system is intended to secure the digital content of exam questions and its transmission within the e-learning and blended-learning institutions, enabling the control of content access by means of appropriate management features for security, auditing, and archiving using leading technology solutions for content management and security.
The implementation of our system should provide significant business value for faculties and authorized users. The value includes the secure exchange of digital exam contents, auditing and archiving capabilities, easy availability, fast access to content, and customization of multiple workflows. Due to lack of time, for this study we tested the auditing, archiving capabilities, easy availability and fast access of the exams compared with the traditional method of exchange that has been used in SEU. In future work, the security feature will be improved to include authentication and verification.
Our state-of-the art content management solution uses modern market technologies with N-tier design and architecture. The deliverable will consist of a secure repository with business components and user interface. In addition, an embedded workflow engine and security modules add vital features that will make the system usable, convenient and user-friendly.

Problem Setup
In some e-learning institutions (such as SEU), exam questions are sent to and shared among faculty members, just prior to the start of an exam session. The process begins with the subject coordinator calling for and collecting suggested questions and answers from lecturers at a number of campuses throughout the Kingdom. These are consolidated and used to produce a final or master version of the exam, which is sent ! Paper-An Efficient Approach for Exchanging Exam Contents in E-Learning Institutions to all lecturers just prior (3-4 hours earlier) to the commencement of the exam. This transmission and sharing is done via email, and sometimes via public personal emails.
The practice of sharing such sensitive data via emails exposes confidential content to high risk, including data leakage. In order to highlight the major risks associated with the sharing of files and data via email and other file sharing solutions, below we present a comprehensive analysis of various file-sharing solutions.
Employees tend to share files and documents by the easier and most convenient means [5]. Although there are plenty of choices and alternatives, the increasing number of experts in hacking and cybercrimes makes it very challenging to use most of the available solutions to share documents securely. Figure 1 shows most of the causes of data breaches in today's various types of businesses [6]. Figure 2 shows the percentage of organizations in terms of the different tools used for file sharing; it is evident that data sharing and the transfer of files is mostly done via email [7].  iJET -Vol. 12, No. 11, 2017 ! Paper-An Efficient Approach for Exchanging Exam Contents in E-Learning Institutions Employees mostly use one or more of the following when sharing business documents with others: • Email file sharing • Peer-2-Peer file sharing • Free cloud storage services • Flash drives Next, we discuss the risks and pitfalls of email file sharing and flash drive vulnerabilities.

Email vulnerabilities
Emails are not usually designed to be secure, and one of the most dangerous and risky practices by employees is to use personal emails to send and receive sensitive data [8]. Some of the reasons why employees might use emails and personal emails for the sharing of data are: • It is a faster and easier way to upload and download contents [8,9].
• Personal email has greater inbox capacity than does business email, allowing larger attachments [8,10]. • Employees want to have access to their files even after leaving the organization [11].
The use of email to transmit documents within SEU might pose many risks, including the human error factor, which is one of the most significant risks in using email. For example, a user might inadvertently send a document to a list of recipients that might include a wrong address due to a typo, or send an incorrect attachment that has sensitive and classified information, or reply to the wrong recipients. Depending on the nature of the data being sent, this may lead to a severe breach of data security. In the case of SEU, an entire copy of a final exam might be leaked and acquired by an unauthorized entity without this being noticed. Another problem with using email is the large number of emails that may be sent to a user's email inbox, which increases the likelihood that the lecturer or intended recipient might miss or overlook a vital email regarding exam contents. We can add to these issues the use of public emails which are not controlled by SEU system administrators, and the nature of data breaches there are unknown. Other risks associated with email are the possibility that an intermediate email server administrator will read the correspondence, and that intruders with network sniffing tools will access the contents [6,12].

Flash drive vulnerabilities
As an easy tool for transferring data, USB flash drives are being widely used by the public. In our scenario, the use of USB flash drives presents threats that are not much different from the known cases. The flash drives are considered to be an easy and common means of data security breaching, because they can be easily lost or picked ! Paper-An Efficient Approach for Exchanging Exam Contents in E-Learning Institutions up by anyone. In addition, USB drives are a well-known means of spreading malicious software and viruses, especially when shared between multiple devices [6].
From the previous discussion, it is evident that there are various situations when an organization's interests are jeopardized by the actions of its employees. When the employees take the initiative to use their own solutions to exchange sensitive data, and in our case study of SEU this is the exchange of exam questions, data security breaches are to be expected. Without proper control, it is difficult to control the contents and apply filters. Also, securing data and auditing usage is a major challenge. Table 1 shows the results of a survey conducted by IPSWITCH [13]. According to IPSWITCH, more than half of IT managers cannot monitor file and data transfer within their organizations.

E-Exam Management Systems
In the following, we discuss three previous proposals for the sharing and securing of examinations.
• A Secure E-Exam Management System [14]: This is an attempt to deliver a system that is used to examine students without being physically available on site. The solution addressed requirements needed to implement a trusted E-Exam system. The requirements are authenticity, privacy, correction, secrecy, receipt, and copy detection. The system is designed to be secure, using PKI with a secure schema and three players' roles student, teacher and manager. Even though the proposal is perfect, and we can benefit from its security ideas, it is not appropriate for our purposes. This is because our aim is to secure the sharing of exam questions and papers among "teachers", not to examine the users. Another reason is the lack of information about the infrastructure needed and the implementation design.! • Software System for Secure Computer Aided Exams [15]: This is a good and interesting proposal for creating a computer laboratory exam system that secures the exam submission and answer collection process. The proposed design and solution is server/client-based and uses a variety of standard industry solutions to secure implementations like database, firewall, and FTP. We can adopt several good ideas from this proposal, but it cannot be used in our case here for the same reasons that we gave for the aforementioned system. This is not a system for connecting "teachers or lecturers"; moreover, the computing technologies used are not the most current.! !

Paper-An Efficient Approach for Exchanging Exam Contents in E-Learning Institutions
• Secure and Flexible Global File Sharing [11]: An interesting proposal for building and designing a "Distributed Credential File System" (DisCFS) that uses trust management credentials to identify the files being stored and shared, users who will access the files, and the conditions under which file access is allowed. The implementation allows "Administrators" to define users and their access, and "delegate" file access authorizations to "users". The system is designed to be scalable, but it lacks the encryption mechanism to encrypt files on disk. Overall, the system design is good, but what we are looking for is a better mechanism that uses predefined workflows, enhanced security, identity management, and utilization of modern computing solutions such as cloud.

Recent Progress: FSS and Hybrid ECM
In this section, we discuss recent solutions and technology used to share content in organizations and enterprises: File Sync and Share (FSS) and Hybrid Enterprise Content Management Hybrid ECM [16,17] The need for sharing documents without going through the hassle of using email communication has increased, especially with the high use of mobile devices and web solutions [17]. The appearance of cloud storage on the market has encouraged this trend and currently we have many solutions offering file sharing at minimal cost and overriding the size restrictions of email attachments.
With FSS, users can utilize sync clients on their desktops and mobile devices that can work offline and synchronize changes and updates later. This can be seen as a customized content management system within an organization's specific network, which can be managed by an internal IT team that can control access to content. Another version of this is the cloud FSS which is managed by users themselves and give them full flexibility to manage the content and replaces some legacy technologies such as FTP [17,18]. But as FSS has some disadvantages and drawbacks, one of the major problems of this solution is that sharing sensitive information over the public FSS will bypass all the counter-measures applied to prevent leaking and to secure sensitive data. In the case of private LAN solutions, even though the access control measures are applied, there is still no such mechanism to provide the content with an approval workflow and meta-data management infrastructure that makes it valuable for data mining and big-data projects [16,18] Enterprise File Sync and Share (EFSS) addressed some of these challenges enabling systems to be designed that secure cloud and mobile contents. EFSS offers several features such as: • Notifications and Approval Workflows • Content Sharing • On-device previewing and editing • Local synchronization for offline access • Saved search !

Paper-An Efficient Approach for Exchanging Exam Contents in E-Learning Institutions
But one of the things that prevents the EFSS from being an optimal solution for content management is the lack of meta-data management, policies, and advanced access control. ECM introduced the power of information management and governance capabilities, but still lacks some of the interesting feature of FSS. Therefore, there was a need to combine the best features of each in one package, Hybrid-ECM solution [17].
Hybrid-ECM combines the good things from both FSS and ECM. This solution support many use cases that makes it beneficial for originations, here are some [16,17]: Ad hoc Collaboration: this is actually what makes FSS necessary: it is easy to use and share, it supports mobile devices, and keeps contents secure and controlled.
Externalizing Enterprise Content: This will overcome one of the major problems of sharing contents outside organizations [16]. In FSS, users need to move content outside ECM and copy it to the cloud before having it accessible from outside. This has two serious problems. First, it is time consuming. And second, the break of the "link" between original content and the copied one makes it un-updatable and lose the "context". With the Hybrid-ECM, the time issue is resolved, and both context and access control are retained. Now , what we are interested for IS a solution that is Hybrid-ECM like but with more customized security and access control that fit our needs as a secure exams exchange solution [17,18].
Our proposed system includes: •

Methodology
It is anticipated that our proposed solution will enable faculty members in SEU to transmit and share exam questions quickly and securely. We designed and implemented a module or a system that uses a secure repository to store content, and a workflow engine to take the initial draft through a path of approvals and defining of recipients. The solution also includes a security shell and logic to control access, monitor usage, and audit the activities.
To implement the solution, we used a modern web-based interface that is userfriendly to allow efficient interaction with authorized users. A modern web-based interface provides responsiveness for users to use the proposed system. A modern interface gives a system clarity, concision, familiarity, efficiency and consistency. We chose cloud computing as the most appropriate means of arriving at and implementing our solution because its advantages for business outweigh its disadvantages. The in-iJET -Vol. 12, No. 11, 2017 ! Paper-An Efficient Approach for Exchanging Exam Contents in E-Learning Institutions troduction of cloud computing services has greatly benefitted today's businesses. The following are some of the advantages and benefits of utilizing cloud computing services [3]: 1. Cost efficiency compared to desktop applications and in-house IT applications. 2. Availability of storage whenever needed. 3. Backup and recovery for maximum protection and availability. 4. Automatic software integration. 5. Easy access to the information and applications in cloud from anywhere. 6. Easy and quick deployment, extending and scaling the solution. 7. As mentioned previously, we utilized the cloud's Infrastructure as a Service (IaaS) component. This gave us greater flexibility to run the system using our choice of hardware. Initially, we intended to build our proposed system using Platform as a Service (PaaS). However, due to time and financial constraints, we used IaaS but intend to extend our future work to include PaaS in the future. By using cloud services to host the application, we took advantage of the high-availability, security, manageability and continuity of service provided by the cloud provider.
The solution will include: 1. Secure data repository 2. Workflow engine 3. Security management components 4. User-interface 5. Cloud-to-host The proposed system is comprised of three parts. The first is Qch which stands for question of chapters, which is the process whereby questions are exchanged and shared between the various instructors/teachers in one unit. For example, a database unit is taught by many instructors in many campuses. The unit's coordinator assigns to each instructor in a different campus the task of preparing questions for a certain unit. This part of the system facilitates the exchange of chapter-based questions be-tween the instructors at different locations and the unit's coordinator. This process is repeated until the coordinator has received the final exam versions. Figure 4 illustrates the Qch process.
Second is the FeTc, which stands for final exams to college coordinator, which is the process for sending the final exams from the unit coordinators to the college coordinator. This process is repeated until the coordinator has received the final exam versions. Figure 5 illustrates the FeTc process.
Third is the FeTcs, which stands for final exams to campus supervisor, which is the system's access point through which the campus supervisor can download the exams. This process in our case study (SEU) becomes available only three hours before the exams. This is when the campus supervisor can log in to the system and access the exams on a specific day and time in order to download. Note that each campus might have different exams. Figure 6 illustrates the FeTcs process.

Paper-An Efficient Approach for Exchanging Exam Contents in E-Learning Institutions
The proposed architecture is illustrated in Figure 7. Note that a log-in verification code is required for more security, and the file is encrypted inside the cloud.
Example: When the exam is available, contributors can upload draft versions to be reviewed by reviewer (Qch case). After uploading the drafts, reviewers can download draft versions and later compile and upload an amended exam version. After being marked as 'Reviewed', the next step is for the exam to be 'Approved' (FeTc case). Approvers use a dedicated interface to list exams pending in their workflow. An exam will keep moving through the workflow until no more approves exist and it will be available for downloading. Figure 8 illustrates the workflow of the platform (development and deployment).
Authorized users such as the campus supervisor can use the exam ACL (Access Control Lists) to log in and download the exam given the fact that the exam schedule allow exam access by comparing download time to open and share time (FeTcs case). This will guarantee that the downloader can obtain his copy only within the allowed time window. Figure 9 shows an example of the campus supervisor window.

Evaluation
In this section, we present the initial results of our simulation in SEU. Here, we present only the first results based on the exams that were available. We conducted this experiment in April and May of 2017 using the exams file of the previous midterm exams. The data were provided by the campus supervisor. The main aim at this stage was to test the time that it would take to extract exams using our proposed system, and compare it with the time taken using the traditional email method. We began by running the simulation of our system to test the Qch for five units of the IT college. We tested the FeTc using ten units, and then the FeTcs with one exam day (eight units). The proposed development and deployment platform consisted of: Oracle Forms 11g Developer, Oracle Forms 11g services, Oracle Weblogic 10.3.5, Oracle Database 11gR2. In future, we propose to conduct a full trial of our system by applying it to exams for over 120 units in SEU. Moreover, we will test the security features of the system.
First we tested the Qch. This evaluation was conducted for five units and we compared the traditional method with the Qch methodology. Figure 10 presents the results for two units. It is clear that the Qch methodology can extract the exams for all chapter-based questions much faster than by using the traditional email method.
Second, we tested the FeTc. This evaluation focused on 10 units. Figure 11 presents the results which show that the FeTc is faster for the three units and seven units from different colleges compared with the traditional method. As shown in Figure 11, the proposed system can reduce the execution time by more than 70%. Thus, we argue that with many exam units, the difference will be more significant.
Third, we tested the FeTcs. This evaluation also focused on one light exam day (8 units). Figure 12 presents the results which show that the FeTcs is significantly faster compared with the traditional method. The reason is that FeTcs allows the campus ! supervisor to have faster and more secure access to all exams during the specified time. However, the traditional method forces the campus supervisor to search for each unit that is received from different colleges which causes many delays and is prone to error and confusion.

Findings
Several findings emerged from our simulation.: First, it is clear that the proposed system will significantly decrease the time taken to exchange exams. For example, the Qch system, whereby exam sections are exchanged between teachers and units coordinators, reduces by up to seven times the time that it takes for the exchange by the traditional email method which is currently being used in SEU.
Furthermore, we tested the FeTc, using 10 units from various colleges, and found that it can reduce the execution time by more than 70%. Based on this, we conclude that the difference will be even more significant with a larger number of exam units.
We also applied the FeTcs to eight units on one exam day. In this simulation, we found that the FeTcs is significantly faster compared with the traditional method. The FeTcs allows the campus supervisor to have faster and more secure access to all exams compared with the traditional time consuming method, whereby the campus supervisor received the exams from each college individually. Moreover, the traditional methods actually have two important drawbacks. The first is the human error factor demonstrated when, on one mid-term exam day, two errors were discovered in exams prior to their distribution, causing a delay and necessitating a rescheduling of exam time. However, with the FeTcs system, the human error factor has been significantly reduced. Second, the system allows the campus supervisor to download the exams only during the open window time which increases the reliability of the system to deliver the exams during the allowed time based on the university system. This will greatly reduce the likelihood that exams will be leaked.

Paper-An Efficient Approach for Exchanging Exam Contents in E-Learning Institutions
This work has several limitations. First, the only security feature is the ACL. To ensure that the correct user has the right of access, a verification method should be implemented. An SMS/Email or token verification should be included in the security feature. Moreover, an authentication step should be included to confirm that the exam paper has been delivered to the right recipient.

Conclusion
In this paper, we propose an integrated system for the fast and secure transmission of exams in e-learning institutions. The proposed system is comprised of three parts. First, Qch is the system used to send the question(s) to various instructors/teachers in one unit. Second is the FeTc, which is the system for sending the final exams from the unit coordinators to the college coordinator. Third is the FeTcs, which is the system that allows the campus supervisor to download the exams. We used SEU in Saudi Arabia as our case study for this research. The implementation of our system in SEU has shown promising and significant results compared with the traditional system. The proposed system is faster and more secure. Moreover, it safeguards against human error that can occur when email is the formal method used to transmit confidential data such as exams in e-learning/blended-learning institutions.
This work can be extended in several directions. First, as mentioned, a more comprehensive trial of our system involving the exams for over 120 units in SEU would give us the opportunity to identify any shortcomings in the system. Moreover, the security of the system could be enhanced by including many features in addition to the ACL. The verification and authentication of the user should be included in order to guarantee the secure exchange of exams between colleges and campuses.