An Attack-Defense Tree on e-Exam System

Authors

  • Yusep Rosmansyah Bandung Institute of Technology, School of Electrical Engineering and Informatics
  • Mora Hertanto Ritonga National Cyber and Crypto Agency
  • Ariq Bani Hardi National Cyber and Crypto Agency

DOI:

https://doi.org/10.3991/ijet.v14i23.11088

Keywords:

e-exam, attack-defense tree, penetration testing

Abstract


The electronic-examination (e-exam) system is not only transforming the paper-based examination to the electronic-based examination. The e-exam system has a big security challenge that must be resolved to guarantee the trust of its users. This paper aims at analyzing security challenges of an e-exam system and proposing a solution using Attack and Defense Tree methods. The attack tree scheme was defined by risk assessment methods. The attack tree was evaluated by penetration test experiments against a server running the e-exam application. A proposed defense tree scheme against the identified attack tree was presented as the main contribution of this research. This contribution can be used as a guideline to plan similar e-exam systems and can be served as a starting point for future research towards a comprehensive attack-defense tree of the secure e-exam system.

Author Biographies

Yusep Rosmansyah, Bandung Institute of Technology, School of Electrical Engineering and Informatics

Yusep Rosmansyah received a B.S. degree from Bandung Institute of Technology, Indonesia, and both the M.S. and Ph.D. degrees from the University of Surrey, UK. He has been a researcher and faculty member at the School of Electrical Engineering and Informatics, Bandung Institute of Technology, Indonesia. His current research interest includes mobile learning technologies and cybersecurity.

Mora Hertanto Ritonga, National Cyber and Crypto Agency

Mora Hertanto Ritonga is a master’s student at the School of Electrical Engineering and Informatics, Bandung Institute of Technology, Indonesia. He received a scholarship from the National Cyber and Crypto Agency. His research interest includes cybersecurity and e-learning (mora.hertanto@bssn.go.id)

Ariq Bani Hardi, National Cyber and Crypto Agency

Ariq Bani Hardi is a master’s student at the School of Electrical Engineering and Informatics, Bandung Institute of Technology, Indonesia. He received a scholarship from the National Cyber and Crypto Agency. His main research interests are related to the design and development of security of the mobile application, cybersecurity, and applied cryptography (ariq.bani@bssn.go.id).

Downloads

Published

2019-12-06

How to Cite

Rosmansyah, Y., Ritonga, M. H., & Hardi, A. B. (2019). An Attack-Defense Tree on e-Exam System. International Journal of Emerging Technologies in Learning (iJET), 14(23), pp. 251–260. https://doi.org/10.3991/ijet.v14i23.11088

Issue

Vol. 14 No. 23 (2019)

Section

Short Papers