Navigating Security in the Changing Landscape of Exam Delivery
The landscape of exam delivery has changed drastically over the last several years, largely in part due to the COVID-19 pandemic. While many of these changes were unavoidable, the fast-paced nature of this evolution forced assessment programs and providers to make tough decisions — with little to no precedent.
While in-center testing has resumed, remote testing has become widely adopted post-COVID. Examinees now expect remote exam delivery options, and there is substantial pressure on exam providers to meet these needs. It may seem obvious that a remotely delivered exam is inherently less secure. Still, this transition has introduced new and unprecedented security challenges that require a multi-layered approach.
Remote exam delivery moved the testing environment from a controlled testing center with professional administrators to anywhere with a computer and working internet connection. This move also put the examinee in control of the testing environment, multiplying the security risks associated with testing. There is no one-size-fits-all solution to security, and each test sponsor must evaluate what is suitable for their program. This article explores a few of the most prominent security challenges in the remote testing environment and looks ahead toward new ones emerging on the horizon.
Three Major Test Security Risks — and Potential Solutions
The first step toward determining how to respond to security challenges is understanding the various known attack vectors used today. Security in a remote testing environment is typically handled through one or more cameras to monitor the examinee, a lockdown browser to prevent unauthorized access to other computer applications and a human proctor to monitor the examinee and environment, which can either be in real time or reviewed afterwards. To successfully cheat, bad actors must take all three into consideration.
The camera monitors the examinee’s environment but can only capture what is in the frame. An examinee can attempt to work around this by strategically placing mobile devices outside the camera’s view to access information. A common approach is to place a mobile device or cheat sheet directly in front of the monitor itself. For example, if you put a sticky note on your monitor, the camera on your device would not be able to detect the paper. Additionally, the examinee’s eyes would appear to be looking at the test content.
Another approach, which involves more preparation, is the use of a virtual camera. A virtual camera can be used to stream the examinee’s video to a device being used by a proxy tester, allowing for the proxy tester to appear as if they are the examinee and work around some of the restrictions of the lockdown browser. A virtual camera could also be used to playback pre-recorded video of the examinee, making the examinee appear attentive to the proctor even though they may be actively using a mobile device to look up an answer. The virtual camera software can even allow the examinee to toggle back and forth quickly between the two to handle any live questions the proctor may ask. Using a lockdown browser to block virtual cameras and requiring a secondary camera to provide a different angle of the testing environment and the examinee can help greatly reduce the threat of this attack vector.
The remote environment also makes it difficult to detect hidden cameras that could be installed on the examinee or in the room, which could lead to content leaks. Room scans can help, but there is no foolproof way to prevent this.
Lockdown Browser Bypassing
Before the pandemic, lockdown browsers benefitted from the secure nature of testing centers. The primary risk they had to maneuver in those environments was the network administrators and proctors who had access to them. Bad actors were always a possibility, but exposure to them was more limited.
Using a virtual machine (VM), a computer within a computer, is the most well-known form of overcoming a lockdown browser. Imagine taking your taskbar, desktop and all your applications and running them inside a window or application. You could move that window around your monitor while launching applications from your main desktop. Next, imagine an examinee accessing the exam in the lockdown browser inside that virtual machine. It doesn’t matter how secure the lockdown browser is at that point; the examinee can do whatever they want on their desktop without the lockdown browser having any knowledge. Even if the screen was being recorded, the recording would only capture what was happening inside the VM window. The detection in this area has improved across the board in recent years, but the risk will always remain.
Another common form of cheating the lockdown browser is through proxy testing. Proxy testing is when a third party helps provide answers or even takes the entire exam for the examinee. Proxy testing typically involves the examinee needing to share their screen with or granting device control to a third party. You may be thinking, “Shouldn’t the lockdown browser prevent that from happening?” Ideally, that would be true, but there are always ways around this. The most straightforward workaround is to use an HDMI splitter and run cables from the testing device into another room, allowing the screen to be duplicated. There are some things a lockdown browser can do to detect something like this, but nothing absolute. Implementing a room scan can help mitigate this specific scenario.
Human Proctor Blind Spots
There are several different ways a human proctor can be involved in the remote session. In a live-proctored scenario, human proctors will be responsible for both the check-in and monitoring of the examinee. This does not need to be the same person. In a record and review model, the check-in process will be automated, and the session will be recorded. Human proctors will then review the videos later and look for any instances of cheating. Hybrid models can also be used. For example, there could be a live check-in and a recorded testing session that is reviewed later, or there could be an automated check-in process and a testing session that is monitored by proctors in real time.
The primary concern with this aspect of security is determining the most effective examinee to proctor ratio. The highest level of security in a real-time proctored scenario would be a one-to-one ratio between the proctor and the examinee, however, that is unrealistic. As the number of examinees assigned to a proctor increases, the greater the impact will be when one of those examinees starts exhibiting signs of cheating. Instead of keeping an eye on all examinees, the proctor will be required to focus all their attention and possibly perform real-time intervention on a suspicious examinee. There are a couple of approaches to handle this scenario. Artificial intelligence (AI) assistance tools such as alerts on unexpected sounds, items and people in the room can allow a proctor to simultaneously monitor multiple candidates while still maintaining a certain level of quality. Also, having a secondary proctor who can be assigned the problematic examinees can allow the primary proctor to focus on the larger number of examinees without degrading the quality of the monitoring.
Looking Ahead: Emerging Security Risks
Going forward, we will begin to see two areas gain momentum as cheating strategies: generative AI and software manipulation.
Generative AI is a major recent disrupter of the assessment industry in general. From a cheating standpoint, one of the biggest advantages of generative AI is its ability to provide proxy testing without the proxy tester. In the past, examinees inclined to cheat may have been turned off to the idea of a proxy tester because it would require interacting with an unknown and untrustworthy person, and then allowing that person to install software on your machine. With generative AI, the proxy tester is now a chatbot, which makes for a much less risky endeavor for a potential cheater, who only needs to purchase a piece of software to make the chatbot available while the lockdown browser is running. Generative AI will also reduce the barrier of entry for bad actors looking to develop cheating software, both by providing code examples and reviews and optimizations.
This approach aims to beat the lockdown browser’s security to open the door for proxy testers to connect to the device or allow the user to access unauthorized applications using malicious code. All applications run on an operating system and use interfaces to do what they need to do. What if the examinee manipulates the operating system? Can the lockdown browser suspend or hide a process the operating system doesn’t even know is running? The answer is yes, but only if the lockdown browser knows it might encounter those attacks.
One might think, “If an examinee can cheat at this level of complexity, they are smart enough to pass the exam anyway, and we shouldn’t be that concerned.” However, while it may take somebody with knowledge, time and determination to perform an attack like this, what if that person decided to productize their attack and sell it for profit? They can take something complicated and reduce it to the click of a button for somebody else to use. A complicated exploit soon becomes something easily attainable for the masses. If you look hard enough, you can currently find this type of software for sale.
Do the Risks Outweigh the Benefits?
Remote testing still does not secure an exam as well as test centers because the examinee maintains control of the testing environment. However, there are benefits that cannot be ignored. Attacks take time and a certain level of technical knowledge to create, so there must be a payoff for a cheater that justifies the risk and effort. Having a security-conscious vendor will help to prevent and identify bad actors. Security is also not limited to the areas discussed, and a comprehensive review of exam security should be a regular process within any organization.
There are also tradeoffs between security and user experience — the challenge is finding the right balance. Security should be seen as a series of layers. If an attack gets past one layer, other layers should be in place to try and stop it. For example, an examinee could put a cheat sheet on their display to avoid being detected by the human proctor watching through the device’s camera. An additional security layer that could detect this would be requiring a second camera that remains pointed at the user’s hands and workspace. Keep in mind that while more layers make you more secure, they can also create new operational challenges. Introducing a second camera requires additional guidelines for camera positioning and opens up certain scenarios where examinees will be incorrectly blocked or flagged. A good vendor will be able to find a balance between security and user experience that meets your needs.
Examinees will also be less likely to cheat if there are penalties that effectively eliminate them professionally from the area of study. As a test provider looking to do remote delivery, you must ask yourself whether you trust your examinees. What level of inconvenience are you willing to introduce to ensure the security of your content? What are the payoffs to somebody who wants to cheat? What are the impacts if your content is found on an item harvesting site or web forum? Answers to these questions will be unique to the testing program and should shape the layered approach to security.