58

Suppose a student takes an exam at home. Since home-exams are prone to cheating, the student wants to be able to prove that he/she did not cheat. So the student puts cameras in the room, which videotape the room during the entire exam. Now, if the student is blamed for cheating (e.g. because his/her exam is similar to another exam), then he can show the video and prove that he did, indeed, write the exam by his own, did not leave the room during the exam, did not use unallowed materials, etc.

The only problem is that video can be edited. Theoretically, the student can exit the room, talk with a friend about the exam, then get back into the room, and after the fact, use a video editing software to erase the relevant part.

Is there a way to take a video and simultaneously sign it digitally, so that it will be possible to verify later that the video was not edited? (Is there maybe a software that does this?)

Erel Segal-Halevi
  • 1,105
  • 2
  • 9
  • 11
  • 23
    Why not just stream the video out to a trusted external server? – Polynomial Jan 09 '21 at 21:59
  • 21
    Even with a live stream there would be still plenty of ways to cheat as the video cam can not make a 360 degree picture and thus has a limited view. Consider a beamer that projects a cheat sheet onto the wall not visible by the cam. Or small in-ear headphones -typical cam quality is way too low to identify such gadgets. – Robert Jan 09 '21 at 23:03
  • Related: https://security.stackexchange.com/questions/101292/proving-an-action-was-done-at-an-exact-time-a-posteriori – mti2935 Jan 10 '21 at 00:06
  • 10
    Coming up with a general way to prove there was no foul play tends to be problematic, because it goes something like this: "It is not manipulated because X." Someone finds a way to manipulate a video that takes X into account. "It is not manipulated because Y." Someone finds a way to manipulate a video that takes Y into account. "It is not manipulated because Z." And so on. In general you're only proving that is *was* manipulated, or you assume it's fine. – NotThatGuy Jan 10 '21 at 14:23
  • 3
    You should probably add "real-time" to the title, as that's what your question, and most of the answers, seems to be about. Just generally checking whether a video was manipulated is a huge topic by itself and likely beyond the scope of this site (and having a video recorded either before or after the fact would be problematic for your use case, even though it may not have been manipulated). – NotThatGuy Jan 10 '21 at 14:28
  • For livestreaming, you could just run it through a program with video I/O, e.g. [OBS with OBS-as-webcam plugin](https://streamshark.io/blog/using-obs-as-a-virtual-webcam-on-windows-and-macos/). I'm pretty sure you could rename the device as well in case they somehow check for that. So unless they have hardware IDs that can link it to a physical webcam, live vs. recorded video is no guarantee whatsoever. I have used this on Zoom to tweak lighting, colour, etc. and select the virtual webcam as my Zoom camera source. – Luke Sawczak Jan 10 '21 at 21:45
  • 1
    In the movies, the bad guys always deal with this problem by playing back pre-recorded footage in place of the live stream. I imagine your student could do something similar, presenting a verifiably(?) unedited video of himself taking an exam, and then actually take the exam at a different time, without being monitored. – Jeremy Friesner Jan 11 '21 at 02:54
  • 4
    is it possible to make a reality that is provably not manipulated? ...... have you tried just trusting your students? – Mike D. Jan 11 '21 at 05:07
  • 2
    @JeremyFriesner The exams with livestreaming are proctored and the proctor can at any time talk to student or request them to do something if they suspect foul play. But of course that doesn't prevent us from putting the student in front of the computer and having someone else actually complete the test using second display, mouse and keyboard. – Jakub Kania Jan 11 '21 at 07:12
  • There is one piece of sh^Moftware called Respondus Monitor and it helps to avoid cheating. But determined people manage to get around it. – akostadinov Jan 11 '21 at 10:22
  • 2
    In an era when a 9-year old can convincingly Reface your face onto a Disney princess? On a telephone? We live in interesting times... – user_1818839 Jan 11 '21 at 13:17
  • Relevant: [How Relevant is the Turing Test in the Age of Sophisbots?](https://arxiv.org/abs/1909.00056) (appears in IEEE Security & Privacy Volume: 17, Issue: 6, Nov.-Dec. 2019). (It's a Bad Title because everyone couldn't care less about the Turing Test but everyone is interested in whether what one is looking at or talking to is fake mechanism) – David Tonhofer Jan 12 '21 at 12:07
  • @MikeD. in all truthfulness, I've got to ask what reality you're living in. – RonJohn Jan 12 '21 at 20:04
  • Question might be, why not make a video recording of the room, and then make a "webcam" that instead of taking pictures simply plays that recording. – Willem Van Onsem Jan 12 '21 at 22:50
  • @RonJohn because I don't believe our perception of reality is unalterable (let alone exactly the same for everyone anyway) or because I think you could just trust your students? Actually, you probably shouldn't answer that. We're off-topic anyway... (though I think trusting your students *is* cheaper and easier but whatevs...) – Mike D. Jan 13 '21 at 06:00
  • Though there's nothing wrong about setting up an environment during which it is difficult to cheat, I find the premise of proving not cheating unethical. You have to prove (if) they cheated, not otherwise. – Yaroslav Mytkalyk May 14 '21 at 12:07
  • Blockchain, tagging the video with encrypted original location and time that cannot be altered. – vonlost May 21 '21 at 03:31

12 Answers12

47

Trusted Timestamping

I think, if you continue down this line of thinking, you will end up with something very similar to Trusted Timestamping Servers.

The core idea of trusted timestamping is that you submit a file to the server and it signs an attestation saying that it saw the file with hash aabbcc112233 at time X. This is typically used for both proving the initial publication time (and who published it), as well as proving that the file has not been modified since.

You need the trusted 3rd party because if the end-user creating the video is the same person signing it, then there's nothing stopping them from re-signing it after they edit it.


Why not just save the video stream on the server?

That said, I don't think you really need any fancy crypto here; the simplest solution is probably best. Have the student live-stream their cameras to an exam-monitoring website. The website logs the video stream in its database as it comes in, and it can detect and alert if the live stream had any breaks or disruptions long enough for manual editing to potentially have taken place.


Create a blockchain of the video stream

Update addressing comments.

Ah, you have the extra privacy requirement that students do not want their video stored on 3rd party servers (that should have been in the question!).

In that case, what makes this problem hard is that you can't wait until the end of the exam and publish a single hash for the entire video because that gives the student too much time to edit a middle section of the video. The solution that comes to mind would be some kind of hash-block-chaining (not "The Blockchain (Bitcoin)" but "a blockchain"). Either the sender or receiver breaks the video stream into, for example, 10 s "blocks", hash each block as they are produced/recieved, and stream the hash for each block along with the video in real-time. You do "block-chaining" by including in each block the hash of the previous block. In math notation:

h_0 = hash(videoblock_0)
h_1 = hash(videoblock_1 || h_0)
...
h_n = hash(videoblock_n || h_n-1)

This preserves privacy because the server only needs to store the hashes and not the video itself. This is streaming-friendly because you are producing hashes throughout the stream and each hash covers the entire stream up to that point. This is efficient because the server only needs to store the most recent hash (h_n), and that is enough to later verify if a provided video was tampered with at any point in the stream (though to detect where it was tampered you would need to save every block hash).

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
  • 3
    +1. As I was reading the question, the idea of provable timestamping was the first thing that came to mind. For timestamping without relying on a trusted third party, take a hash of the video, and store the hash in a bitcoin transaction. – mti2935 Jan 09 '21 at 21:50
  • The students here do not like the fact that their video is kept in a third-party server. But the idea of storing the hash in a bitcoin transaction sounds very interesting. – Erel Segal-Halevi Jan 09 '21 at 22:41
  • @ErelSegal-Halevi I updated my answer to include the new information you provided in comments. – Mike Ounsworth Jan 09 '21 at 23:22
  • 46
    One possible way to cheat here would be that the student prerecords a video and streams that video (or its hashes) instead of a realtime video. – nobody Jan 10 '21 at 08:14
  • 16
    This would be a proof that the video existed at a specific time. However, it doesn't prove the video wasn't recorded beforehand and just published or streamed at that time. – Esa Jokinen Jan 10 '21 at 08:40
  • 18
    The video presumably includes the exam that the student is writing. As such the content of the video is proof that it has not been pre-registered, unless the student had access to the exam questions ahead of time, in which case the entire point of the video is moot. This proof can only be exhibited by publishing the *content* of the video rather than its hashes, but the question specified such a scenario in case of suspicion of cheating anyway, so this must be considered acceptable. – Annonymus Jan 10 '21 at 12:23
  • 21
    In theory, the video could be edited in real-time. With a modified webcam driver, I could press a button and replace the real image with a pre-recorded one of me sitting at a table, blending the two so that they merge without a visible cut. – Federico Poloni Jan 10 '21 at 13:59
  • 1
    @nobody That's not possible if the recording requirements are properly thought through. The OP's scenario involves (among other things) the ability to prove to the examiner that you wrote the exam yourself. In order to achieve that the camera needs to be angled such that at a minimum the exam is legible on the screen. Otherwise the cheater could be doing something unrelated while an accomplice is in another room doing the exam for him. With that assumption a pre-recording is impossible because the exam content would not be known in advance. – Jon Bentley Jan 10 '21 at 20:22
  • 15
    If the student is in a security, crypto or some general IT class, I would leave them time to edit and resend stream, I mean that deserves an A at college level. – blankip Jan 10 '21 at 23:37
  • @JonBentley See [reed's answer](https://security.stackexchange.com/a/243134/235964) below. The video could, at least in theory, be modified in real time to include the screen with the exam. Also as reed's answer points out, cheating at exams is possible even with a genuine video. Never underestimate the creativity of students determined to cheat. – nobody Jan 11 '21 at 08:27
  • 2
    While everything can be manipulated with sufficient effort, it seems this idea makes it much harrder. Thanks! – Erel Segal-Halevi Jan 11 '21 at 08:46
  • @nobody Yes, and I agree, but those are separate points. I was responding specifically to the idea of prerecording. – Jon Bentley Jan 11 '21 at 09:46
  • 12
    [Relevant XKCD](https://xkcd.com/2385/) – svavil Jan 11 '21 at 19:06
  • The streamed video could include a unique code being generated every five minutes from central server. e.g. Verifying when the recording occurred. – paulj Jan 11 '21 at 21:09
  • 1
    @FedericoPoloni, ...modified webcam driver? Why bother, when there's no shortage of off-the-shelf equipment that'll read HDMI input and present as a webcam? – Charles Duffy Jan 12 '21 at 00:08
  • 10 seconds of frames should be hashed only when the recorder is done writing frames into a file because what camera captures is always different from what is encoded in video format. – defalt Jan 12 '21 at 19:17
  • The problem of pre-recorded video is simple to solve: At the start of the exam a code is distributed to all students, which they have to clearly show to all cameras. Combined with the attestation (by Blockchain or other means) you now prevent pre-recording as well as (post-) editing – Joseph Tanenbaum May 21 '21 at 09:45
38

Before you get to the "video" part of the question, you should know that a video does not guarantee fool proof honesty.

There was a student who surgically implanted an earphone to cheat. There's also invisible ink, bluetooth pens, watch hacks etc. Do a bunch of internet searches for how students cheat.

I wouldn't recommend using video as proof at all. A human invigilator has to be physically present to ensure cheating does not happen. Institutions could either re-think how students are seated or protected from infections when writing exams in institutions or perhaps re-evaluate the way the education system tests students. I've personally found the test/exam system to be fundamentally flawed, in the way it makes people memorize information and regurgitate it out instead of being designed to help the student understand and appreciate what they are learning and how it'd be useful to them in the world.

Now for the video part, an elaborately created deepfake could allow somebody else to write the exam. There are claims of using AI to spot cheating by checking even writing style, but there's a long way to go before it can be foolproof. Recent advances ref1, ref2, ref3.

Julia
  • 497
  • 3
  • 5
  • 7
    -1 In most situations getting surgery to cheat on an exam is unrealistic. Also a human invigilator wouldn't be better at stopping these forms of cheating. – northerner Jan 10 '21 at 19:30
  • 6
    Or bone-transmitting speaker and FM receiver [built into a pen](https://hackaday.com/2015/02/08/turning-an-ordinary-pen-into-a-covert-radio-receiver/)... – ThoriumBR Jan 11 '21 at 01:22
  • @FedericoPoloni: Fixed it. Thanks. – Julia Jan 11 '21 at 03:27
  • I highly doubt writing style is feasible, given how for example I have such an inconsistent writing style, it would probably not even recognize me as me. –  Jan 11 '21 at 15:20
  • 2
    @MechMK1 [Questioned document examination](https://en.wikipedia.org/wiki/Questioned_document_examination) would like a word with you. Even the most inconsistent writers have consistency at some level. If not in typography, then in spelling and grammar. – InDieTasten Jan 11 '21 at 15:41
  • @InDieTasten Spelling and grammar - absolutely. If you told several of my close friends the same story and asked to write down what happened, I would be fairly confident I'd be able to tell who wrote what, based on their mannerisms. I assumed "writing style" to mean quite literally how you write, not what you write. –  Jan 11 '21 at 16:09
  • @MechMK1 Actually some companies are using keyboard typing patterns to detect who is writing. – Sulthan May 16 '21 at 21:14
26

The actual answer is NO, unless you record the video with a device that signs the file with a key that can't be extracted from its hardware. In other words, your videos should be signed by the camera's hardware, which will guarantee the recordings are truly the original ones. Otherwise the files could always have been manipulated by someone or something external, even in real time.

All the other answers are very interesting, but they all have one major flaw: they suppose the video file you provide is genuine, but it's actually your file so you are still in control of whatever you are recording and providing. Between the camera and the upload, anything could happen. A small lag could be added to the video, or it could be slowed down, or looped, etc., even by someone else in real time while you are taking the exam. Actually, if you really want an easier way to cheat, you can just focus on the audio part: it's easier to manipulate the audio in real time (muting the room's channel, mixing white noise or ambient sounds, etc.) to allow someone else to talk to you and help you. When you sign the video with the audio track it's too late, because the result has already been manipulated (gone through a mixer, etc.).

That's why the file must be signed by the device itself: if exam-video.mp4 was signed by Nikon on 2021-01-10 09:01:15, then you can be sure that's the original file recorded by the camera. Note that if the camera didn't detect the difference between the internal mic (original sound) and an external mic (potentially manipulated channel) then you would still have the "audio vulnerability" even in signed files. I actually don't know how such cameras work, all I know is that they do exist, and in the past some were even hacked (someone managed to extract the crypto keys from the camera's hardware).

As a final note, remember that "manipulating videos" and "cheating on online exams" are separate issues. Students can cheat even if they record and provide genuine videos of themselves taking the exam.

reed
  • 15,398
  • 6
  • 43
  • 64
  • 7
    Best answer here. Just a minor caveat, the camera's hardware would have to be tamper-resistant too, for it to be as near to foolproof as possible. – nobody Jan 10 '21 at 14:45
  • 11
    A camera with built in video-signing can still be fooled; simply point the camera at a TV screen playing your manipulated video. – mjt Jan 11 '21 at 09:54
  • 1
    Also it needs a verified source of time. Otherwise you could record the video before/after the exam. I don't think anything is technically viable unless you add a privacy destroying surveillance system – JensV Jan 11 '21 at 09:56
  • 2
    @mjt this can actually be mitigated by starting the call in a short human interaction where the student needs to respond to random requests from the other side [like this](https://fully-verified.com/video-identification-explained/) – Rsf Jan 11 '21 at 10:13
  • @nobody tamper-evident would be enough, and easier to achieve. – blackboxlogic Jan 11 '21 at 14:13
  • @blackboxlogic Unless someone physically visits and checks for signs of tampering, tamper-evident would be useless :) – nobody Jan 11 '21 at 14:22
  • e.g. Canon provide an add-on device for their cameras to digitally sign photos for forensic use; not sure if it works on videos, but I'd assume so. – Dan W Jan 12 '21 at 11:00
  • @Rsf ... And this can be fooled by using that TV screen thing, but directing it to your actual self in the same space as the prerecorded setup until the human interaction is over, at which point you blend the feed from realtime to prerecorded/manipulated, and use manipulated from then on – Delioth Jan 12 '21 at 20:58
  • @Delioth possible, but the synchronization of the blending won't be trivial so it's not easily detectable by humans – Rsf Jan 13 '21 at 09:05
7

No, sending/retrieving/verifying a tamper-resistant cameras that could deliver the level of confidence wanted here is prohibitively expensive and still cannot reveal non-visually-obvious augmentations.

Though some companies are happy to sell video analysing software that by design cannot possibly work as advised - any trick investigating a video from unknown sources can be circumvented, even on a live low-latency feed, given enough computing power & effort. (This also means any scheme trying to prove a video was not edited after a certain time is useless, as it is not ruling out it was edited shortly before that time).

There is, however, a more fundamental problem that is even further away from being efficiently solvable: The whole idea of trying to assess a student outside a controlled environment implies a certain regularity of events outside the students control that can cast some doubt on fair play anyway: Imagine one out of 100 students loses electric lighting during the assessment. Two have to pause to deal with a possible emergency down the hallway. One camera malfunction and two computer malfunction later, the whole testing environment just is not reliable enough to even bother disqualifying students with irregularities.

I am afraid (happy) we will have to go back to the super old school way of eliminating ways in which students can gain unfair advantages by using what is & should always be available to them. Which may cost more in designing clever methods of assessment, but at least that money is invested towards students learning, rather than camera manufacturers.

anx
  • 178
  • 4
3

Ultimately, you're asking about trusting an untrusted subject, using untrusted hardware and software, located in an untrusted environment. That's not a recipe for success.

Ron Trunk
  • 627
  • 3
  • 6
  • Or you introduce a trusted 3rd party ... – schroeder Jan 11 '21 at 14:50
  • 1
    @schroeder The third party has to control all the environment and equipment. Essentially, you're talking about a testing center like Pearson or Prometric. – Ron Trunk Jan 11 '21 at 14:55
  • 1
    Nothing real in this universe can be proven. There is only a degree of certainty that can be had about the likelihood of an observation to be observed again. That's why the US legal system is based on reasonable doubt and hence why it requires an arbitrator, +1. – Mazura Jan 13 '21 at 00:29
3

You actually have 2 questions, and I don't know.which is the "real" one:

  1. "Is there a way to take a video and simultaneously sign it digitally, so that it will be possible to verify later that the video was not edited? (Is there maybe a software that does this?)"

  2. Is there a way the student or.university can use a camera or authenticated video to prove no.cheating.

The first asks technologically can a video be validated as "true" or at least unmodified. The second asks socially if cheating can be proven or disproven for either party's comfort (possibly using such a technological means).

Short answer is,:

  1. A video or other file can be validated as unaltered, at least until encryption advances, that's how digital security works.

  2. But that's useless because it assumes the original before digital signing was validated. What will you do? Use trusted encryption and a verified/encrypted pathway? At worst I play games with the camera, or even in theory the light entering the sensor - its just a sensor, it can be fooled as to what's going on, and its output has to be interpreted by humans who also can be fooled. Ask any conjurer. Or I find ways to cheat it can't detect. Are you sure your camera will highlight if my identical supergenius twin with stick-on matching fingerprints, retina matching lenses, and a faked sample of my DNA took the paper? Or a hundred other loopholes, ranging from realistic to.far-fetched sci-fi. Other answers touch on these.

  3. If you go for social solutions, such as China might - every person chipped, CCTV everywhere, that raises the barrier.

Really that's all you can do in security. Raise the barrier. Almost never eliminate it.

Stilez
  • 1,664
  • 8
  • 13
3

The surveillance industry developed a standard for defining a way to get a video from the camera while having at the same time the proof that it was not manipulated, so that it cannot be rejected in trials.

The result is the so called ONVIF Export File Format, which has been also evaluated and, I think, adopted by NIST.

2

What about having a projector in the student's room that projects a number on to a wall that is visible to the camera. That projector is fed via a secure stream to the university server. The number changes every 5 seconds in a cryptographic random sequence.

thostenor
  • 29
  • 1
  • This might be feasible if it was a small number of students, but I doubt this would work for a whole university. If the university has to buy and send projectors to every single student's house ... that would be very expensive. – numbermaniac Jan 12 '21 at 08:43
  • 1
    To pass this check, the student can still have a cheat sheet open, they just need software that pauses the recording while the sheet is open, and the sheet needs to hide for 1 frame (1/30th of a second) every 5 seconds so it can capture the new numbers. – Luc Jan 12 '21 at 14:28
2

You have to start with hardware you trust. This hardware has a difficult to breach trusted core chip. In that trusted core chip, it has a secret cryptographic signing module.

Each component in turn has a slightly less secure identity that it validates with the core chip, and the entire system refuses to work if they aren't all valid and running valid firmware and software.

Next you produce a series of trusted timestamp tokens that include the crytographically secure hashes of the video segments in a blockchain.

Each token is signed by a 3rd party trusted timestamp server, and includes the hash of the previous token plus a hash of the current segment of video.

PreviousToken: HASH_TEXT
CurrentBlob: HASH_TEXT
Timestamp: XXX GMT
TrustedTimestampSignature: BLAH BLAH BLAH

They transmit

PreviousToken: HASH_TEXT
CurrentBlob: HASH_TEXT

to the trusted server, who responds with

PreviousToken: HASH_TEXT
CurrentBlob: HASH_TEXT
Timestamp: XXX GMT
TrustedTimestampSignature: BLAH BLAH BLAH

and this resulting token is guaranteed to have been produced prior to the time written there by the 3rd party timestamp server.

The above is then signed by the trusted hardware

PreviousToken: HASH_TEXT
CurrentBlob: HASH_TEXT
Timestamp: XXX GMT
TrustedTimestampSignature: BLAH BLAH BLAH
Latency: ZZZ nanoseconds
MaxLatency: YYY nanoseconds
HardwareFailures: QQQ
TrustedHardwareSignature: BLAH BLAH BLAH

where the trusted hardware promises that the video blob was produced by the video hardware within a certain number of nanoseconds of the timestamp from the 3rd party server being placed on it.

Then the hardware and software proceeds to record the next segment, which in turn uses a hash of the above to link it to the previous segment.

When you are all done, you transmit one token to the proctor:

PreviousToken: HASH_TEXT
CurrentBlob: HASH_TEXT
Timestamp: XXX GMT
TrustedTimestampSignature: BLAH BLAH BLAH
Latency: ZZZ nanoseconds
MaxLatency: YYY nanoseconds
HardwareFailures: QQQ
TrustedHardwareSignature: BLAH BLAH BLAH

From this, you cannot get the video the student produced.

But if the student produces that video later, plus the tokens that where not transmitted, the proctor can prove that the video provided was recorded during the exam, was continuous, and was from trusted hardware.

I included enough information in my token that if a technical problem happened (there was a network outage that was long enough to make the security not work, for example), the proctor can determine that this happened from the metadata.

So if someone tries to cheat by inducing networking errors or hardware failures, this shows up before investigation for cheating from other evidence. And if there is such a failure, they can get the student to do another exam and ignore the contents of the failed one, without even looking for other signs of cheating, based on whatever criteria they choose.

Alternatively, your system could just treat any hardware failures, or communication latency beyond a certain value, as a refusal to continue to sign the tokens.

Yakk
  • 499
  • 2
  • 7
  • This is still defeated by a TV screen in front of the secure camera setup – Delioth Jan 12 '21 at 21:08
  • @Delioth That is one good TV! (or crappy signal) Note it is also defeated by someone else who looks exactly like you doing the test. You won't be able to slide the TV in front of the live video, so the entire video would have to be done on the TV. – Yakk Jan 12 '21 at 21:29
1

In CCTV systems there is a method called Watermark. Watermark is a digital signature and when talking in the CCTV area, usually a word or a sentence which would be present in the recorded video.

It is possible to see digital watermark that confirms authenticity and integrity of signal holder and shows owner’s identity using a software which is provided by the manufacturer of the CCTV system.

Taking Dahua devices for example, on the next screenshot you can see how one can configure watermark string.

enter image description here

Now, when recorded video data is edited, when checking the Watermark string with the appropriate software, watermark would be false and that would be the proof.

Mark
  • 111
  • 2
0

Here's one Idea: At the end of the exam when the student submits the answers ask him to also submit a hash (md5sum, sha etc.) Of the video recording itself.

Assuming you put a time limit say 5 mins within which he must submit the hash any editing he does after that on the recording will change the hash.

Should be pretty low overhead to impliment. Maybe set up a Google form to upload the hash.

On the other hand the biggest challange I have faced is more physical: how do you ensure that the video cameras even if multiple have a 100% coverage? What if the student sets up something eg a display beyond the field of view to cheat.

curious_cat
  • 1,013
  • 1
  • 11
  • 18
  • 2
    The problem here is that the student is not limited by that 5 minute windows, because the decision to gain an unintended advantage was made before the exam even started. The video editing is pre-set before the exam starts, and the challenge to fill the hash is only exactly as annoying for our unexpected top-performer as it is for everyone else. – anx Jan 10 '21 at 21:41
  • @anx Not sure I understand. The editing will have to be done either after or at best during the exam right? – curious_cat Jan 11 '21 at 06:49
  • The simplest trick I can imagine is the student preconfiguring the camera to output 90 minutes of video but only including 80 minutes of actual recording, leaving about 10 minutes for unauthorized tools. Even this super low effort approach is not immediately obvious from the correctly hashed (albeit lower frame rate) output. – anx Jan 11 '21 at 19:22
  • If this was done for every student at a university for example, asking them all to submit a hash would be pretty difficult. Many of them might not even know what a hash is, nor how to compute one - especially if what they are studying is not in an IT-related field. – numbermaniac Jan 12 '21 at 08:41
-1

I propose a more tactical solution than technical.

We need to juxtapose video of the User with that of realtime verifier to ensure user and verifier always go hand in hand. This would ensure user is not the sole creator of all parts of the video.

University streams a video of say random long codes changing at regular intervals. This streaming starts with exam and ends with exam at predefined time or when user requests for one. University records all the codes and timestamp in their servers for verification. Let's call this verifier stream or video

This verifier video is live streamed or recorded along with User activities. Now there are two components of the video : one owned by user and another owned by university.

This unified video is now used to validate if user uploaded an unedited video. ASCII codes are rather easy for ocr to detect. In case quality or orientation of video is an issue, a test run could be performed before real test to ensure everything works good.

Initial verification of user that its human and not some recorded agent could be performed like we use captcha today. User is asked to perform certain activities in realtime which reasonably only a human could perform (say gestures, or speak certain answers). Once the user is verified, it can start with the exam.

In case user already has the problem statement and its not a surprise test (where problems are shared at the start of exam), a user maybe asked to write down some realtime generated codes which are tied to timestamps .

sbharti
  • 99
  • 1