BSSSQS: A Blockchain-Based Smart and Secured Scheme for Question Sharing in the Smart Education System

Abstract

In this study, we present a new scheme for smart education utilizing the concept of a blockchain for question sharing. A two-phase encryption technique for encrypting question papers (QSPs) is proposed. In the first phase, QSPs are encrypted using a timestamp, and in the second phase, previously encrypted QSPs are encrypted again using a timestamp, salt hash, and hash from the previous QSPs. These encrypted QSPs are stored in a blockchain along with a smart contract that helps the user to unlock the selected QSP. An algorithm is also proposed for selecting a QSP for the exam that randomly picks a QSP. Moreover, a timestamp-based lock is imposed on the scheme so that no one can decrypt the QSP before the allowed time. Security analysis is conducted to demonstrate the feasibility of the proposed scheme against different attacks. Finally, the effectiveness of the proposed scheme is demonstrated through implementation, and the superiority of the proposed scheme over existing schemes is proven through a comparative study based on different features.

Full text

J. lnf. Commun. Converg. Eng. 17(3): 174-184, Sep. 2019
Regular paper
174
Received
15 August 2019,
Revised
18 September 2019,
Accepted
18 September 2019
*
Corresponding Author
Soo Young Shin (E-mail: wdragon@kumoh.ac.kr, Tel: +82-54-478-7473)
Department of IT Convergence Engineering, Kumoh National Institute of Technology, Gumi 39177, Korea.
https://doi.org/10.6109/jicce.2019.17.3.174
print ISSN: 2234-8255 online ISSN: 2234-8883
This is an Open Access article distributed under the terms of the Creative Commons Attribution Non-Commercial License (http://creativecommons.org/licenses/by-
nc/3.0/) which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.
Copyright
ⓒ
The Korea Institute of Information and Communication Engineering
BSSSQS: A Blockchain-Based Smart and Secured Scheme for
Question Sharing in the Smart Education System
Anik Islam , Md Fazlul Kader , and Soo Young Shin
*
Department of IT Convergence Engineering, Kumoh National Institute of Technology, Gumi 39177, Korea
Abstract
In this study, we present a new scheme for smart education utilizing the concept of a blockchain for question sharing. A two-
phase encryption technique for encrypting question papers (QSPs) is proposed. In the first phase, QSPs are encrypted using a
timestamp, and in the second phase, previously encrypted QSPs are encrypted again using a timestamp, salt hash, and hash from
the previous QSPs. These encrypted QSPs are stored in a blockchain along with a smart contract that helps the user to unlock the
selected QSP. An algorithm is also proposed for selecting a QSP for the exam that randomly picks a QSP. Moreover, a
timestamp-based lock is imposed on the scheme so that no one can decrypt the QSP before the allowed time. Security analysis is
conducted to demonstrate the feasibility of the proposed scheme against different attacks. Finally, the effectiveness of the
proposed scheme is demonstrated through implementation, and the superiority of the proposed scheme over existing schemes is
proven through a comparative study based on different features.
Index Terms
:
Blockchain, Internet of Things, Security, Smart education
I. INTRODUCTION
Blockchain has brought a revolution in the realm of tech-
nology [1, 2] and has started to draw the interest of the
stakeholders of a wide span of industries including finance,
healthcare, and digital content distribution [3-8]. In blockchain,
when a transaction occurs in the network, the transaction has
to experience validation called a consensus mechanism, a
process where some of the participants reach a mutual agree-
ment in allowing that transaction [9]. Each block contains
the hash of the previous block because of which it is called a
blockchain [10]. In a blockchain, asymmetric cryptography
is adopted to issue transactions [11, 12]. Internet of Things
(IoT) has brought another revolution in the realm of technol-
ogy [13-16]. Recently, IoT has established its mark in the
education sector [17, 18]. Smart campuses, smart class-
rooms, digital content, and campus safety are some of the
results of IoT. However, IoT technology is facing security
risks. Entities in IoT need reliable and tamper-proof protec-
tion from attacks like denial-of-service. [19]. Blockchain can
mitigate this issue with its security infrastructure [20, 21].
Examination is an important part of education [22, 23].
However, there is a threat, named question paper leaking
(QPL), which can cause an unfairness issue during examina-
tions. Nowadays, QPL is a serious issue throughout the
world from university entrance examinations to public exam-
inations, and the situation is worse in developing countries
[24-27]. QPL can lead to some serious outcomes, such as
quality of education being compromised and erosion of ethi-
cal standards [27]. Some more cases have been previously
reported [28-47]. Although these cases [28-47] only cover
the QPL incidents that occurred in 2017, some countries face
this problem almost every year. Therefore, QPL occurs not
only within developing and underdeveloped countries but

BSSSQS: A Blockchain-Based Smart and Secured Scheme for Question Sharing in the Smart Education System
175
http://jicce.org
also in developed countries. In QPL incidents, along with the
students teachers and authorities can also be involved.
Therefore, a smart examination system needs to be devel-
oped that can share examination papers securely without the
concern of QPL. Moreover, social engineering, phishing etc.,
can loot anyone’s credentials to access data anytime. There-
fore, examination management systems need more than user
credential and random question selection. Question sharing
(QS) should be performed through a more robust system,
where user credential is less important. In this study, a
blockchain-based smart and secured QS scheme (termed as
BSSSQS) is proposed, a topic that has not been explored yet
to the best of our knowledge. The major contributions of this
study are as follows:
• The proposed scheme can increase the security of ques-
tions and provide seamless QS sharing.
• A two-phase encryption technique is proposed to provide
security for question papers (QSPs).
• A randomization algorithm is proposed for selecting
QSPs before the exam.
• The proposed scheme has been implemented, and the
performance of the system has been analyzed.
The remaining sections of this paper are organized as fol-
lows: a discussion on existing works is presented in Section
II. Section III illustrates the system model of BSSSQS. In
Section IV, different transactions of BSSSQS are discussed
in detail. A security analysis against different attacks is
demonstrated in Section V. Section VI represents a discus-
sion on performance analysis. Finally, Section VII draws the
conclusions from this study.
II. RELATED WORKS
To digitalize the examination system, different ideas have
been shared previously [48-54]. In [48], three models of web
examination system, such as B/S, C/S, and B/S combined
with C/S, are discussed. Another web-based examination
system was proposed for distant and formal education in
[49]. In [50], an online examination system for PE theory
courses was proposed, where every user uses a username and
password to access the portal. In [51], an online examination
system was proposed where MD5 encryption technique was
exploited for security. An examination management system
based on flat network was demonstrated by [52], which pro-
vides role-based security. In [53], a web-based examination
system was proposed and integrated with existing learning
management systems, whereas an online examination system
based on TCP/IP client-server architecture was proposed in
[54]. These systems mainly focus on system design and
overall management. However, they could not guarantee to
solve the QPL incidents.
III. PROPOSED BLOCKCHAIN-BASED SYSTEM
MODEL
We devised a blockchain-based QS scheme to make it
secure and smart, as shown in Fig. 1. Four major entities are
described in the subsections.
A. Question Setter (QUS)
In this entity, actors have to submit questions for the
exam. They have a deadline for submitting questions. They
can modify or delete questions before submitting. However,
once they submit the question, they cannot change the ques-
tions anymore.
B. Question Cloud (QC)
This entity involves initial management of questions. After
getting questions from the QUS, QC stores questions before
sending it to the next entity. In this entity, questions are
modified to prepare QSPs, where a QSP consists of a set of
questions. Then, the QSPs are handed over to the next entity.
This entity consists of seven modules. The functions of each
module are summarized as follows. Question cloud manager
(QCM): manages internal functionality; signature verifier
(SV): verifies signatures of the requester; format question
(FQ): formats and modifies the questions; question pool
(QNP): stores modified questions; question filter (QF): sorts
and makes sets; question queue (QQ): stores questions; and
database (DB): contains information like signature and course.
C. BSSSQS Master (BSSSQS
master
)
This entity holds the information of all the connected min-
ions (nodes) to which it sends QSPs. This entity also main-
tains communication with its minions through a blockchain
cloud. It also selects a QSP for the exam. Furthermore, this
Fig. 1.
System model of the proposed BSSSQS

J. lnf. Commun. Converg. Eng. 17(3): 174-184, Sep. 2019
https://doi.org/10.6109/jicce.2019.17.3.174
176
entity performs security mechanisms on QSPs. It comprises
thirteen modules. The functions of each module are summa-
rized here. Question queue (QNQ): stores QSPs temporarily;
BSSSQS master manager (BMM): manages internal func-
tionality; timestamp (TS): converts date to timestamp; ques-
tion set (QS): organizes QSPs based on the course list; salt
engine (SE): generates random data; data encryptor (DE):
encrypts QSPs; encryption factory (EF): encrypts QSPs; hash
generator (HG): generates hash of QSPs; contract generator
(CG): generates a smart contract; database (DB): stores data
of QSPs; guffy bot (GB): monitors internal tasks; question
picker (QP): selects a QSP; and exclusion pool (EP): stores
illegal QSPs.
D. BSSSQS Minion (BSSSQS
minion
)
This entity contains processed QSPs in the blockchain. No
one can access QSPs without experiencing smart contract,
timestamp verification, etc. This entity consists of eight modules.
The functions of each module are as follows: BSSSQS minion
manager (BMNM): manages internal functionality; blockchain
(BC): blockchain-based storage; minion bot (MB): monitors
internal activity; smart contract manager (SCM): handles
authorization requests and decrypts QSPs; database (DB):
contains decrypted QSPs; user panel (UP): provides user
interface and manages tasks; session manager (SM): contains
information related to user activeness and authorization; and
user authentication and authorization manager (UAAM): ver-
ifies user credentials.
IV. TRANSACTIONS IN BSSSQS
In this section, we describe the different types of transac-
tions performed in BSSSQS. The list of important notations
with descriptions are summarized in Table 1.
A. Transactions between QUS and QC
Two types of major transactions—authentication of QUS
and questions handover to QC—take place between QUS
and QC. Every user in QUS has a unique signature, which is
stored in QC. Each user has to prove his identity with proper
credentials to send questions to QC, as shown in Fig. 2. The
proposed scheme assumes that all communication between
QUS and QC is done by employing asymmetric key encryp-
tion. Before sending questions, QUS sends a request to QC
to obtain a public key of QC. QUS sends the request by
sending data
D
1
. After getting the request from QUS, QC
generates one-time asymmetric keys (OTAKs) for QUS to
transfer credentials and questions. QC generates a secret key
S
k
and a public key
k
. Let
k
be the set of OTAKs:
(1)
Here,
ρ
is a large prime number,
τ
c
is the current timestamp,
S
h
is a salt hash, and
G
is a set of (
x
,
y
) coordinates on the
elliptic curve. When QC finishes generating OTAKs, QC
sends
k
by sending
D
2
. Upon receiving
D
2
, QUS encrypts
QT and PW employing
ξ
(
QT
,
PW
). Following this, QUS
increases
η
+ 1 by 1 and sends data
D
3
to QCM. When QC
receives
D
3
, QC first decrypts data utilizing
ζS
(
ξ
(
QT
,
PW
))
and checks the validity of the credentials provided from QUS.
If the credential is valid, then QC returns a success token by
sending
D
4
. Before sending questions, QUS creates a signa-
ture using QT and PW. Let
ω
sig
be the signature:
(2)
QUS first encrypts the question using
ω
sig
and then
encrypts using
k
. After encryption, QUS sends
D
5
. As QC
receives data from QUS, QC decrypts data by employing
ζS
(
ξ
(
ξω
(
Q
)). QC generates a signature employing Eq.
(2) and validates the identity of the person by decrypting the
question with the sender’s signature.
B. Transactions between QC and master
Here, transactions are divided into two main categories
shown in Fig. 3: 1) processing questions within different
modules of QC, and 2) sending QSPs from QQ to BSSSQS-
master
for further processing. After the deadline of question
submission, FQ formats and modifies the questions to pre-
Table 1.
Notations and their descriptions
Notation Description
η
,
ρ
,
Q
Nonce, Prime number, Question
τ
,
S
,
QT
Timestamp, Salt hash, Questionnaire token
PW,
Q
, sm
Token, Encrypted QSP, Smart contract
θ
(·) One way key generation function
ξ
(·),
ζ
(.) Encryption and Decryption function
Fig. 2.
Transactions between QUS and QC

BSSSQS: A Blockchain-Based Smart and Secured Scheme for Question Sharing in the Smart Education System
177
http://jicce.org
pare QSPs. The QSPs are then sent to QNP, where the ques-
tions are stored temporarily, and after obtaining proper
instructions from QCM, QSPs are sent to QF. QF selects
some QSPs based on certain criteria and forwards these
selected QSPs to QQ before sending to BSSSQS
master
. When
the collection is finished, QQ sends QSPs to BSSSQS
master
.
C. Transactions between Master and Minion
This segment covers transactions between BSSSQS
master
and BSSSQS
minion
, as shown in Fig. 4. The primary tasks of
BSSSQS
master
are summarized as follows: (1) to encrypt
QSPs and send these encrypted QSPs to BSSSQS
minion
and
(2) to select a QSP for the exam and send permission notifi-
cation to BSSSQS
minion
for accessing the selected QSP.
BSSSQS
master
plays a very significant role in providing secu-
rity to QSPs. Initially, questions are stored in QNQ. After
getting QSPs from QNQ, BMM picks the timestamp
τ
c
by
sending a request to TS. In the subsequent stage, BMM pulls
the course list from DB. Next, BMM sends QSPs to QS with
τ
c
and the course list. Then, QSPs experience two-phase
encryption as follows:
1) First-phase Encryption
The first phase of encryption is managed by QS. First, QS
requests SE for generating a salt hash
S
h
. After getting
S
h
from SE, QS stores it for the next phase of encryption. Sec-
ond, QS sends QSPs to DE with
τ
c
. DE then encrypts QSPs
with
τ
c
. Let
Q
i
be the
i
th
number of QSPs. Therefore,
i
num-
ber of QSPs that experience the first phase of encryption is
written by
(3)
Finally, QS sends encrypted QSPs to EF with
τ
c
and
S
h
.
2) Second-phase Encryption
The second phase of encryption happens in EF. EF gener-
Fig. 3.
Transactions between QC and BSSSQS
Fig. 4.
Transactions between BSSSQS and BSSSQS .

J. lnf. Commun. Converg. Eng. 17(3): 174-184, Sep. 2019
https://doi.org/10.6109/jicce.2019.17.3.174
178
ates a default genesis block (i.e., first block) with random
text and encrypts it with
τ
c
. After creating the genesis block,
EF encrypts QSPs and converts them into blocks. Each block
contains a header and data. The header carries the previous
block hash, timestamp, last access time, block creation time,
and nonce. Every time EF encrypts a QSP, it sends that
encrypted QSP to HG. HG then generates a hash from that
encrypted QSP to participate in the next QSP encryption.
Therefore, the encrypted QSP that experiences the second
phase of encryption can be written as
(4)
where
μQ
=
U
i
−
1
σ
=0
Q
h
σ
. The hash of the
i
th
QSP is generated
by
Q
i
h
=
SHA
256(
Q
i
2
). Then, HG stores the generated hash
in DB for QSP selection. Next, EF commands CG to gener-
ate a smart contract including the information of
Q
h
,
τ
c
, and
S
h
. The smart contract contains hashes of QSPs, timestamp,
and salt hash. When smart contract generation is completed,
CG encrypts the smart contract with a timestamp
τ
sm
and a
random salt hash
S
r
. Let
C
sm
be the encrypted smart contract.
(5)
After the encryption, CG stores the key in DB. At the time
of the exam, BSSSQS
master
sends the key along with a
selected question hash. After getting the encrypted smart
contract from CG, EF sends blocks and the smart contract to
GB. As GB gets the blocks and contract, it initiates the pro-
cess of sending these resources to BSSSQS
minion
. At first,
GB pulls the existing minion list from DB. When GB get all
lists, it begins sending blocks and the contract to BSSSQS
minion
through the blockchain cloud. When a QSP has to be
selected for an exam, GB sends an instruction to QP for ini-
tiating the process of selecting a QSP for the exam along
with
C
sm
and notifying the minions about that QSP. Before
initiating random engine for picking out a QSP, QP pulls the
hash of QSPs from DB. Meanwhile, it also requests EP to
send the hashes of the excluded QSPs. When QP gathers all
the required information, it starts the process of selecting a
QSP as follows. First, QP removes the excluded QSPs from
the set of QSPs. Therefore, the set of filtered QSPs is
written by
(6)
where is the set of all QSPs and is the set of
excluded QSPs. Second, QP takes a collection of 10 large
prime numbers which is represented by
ρ
={
ρ
i
∈P
|0
≤
i
≤
9}.
Next, it converts the current date and time into a timestamp
τ. To select any two prime numbers from
ρ
, QP takes the last
digit
d
τ
l
and second last digit
d
τ
sl
from
t
to select prime num-
bers
p
d
and
p
d
, respectively. The selected QSP to take the
exam is represented by
(7)
where
Q
fn
is the total number of filtered QSPs and
p
d
≥
Q
fn
.
As QP selects a QSP, it notifies all BSSSQS
minion
about the
selection through the blockchain cloud.
D. Transactions in BSSSQS
minion
This section covers the transactions between different
modules of BSSSQS
minion
, as shown in Fig. 5. Note that U in
Fig. 5 represents a user in the system. The transactions are
categorized into the following three types: (1) storing and
maintaining QSP blocks in blockchain, (2) updating the
smart contract, and (3) alerting authority about the permis-
sion to access QSPs. After getting blocks and the smart con-
tract, BMNM sends blocks to BC and smart contract to SCM
for the selected exam. When BMNM gets a QSP selection
notification from BSSSQS
master
, BMNM passes this notifica-
tion to UP and UP alerts users about the access. When a user
tries to enter UP, he has to experience a validation process.
UAAM sends a request to DB to send information regarding
the requested signature. If the user is valid, DB returns user
information, otherwise, it reruns empty data. When UAAM
gets validation from DB, it stores a token in SM for main-
taining the user session. Every minion manages its users by
itself. After that, UAAM notifies UP about the response. As
users get a notification about the QSP and key for decrypting
C
sm
, they request for QSP through UP. UP requests SCM to
start the decryption process. Before going further, SCM
sends a command to MB to check whether QSP is unlocked
for access. MB affirms authorization with BSSSQS
master
.
With proper authorization, SCM transfers the request to BC.
BC performs a final authorization check with BSSSQS
master
through MB. If BC gets an unauthorized request with a QSP,
it changes access time and nonce and mines the chain again.
It changes the signature of all the QSPs, and no one can get
its key hash. Whenever BC gets an affirmative result, it
sends the QSP to SCM for decrypting. First, SM decrypts
C
sm
to the selected QSP. Let
D
sm
be the decrypted smart con-
tract,
D
sm
=
ζ
{
Θ
(
τ
,
S
)}
{
C
sm
,
Θ
(
τ
sm
,
S
r
)}. After getting
D
sm
, QSP
decryption begins. Let
Q
be a selected encrypted QSP. By
utilizing
μQ
h
in Eq. (4), the first phase of decryption is writ-
ten by
(8)
Finally,
D
Q
goes through the second phase of decryption
which is written by
(9)
where
D
Q
is the QSP which experiences the second phase of
QF
QP
QE

BSSSQS: A Blockchain-Based Smart and Secured Scheme for Question Sharing in the Smart Education System
179
http://jicce.org
decryption. After decryption, SC stores the QSP to DB and
sends a notification to UP about the outcome. Finally, users
can retrieve QSP from DB to take an exam.
V. SECURITY ANALYSIS
In this section, we propose different propositions related to
security against different attacks with proof.
Proposition 1.
The secret key of QC is well protected
from the adversary.
Proof.
QC’s secret key is generated using Eq. (1). Sup-
pose, adversary
A
wants to steal the secret key of QC. The
only way to get the secret key of QC is to guess the private
key, to the best of our knowledge, as QC never shares its pri-
vate key with anyone. However, in asymmetric encryption,
suppose the secret key is 256 bits long. To guess the correct
secret key,
A
needs to guess the sequence of 256. For 256
bits, there are 2
256
possible sequences, and among them,
only one can be the QC’s secret key. The probability of
guessing the secret key is 1/2
256
=2
−
256
which is practically
not feasible. Moreover, if
A
wants to guess the properties of
the secret key individually,
A
has to face the probability of
randomness in each property which is also practically not
feasible. Furthermore, OTAK is temporary. When questions
are transferred successfully, OTAK, which is generated for
particular QUS, is removed from QC. Therefore, the secret
key may become obsolete while
A
is still trying to guess the
secret key. Thus, QC’s secret key is well protected from the
adversary.
Proposition 2.
Communication between QUS and QC is
secure even in the presence of an eavesdropper.
Proof.
The motive behind the communication between
QUS and QC is to transfer questions. To send questions,
QUS requires QC’s public key to create a digital signature
using Eq. (2) and encrypt questions employing
ξ
(
Q
).
However, when QUS requests for the OTAK, QC generates
OTAK utilizing Eq. (1). When QUS gets
k
, first, QUS val-
idates its identity by transmitting
QT
and
PW
, which is
encrypted using
k
, to QC. Second, it generates a digital
signature by applying Eq. (2). Finally, QUS encrypts ques-
tions using
k
and sends the questions back to QC signed
with its signature. Suppose, there exists an eavesdropper
named
B
between QC and QUS.
B
wants to steal the creden-
tials of QUS along with questions and also wants to send
false data to QC.
B
catches data between QUS and QC and
wants to extract
D
2
and
D
5
data, as shown in Fig. 2. To
extract data,
B
requires QC’s private key, which is not avail-
able to anyone except QC. Moreover, there is no feasible
solution to extract the private key from public key by reverse
engineering or guessing, as discussed in Proposition 1. How-
ever,
B
wants to send false data encrypted by
k
to QC.
When QUS send questions to QC, QUS signs the question
with its signature. From the signature, QC verifies the actual
source of the data. As
B
needs the signature of QUS,
B
can-
not send false data until it obtains QUS’s signature and not
only is QUS’s signature not only publicly available but also
QUS never shares its signature with other people apart from
Fig. 5.
Transactions in BSSSQS

J. lnf. Commun. Converg. Eng. 17(3): 174-184, Sep. 2019
https://doi.org/10.6109/jicce.2019.17.3.174
180
QC in an encrypted form. As a result,
B
cannot achieve any
of the aforementioned objectives.
Proposition 3.
QSP selection in BSSSQS
master
is totally
random and is free from compromised QSPs.
Proof.
Before the exam, BSSSQS
master
selects a QSP and
sends that QSP reference to BSSSQS
minion
. This process is
completely random. Before selecting a QSP, BSSSQS
master
selects a set of 10 prime numbers. Each prime number is
selected following uniform distribution. Let,
P
be the set of
prime numbers and
ρ
be the set of already selected prime
numbers. Therefore, the probability of selecting prime num-
bers is
P
(
P−ρ
). Finally, QSP is selected by employing Eq.
(7) which gives a random QSP number. BSSSQS
master
is a
well-protected scheme. By any chance, if any QSP becomes
compromised, BSSSQS
minion
notifies BSSSQS
master
about
that question. BSSSQS
master
excludes that compromised QSP
from the selection process by employing Eq. (6) to remove
compromised QSPs.
Proposition 4.
QSPs and smart contract are secure from
physical attacks by both insiders and outsiders.
Proof.
Physical attacks involves exploiting the weakest
point by the attacker to breach the security system. However,
attackers may not always come from outside. Sometimes, a
person from the inside may also harm the system. As we dis-
cussed in the Introduction, sometimes a teacher or authority
may leak the question, so it is very important to provide pro-
tection from attacks is caused by both outsiders and insiders.
BSSSQS imposes a timelock on the QSPs and the smart con-
tract. If anyone tries to access both of them before the
allowed time, the system notifies not only BSSSQS
master
but
also BSSSQS
minion
. Suppose, an attacker
X
from inside
wants to steal QSPs.
X
disables the connection of BSSSQS-
minion
and tries to copy QSPs from a disk. QSPs access per-
mission is locked, which can be unlocked by the permission
from BSSSQS
master
. However,
X
somehow bypasses the
access protection and starts to copy. An internal monitoring
system monitors this activity and changes the QSP auditing
time, which changes the hash of QSPs and breaks the chain
of the block. When BSSSQS
minion
comes online, BSSSQS
minion
notifies BSSSQS
master
, and BSSSQS
master
excludes the
BSSSQS
minion
from taking the exam. However, after copying
the QSPs,
X
needs a private key to unlock both QSPs and
the smart contract, which are encrypted by employing Eq.
(4) and Eq. (5), respectively. In Proposition 1, we discussed
that it is not feasible to guess a key. Therefore, copying the
QSPs will not help
X
. This outcome is the same for outsiders
too. In this way, QSP and smart contracts are secure from
physical attacks.
VI. EXPERIMENTAL RESULTS AND PERFOR-
MANCE ANALYSIS
In this section, we discuss the experimental results and
compare the proposed BSSSQS with existing schemes based
on different features to demonstrate the feasibility of BSSSQS.
Fig. 6.
Experimental result performed in BSSSQS: (a) time to transfer questions (TTQ) from QUS to QC, (b) processing time for performing security actions for
different size of QSPs, (c) time for creating block in blockchain, (d) size of the block after adding QSPs, and (e) time to select QSP before the exam for different
number of QSPs

BSSSQS: A Blockchain-Based Smart and Secured Scheme for Question Sharing in the Smart Education System
181
http://jicce.org
A. Experimental Results
Three computers were considered for the experiment.
Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz was considered
as QUS with 16 GB. Microsoft Windows 10 Professional 64-
bit was used as an operating system (OS) in QUS. Intel(R)
Xeon(R) Processor E5-2697A V4 @ 2.60 GHz was consid-
ered as QC and BSSSQS
master
with 32 GB. CentOS 7.5 was
utilized as an OS in QC and BSSSQS
master
. Intel(R)
Core(TM) i5-4670 CPU @ 3.40GHz was considered as
BSSSQS
minion
with 32 GB. Ubuntu 18.04.1 LTS was utilized
as an OS in BSSSQS
minion
. RSA was considered for asym-
metric encryption, and Twofish was considered for symmet-
ric encryption. The middleware in QUS was built using
Node.js, the middleware in QC was built using PHP, and the
middleware in BSSSQS
master
and in BSSSQS
minion
was built
using Python. The blockchain network was built and main-
tained using Python. As the proposed BSSSQS is a private
network and blocks were created in BSSSQS
master
, no con-
sensus mechanism was considered during the experiment.
Fig. 6 represents the result of the experiments performed in
BSSSQS. In Fig. 6(a), time to transfer questions (TTQ) from
QUS to QC is demonstrated for different question sizes.
Requesting public key and validation of user identity is also
included in TTQ. With the increasing size of questions, TTQ
also increases. This is because more time is required for
encrypting and transferring larger questions over the net-
work. Fig. 6(b) illustrates the processing time for performing
security mechanisms in BSSSQS
master
and BSSSQS
minion
.
The processing time increased with increasing QSP size for
phase-1 and phase-2 encryption in BSSSQS
master
and phase-1
and phase- 2 decryption in BSSSQS
minion
. The computation
power in BSSSQS
master
is much higher than that of BSSSQS-
minion
. Thus, the processing time in BSSSQS
master
is lesser
than that in BSSSQS
minion
. Eq. (3) and Eq. (4) were utilized
for calculating the processing time while performing phase-1
and phase-2 encryption in BSSSQS
master
, respectively. Eq.
(8) and Eq. (9) were used for calculating the processing time
while performing phase-1 and phase-2 decryption in
BSSSQS
minion
, respectively. Phase-1 encryption requires less
time than phase-2. This is because the key is generated from
the previous block’s hash, and the size of the key in phase-2
increases with the increase of block. Phase-1 decryption
takes more time than phase-2 decryption. To decrypt in
phase-2, the hash of the previous block is required and a
combination of the previous block’s hash increases the key
size. Fig. 6(c) depicts the block creation for different QSP
sizes. With the increase in the size of QSP, block creation
time also increases. The block contains QSP, timestamp,
nonce, and the previous block’s hash. While creating blocks,
data were encrypted. After preparing the aforementioned
attributes, the block is created and a hash is generated that
works as the identity of the block. The higher the QSP size,
the more time is required for encrypting data and generating
the hash. Thus, the block time increases. Fig. 6(d) demon-
strates the change in the block size for different QSP sizes.
With increasing size of QSP, block size also increases. Fig.
6(e) portrays the change in time for selecting the QSP for the
different number of QSPs. Eq. (6) and Eq. (7) were used
during calculating time for selecting the QSP. When the
number of QSPs is increased, QSP selection time also
increases because the more QSPs in the list, the more time is
required to filter compromised QSPs. Overall, the increase in
QSP selection time is very small.
B. Performance Comparison
A comparative study between BSSSQS and existing models
([48]-[54]) was performed, as shown in Table 2, where (√)
means supported and (×) means not supported, by considering
the following features.
• Secure login: This feature covers the security in the
login process like password encryption, random pass-
word, etc. BSSSQS along with all of the existing models
(([48]-[54]) support secure login.
• QSP generation: This feature generates a QSP randomly
from a list of questions. BSSSQS randomly generates
QSPs from the provided questions and among the exist-
ing systems. Chang [48], Lu [51], Zhai [52], Kaya [49],
and Younis [54] supported this.
• QSP encryption: This feature encrypts the QSP to prevent
unauthorized access. Only BSSSQS performs encryption
in QSPs.
• QSP selection: This feature supports the random selec-
tion of a QSP. BSSSQS randomly selects a QSP, and
among the existing systems, Henke [53], Kaya [49], and
Younis [54] support this feature.
• Timestamp lock: This feature helps impose a restriction
of time on QSPs so that no one can access QSPs before
the allowed time. Only BSSSQS imposes a timestamp
lock on the QSPs.
Table 2.
Performance comparison.
Features
Schemes
Yang [50]
Chang [48]
Lu [51]
Zhai [52]
Henke [53]
Kaya [49]
Younis [54]
BSSSQS
Secure login
√√√√√√√√
QSP generation
×√√√×√√√
QSP encryption
×××××××√
QSP selection
××××√√√√
Timestamp lock
×××××××√

J. lnf. Commun. Converg. Eng. 17(3): 174-184, Sep. 2019
https://doi.org/10.6109/jicce.2019.17.3.174
182
VII. CONCLUSIONS
In this study, we proposed a secured QS scheme exploiting
the security mechanism of blockchain. In this scheme, QSP
experiences two-phase encryption to prevent unethical
access before the exam. Moreover, a restriction of time is
issued in the proposed scheme so that every minion has to
wait for system permission to initiate the decryption process
of QSP. Furthermore, QSP is selected by master employing
the proposed randomize algorithm. A combination of these
features can provide a secured QS system. We analyzed
BSSSQS’s security by proposing different propositions with
proofs. We compared the performance of BSSSQS with
other existing education management schemes. Based on the
theoretical comparison, it can be demonstrated that BSSSQS
is more secure than other models. We implemented BSSSQS
and performed experiments on the implementation to show
the effectiveness of BSSSQS. Therefore, we can conclude
that BSSSQS can be a promising approach for providing
proper security to mitigate the QPL problem in the future
smart education system.
ACKNOWLEDGMENTS
This work was supported by Priority Research Centers
Program through the National Research Foundation of Korea
(NRF) funded by the Ministry of Education, Science and
Technology (2018R1A6A1A03024003).
REFERENCES
[ 1 ] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,”
2008, [online] Available: https://bitcoin.org/bitcoin.pdf.
[ 2 ] M. Conoscenti, A. Vetro, and J. C. D. Martin, “Blockchain for the
internet of things: A systematic literature review,” in Proceeding of
2016 IEEE/ACS 13th International Conference of Computer Systems
and Applications (AICCSA), pp. 1-6, Nov 2016. DOI: 10.1109/
AICCSA.2016.7945805.
[ 3 ] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts
for the internet of things,” IEEE Access, vol. 4, pp. 2292-2303, 2016.
DOI: 10.1109/ACCESS.2016.2566339.
[ 4 ] J. Kishigami, S. Fujimura, H. Watanabe, A. Nakadaira, and A.
Akutsu, “The blockchain-based digital content distribution system,”
in Proceeding of 2015 IEEE Fifth International Conference on Big
Data and Cloud Computing, pp. 187-190, Aug 2015. DOI: 10.1109/
BDCloud.2015.60.
[ 5 ] A. Islam and S. Y. Shin, "BHMUS: Blockchain Based Secure
Outdoor Health Monitoring Scheme Using UAV in Smart City," in
Proceeding of 2019 7th International Conference on Information and
Communication Technology (ICoICT), Kuala Lumpur, Malaysia, pp.
1-6, 2019. DOI: 10.1109/ICoICT.2019.8835373.
[ 6 ] B. A. Tama, B. J. Kweka, Y. Park, and K. H. Rhee, “A critical review
of blockchain and its current applications,” in Proceeding of 2017
International Conference on Electrical Engineering and Computer
Science (ICECOS), pp. 109-113, Aug 2017. DOI: 10.1109/ICECOS.
2017.8167115.
[ 7 ] A. Islam, M. B. Uddin, M. F. Kader, and S. Y. Shin, “Blockchain
based secure data handover scheme in non-orthogonal multiple
access,” in Proceeding of 2018 4th International Conference on
Wireless and Telematics (ICWT), pp. 1-5, July 2018. DOI: 10.1109/
ICWT.2018.8527732
[ 8 ] N. Kshetri and J. Voas, “Blockchain-enabled e-voting,” IEEE Software,
vol. 35, no. 4, pp. 95-99, July 2018. DOI: 10.1109/MS.2018.2801546.
[ 9 ] A. Islam and S. Y. Shin, "BUS: A Blockchain-Enabled Data Acquisition
Scheme With the Assistance of UAV Swarm in Internet of Things,"
IEEE Access, vol. 7, pp. 103231-103249, 2019. DOI: 10.1109/
ACCESS.2019.2930774.
[10] “Genesis block,” [online] Available: https: //en.bitcoin.it/wiki/Genesis
block.
[11] X. Li, P. Jiang, T. Chen, X. Luo, and Q. Wen, “A survey on the
security of blockchain systems,” Future Generation Computer
Systems, 2017. DOI: 10.1016/j.future.2017.08.020.
[12] R. Henry, A. Herzberg, and A. Kate, “Blockchain access privacy:
Challenges and directions,” IEEE Security Privacy, vol. 16, no. 4, pp.
38-45, July 2018. DOI: 10.1109/MSP.2018.3111245.
[13] J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, and W. Zhao, “A
survey on internet of things: Architecture, enabling technologies,
security and privacy, and applications,” IEEE Internet of Things
Journal, vol. 4, no. 5, pp. 1125-1142, Oct. 2017. DOI: 10.1109/
JIOT.2017.2683200.
[14] W. Ejaz, A. Anpalagan, M. A. Imran, M. Jo, M. Naeem, S. B. Qaisar, and
W. Wang, “Internet of things (IoT) in 5G wireless communications,”
IEEE Access, vol. 4, pp. 10310-10314, 2016. DOI: 10.1109/
ACCESS.2016.2646120.
[15] R. Li, T. Song, N. Capurso, J. Yu, J. Couture, and X. Cheng, “IoT
applications on secure smart shopping system,” IEEE Internet of
Things Journal, vol. 4, no. 6, pp. 1945-1954, Dec. 2017. DOI:
10.1109/JIOT.2017.2706698.
[16] D. Miller, “Blockchain and the internet of things in the industrial
sector,” IT Professional, vol. 20, no. 3, pp. 15-18, May 2018. DOI:
10.1109/MITP.2018.032501742.
[17] M. ur Rahman, Himanshi, V. Deep, and S. Rahman, “ICT and
internet of things for creating smart learning environment for
students at education institutes in India,” in Proceeding of 2016 6th
International Conference - Cloud System and Big Data Engineering
(Confluence), pp. 701-704, Jan. 2016. DOI: 0.1109/CONFLUENCE.
2016.7508209.
[18] H. Maenpaa, S. Varjonen, A. Hellas, S. Tarkoma, and T. Mannisto,
“Assessing IOT projects in university education - a framework for
problem-based learning,” in Proceeding of 2017 IEEE/ACM 39th
International Conference on Software Engineering: Software Engineering
Education and Training Track (ICSESEET), pp. 37-46, May 2017.
DOI: 10.1109/ICSE-SEET.2017.6.
[19] B. Ahmed, “IoT and blockchain convergence: Benefits and challenges,”
[online] Available: https://iot.ieee.org/newsletter/january-2017/iotand-
blockchain-convergence-benefits-andchallenges.html.
[20] O. J. A. Pinno, A. R. A. Gregio, and L. C. E. D. Bona, “Controlchain:
Blockchain as a central enabler for access control authorizations in
the IoT,” in Proceeding of GLOBECOM 2017 - 2017 IEEE Global
Communications Conference, pp. 1-6, Dec. 2017. DOI: 10.1109/
GLOCOM.2017.8254521.
[21] X. Liang, J. Zhao, S. Shetty, and D. Li, “Towards data assurance and
resilience in IoT using blockchain,” in Proceeding of MILCOM 2017
- 2017 IEEE Military Communications Conference (MILCOM), pp.
261-266, Oct. 2017. DOI: 10.1109/MILCOM.2017.8170858.
[22] K. Tattersall, “The role and functions of public examinations,”
Assessment in Education: Principles, Policy & Practice, vol. 1, no. 3,

BSSSQS: A Blockchain-Based Smart and Secured Scheme for Question Sharing in the Smart Education System
183
http://jicce.org
pp. 293-304, 1994. DOI: 10.1080/0969594940010305.
[23] P. Black and D. Wiliam, “Assessment and classroom learning,”
Assessment in Education: Principles, Policy & Practice, vol. 5, no. 1,
pp. 7-74, 1998. DOI: 10.1080/0969595980050102.
[24] S. P. Heyneman, “Uses of examinations in developing countries:
Selection, research, and education sector management,” International
Journal of Educational Development, vol. 7, no. 4, pp. 251 -263,
1987. DOI: 10.1016/0738-0593(87)90023-X.
[25] R. Olatoye, “Checking the menace of examination malpractice: A
call for more teaching and learning in schools,” Institute of
Education, Olabisi Onabanjo University, Ago-Iwoye, Nigeria, p. 1,
2008.
[26] A. A. Emiloju and C. Adeyoju, “The challenges of maintaining the
integrity of public examinations in Nigeria: The ethical issues,”
International Education Studies, vol. 5, no. 2, p. 18, 2012. DOI:
10.5539/ies.v5n2p18.
[27] T. I. Bangladesh, “Question leakage in public examinations: Process,
reason and way forward,” 2015.
[28] J. McCrank, “ACT cancels some college entrance exams after test
leak,” Sep 2017, [online] Available: https://www.reuters.com/article/
us-usa-college-cheating/act-cancels-some-collegeentrance-exams-after-
test-leak-idUSKCN1BI29P.
[29] R. A. F. Mailonline, “Hundreds of students are sent home after A-
level physics exam is stolen and shared on social media,” May 2017,
[online]. Available: http://www.dailymail.co.uk/news/article-4534118/
Hundreds-students-sent-hometest-paper.html.
[30] J. Guo, “Chinese postgraduate entrance exam leaked?” Dec 2017,
[online] Available: http://supchina.com/2017/12/27/chinesepostgraduate-
entrance-exam-leaked/.
[31] “Exam papers leaked at ukzn,” Nov 2017, [online] Available: https: /
/www.news24.com/SouthAfrica/News/exampapers-leaked-at-ukzn-
20171113.
[32] A.-M. Al-Youm, “French language exam papers leaked on facebook,”
Jun 2017, [online] Available: http://www.egyptindependent.com/
frenchexams-leaked/.
[33] “Despite strict measures, arabic exam leaked on first day of egypt’s
thanaweya amma examinations,” [online] Available: http://english.
ahram.org.eg/NewsContent/1/64/270200/Egypt/Politics-/Despite-stri
ctmeasures;-Arabic-exam-leaked-on-fir.aspx.
[34] “Vietnam teacher leaks test questions to neighbor as ’return of
favor’,” May 2017, [online] Available: https://tuoitrenews.vn/
education/41079/vietnam-teacher-leaks-test-questions-toneighbor-as-
return-of-favor.
[35] “10 held on question leakage charge,” [online] Available: http://
kathmandupost.ekantipur.com/news/2018-01-07/10-held-on-question-
leakagecharge.html.
[36] “Papers might have been leaked, police tell IoM,” [online] Available:
http://kathmandupost.ekantipur.com/news/2017-11-06/papers-might-
have-been-leakedpolice-tell-iom.html.
[37] “Four major whatsapp groups involved in leaking papers traced,”
[online] Available: https://www.geo.tv/latest/140930-11th-in-linePhysics-
supplementary-paper-leaked-in-Karachi.
[38] “Exam season fiasco: papers leaked, students cheating in sindh
classrooms,” [online] Available: https://www.geo.tv/latest/139515-
Exam-seasonfiasco-papers-leaked-students-cheating-in-Sindhclassrooms.
[39] “Racket involved in MDCAT paper leak,” [online] Available: https:/
/www.thenews.com.pk/print/ 234932-Racket-involved-in-MDCAT-
paper-leak.
[40] “Physics paper leaked just before exams,” May 2017, [online]
Available: https://www.samaa.tv/pakistan/2017/05/ physics-paper-
leaked-just-before-exams/.
[41] “Who is leaking CSS exam questions? - pakistan - dunya news,”
[online] Available: http://dunyanews.tv/en/Pakistan/375604- Who-
is-leaking-CSS-exam-questions.
[42] New Indian Xpress, “Recruitment exam paper leak: Army begins
probe; exams cancelled across India,” [online] Available: http: //
www.newindianexpress.com/nation/2017/feb/ 26/recruitment-exam-
paper-leak-army-beginsprobe-exams-cancelled-across-india-1575035.
html.
[43] N. D. Press Trust of India, “AIIMS MBBS 2017 entrance test paper
leaked,” May 2017, [online] Available: http://www.hindustantimes.
com/india-news/aiims-mbbs-entrance-test-paperleaked-says-vyapam -
scam-whistle-blower-anandrai/story-tuPKqb5vIXsbKy7CGvSfAP.html.
[44] I. Today, “NEET 2017 paper leak: Racket kingpin arrested in Delhi,”
May 2017, [online] Available: https: //www.indiatoday.in/education-
today/news/ story/neet-2017-paper-leak-976849-2017-05-13.
[45] R. A. Ruhani, “JSC questions for every exam so far leaked,” Nov
2017, [online] Available: http://www.dhakatribune.com/bangladesh/
education/2017/11/09/jsc-exam-question-leak/.
[46] S. A. S. Correspondent bdnews24.com, “Dhaka board holds SSC
exam with leaked question paper despite being informed,” [online]
Available: https://bdnews24.com/bangladesh/2017/02/21/dhaka-board-
holds-ssc-exam-with-leakedquestion-paper-despite-being-informed.
[47] “Teacher accused of leaking test qsps to private tutor,” Nov 2017,
[online] Available: http://www.koreatimes.co.kr/www/nation/2017/
11/251239889.html.
[48] L. Chang and X. G. Ming, “Application research of web examination
system based on college,” Energy Procedia, vol. 17, pp. 528-533,
2012. DOI: 10.1016/j.egypro.2012.02.131.
[49] B. Y. Kaya, G. Kaya, and M. Dagdeviren, “A sample application of
web based examination system for distance and formal education,”
Procedia - Social and Behavioral Sciences, vol. 141, pp. 1357-1362,
2014. DOI: 10.1016/j.sbspro.2014.05.234.
[50] X.-d. Yang, “The Research on Online Examination System of PE
Theory Courses,” Berlin, Heidelberg: Springer Berlin Heidelberg,
2013, pp. 357-362. DOI: 10.1007/978-3-642-33030-8_58.
[51] H. Lu and Y. Hu, “The design and implementation of online
examination system based on J2EE,” in Proceeding of 2012
International Conference on Industrial Control and Electronics
Engineering, pp. 93-95, Aug. 2012. DOI: 10.1109/ICICEE.2012.33.
[52] L. Zhai and T. Gong, “The research of examination management
system based on network flat,” in Proceeding of 2011 2nd
International Conference on Artificial Intelligence, Management
Science and Electronic Commerce (AIMSEC), pp. 2611-2613, Aug.
2011. DOI: 10.1109/AIMSEC.2011.6011131.
[53] K. Henke, “Web-based test, examination and assessment system,”
Adv. Technol. Learn., vol. 4, no. 3, pp. 140-145, Jun. 2007. DOI:
10.2316/Journal.208.2007.3.208-0911.
[54] M. S. H. Mohammed Issam Younis, “Construction of an online
examination system with resumption and randomization capabilities,”
International Journal of Computing Academic Research, vol. 4, no.
2, pp. 62-82, 2015.

J. lnf. Commun. Converg. Eng. 17(3): 174-184, Sep. 2019
https://doi.org/10.6109/jicce.2019.17.3.174
184
Anik Islam
was born in 1992. He received his B.Sc. in software engineering and M.Sc. in computer science from American
International University-Bangladesh (AIUB), Dhaka, Bangladesh, in 2014 and 2017, respectively. He is currently working
toward his PhD degree with the WENS Laboratory, Kumoh National Institute of Technology, Gumi, South Korea. He has
more than five years of experience of working in the software development field. He has participated in various software
competitions with good achievements. His major research interests include blockchain, Internet of Things, unmanned
aerial vehicles, social Internet of Things, mobile edge computing, web of things, semantic web, wireless network, and
distributed systems.
Md Fazlul Kader
received the B.Sc. and M.Sc. degrees in computer science and engineering from the Chittagong University of Engineering
and Technology, Chittagong, Bangladesh, in November 2005 and January 2014, respectively. He was awarded the Ph.D.
degree from the Kumoh National Institute of Technology, Gumi, South Korea, in February 2018. Since 2007, he has been
a faculty member with the Department of Electrical and Electronic Engineering, University of Chittagong, Chittagong,
Bangladesh, where he is currently an Associate Professor. He has co-authored more than 45 technical papers in
international journals and conference proceedings. He is an Associate Editor of the IEEE Access. Moreover, he regularly
serves as a reviewer and TPC member in many reputed journals and conferences. His major research interests include
5G, cognitive radio networks, cooperative communications, MIMO, computer networks, NOMA, spatial modulation,
blockchain, internet of things, etc.
Soo Young Shin
received his Ph.D. degrees in electrical engineering and computer science from Seoul National University on 2006. He
was with WiMAX Design Lab, Samsung Electronics, Suwon, South Korea from 2007 to 2010. He joined as full-time
professor to School of Electronics, Kumoh National Institute of Technology, Gumi, South Korea. He is currently an
Associate Professor. He was a post Doc. researcher at University of Washington, Seattle, WA, USA from 2006 to 2007. In
addition, he was a visiting scholar to University of the British Columbia at 2017. His research interests include wireless
communications, next generation mobile wireless broadband networks, signal processing, Internet of things, etc.