Enhanced Encryption and Security Measures for Proctorio: Safeguarding the Future of Online Proctoring

As technology continues to advance at a rapid pace, the importance of securing sensitive data becomes increasingly critical. Recognizing this, Proctorio has implemented significant updates to its security platform for the Fall 2020 semester, reinforcing its commitment to data protection and privacy. These enhancements not only bolster the system’s defense against evolving threats but also offer institutions more control over their security protocols.

Key Enhancements to Proctorio’s Security Platform

Strengthened Key Derivation Method

Proctorio has significantly fortified the key derivation method used to generate Zero-Knowledge Encryption keys. By increasing the number of mathematical operations required to create these keys by an astounding 9,900%, the platform is now more resilient against brute force attacks. This proactive measure ensures that as computational power continues to evolve, Proctorio remains ahead of potential vulnerabilities.

Adoption of Native WebCrypto for Enhanced Performance

To further safeguard recorded data, all new exam recordings are now encrypted using the native WebCrypto package built directly into the browser. This transition, which has been operational for a month, has demonstrated robust performance without any signs of degradation. By integrating WebCrypto, Proctorio leverages the browser’s built-in security features, offering a more seamless and secure experience for users.

Introduction of High Security Plus Option

Proctorio has introduced a new “High Security Plus” option, which provides an additional layer of protection through symmetric key encryption combined with an asymmetric RSA public key, generated by the institution. This feature allows institutions to maintain greater control over their encryption keys, further enhancing the security of their data.

Existing customers can apply these advanced features to their institutions at no additional cost, ensuring that all users benefit from the latest security enhancements.

The Evolution of Proctorio’s Security Focus

A Legacy of Privacy and Security

Since its inception in 2013, Proctorio has been dedicated to creating a secure and privacy-centric online proctoring service. Initially developed on Chrome 27, Proctorio’s design focused on lightweight deployment, ensuring that test-taker privacy remained a top priority without compromising performance. This commitment to security has driven continuous innovation, particularly in the area of cryptography.

Early versions of Proctorio utilized the Stanford JavaScript Crypto Library (SJCL) to integrate cryptographic functions. However, as browser technology advanced, particularly with the introduction of WebCrypto in Chrome 37, Proctorio quickly adapted to incorporate these native cryptographic features, while still relying on SJCL for key derivation and encryption.

The decision to transition entirely to WebCrypto with the latest updates reflects Proctorio’s ongoing commitment to leveraging the most advanced and secure technologies available. This move not only enhances the platform’s security but also streamlines its performance, ensuring that all new recordings benefit from the improved speed and reliability of WebCrypto.

Enhanced Security Through Advanced Cryptography

Transition to PBKDF2-HMAC-SHA512 and AES-256

In response to the growing capabilities of modern computing, Proctorio has updated its cryptographic processes to further protect against brute force attacks. The platform has switched from SHA1 to SHA512 for its key derivation function, implementing PBKDF2-HMAC-SHA512 with an increased iteration count of 1,200,000. This substantial increase from the previous 12,000 iterations dramatically reduces the likelihood of brute force vulnerabilities.

Additionally, Proctorio has upgraded its encryption standard from AES-128 to AES-256, providing even greater security in a post-quantum world. These enhancements ensure that exam recordings are protected by the most advanced cryptographic techniques available today.

Implementation of Asymmetrical Keys for Institutional Control

Recognizing the need for even more granular control over security, Proctorio has introduced an option for institutions to use asymmetrical keys, generated and managed by the institution itself. This feature, available in version 1.4.20311.1, allows institutions to generate their own public keys, while private keys are distributed only to authorized personnel who require gradebook access.

This option was developed to address specific security challenges:

1. Entropy Concerns: Learning Management Systems (LMS) like Canvas or Moodle often use zero-based sequential identifiers, which can result in low entropy for derived keys. By allowing institutions to manage their own keys, Proctorio mitigates this risk.
2. Protection Against Third-Party Access: Many LMS platforms are hosted by third parties, potentially exposing exam data to unauthorized access. By enabling institutions to control their encryption keys, Proctorio ensures that only authorized parties can decrypt and access exam recordings.
3. Controlled Access for Elevated Roles: In many test platforms, admin roles grant unrestricted access to data. The use of asymmetrical keys allows institutions to fine-tune access controls, ensuring that only authorized individuals can access sensitive information.

Proctorio continues to explore additional security measures, with future updates expected to allow institutions to generate and manage their own asymmetric public keys, further enhancing control and security.

Commitment to Data Privacy and Security

Proctorio’s latest security enhancements reflect its unwavering commitment to protecting the integrity of online exams. By providing institutions with more control over their encryption keys and adopting the most advanced cryptographic standards, Proctorio ensures that both test takers and administrators can trust in the security of their data.

These updates are part of Proctorio’s broader mission to create a secure and stress-free testing environment. As online proctoring becomes an increasingly integral part of education, Proctorio remains dedicated to staying ahead of security threats, offering peace of mind to institutions and test takers alike.