search

SafeExamBrowser / seb-server

The Safe Exam Browser Server web application simplifies and centralizes the configuration of SEB clients for exams. It interacts with a learning management or exam system for setting up and conducting e-assessments with Safe Exam Browser. It also improves security by allowing to monitor connected SEB clients in real time during e-assessments.
Mozilla Public License 2.0
43 stars 38 forks source link

Global ASK (App Signature Key) Grant #116

Closed ramhee98 closed 2 weeks ago

ramhee98 commented 5 months ago

It would be beneficial to have the option to grant an ASK globally in every exam.

The global ASK (App Signature Key) Grants could be listed on a separate page and managed in the same way as the "Security Key Grants" in each Exam.

image Optionally, it could be selectable for each exam if the global ASK Grants are accepted too. And there could be a button on each exam to "Add Global Security Grant" below the "Add Security Grant" which only grants the ASK for the specific Exam.

anhefti commented 4 months ago

We have discussed this issue internally and unfortunately it is not possible to have global ASK grants because of internal security architecture of the ASK.

The ASK is generated by SEB client with a salt from SEB Server and this salt is different for each SEB Server exam. This means, even if the SEB client is the same, the ASK hash is different for each Exam in SEB Server. Even SEB Server does not know the actual ASK value, but only the computed hash of the ASK that is different per Exam and can be granted per Exam or the heuristic threshold can be used, if one do not want to make the Grants manually every time.

This is as designed and for security reasons to prevent sharing/leaking ASK hashes.