Graphical and text based challenge questions for secure and usable authentication in online examinations
In traditional online examination environments, physical interaction is often replaced with authentication mechanisms. The absence of face-to-face interaction increases the number of authentication challenges. The authors developed and implemented a Profile Based Authentication Framework (PBAF) with the aim to integrate learning and examination processes for secure online examinations. The PBAF approach utilizes the widely used knowledge-based authentication mechanisms: login identifier and passwords and challenge questions. These approaches are reported with a number of benefits and limitations in term of usability and security. Previous studies suggests that the use of image-based graphical authentication may provide usable and secure solution. This paper presents the findings of an empirical study, utilizing a hybrid approach combining image and text-based challenge questions in a real online learning environment. A traffic light system was implemented to improve usability of the PBAF. The traffic light system relaxed authentication constraints for a significant number of users' attempts which would otherwise be penalized (p<; 0.01). An abuse case scenario was designed to assess the security of the PBAF method against impersonation attack. The number of participants in abuse case scenario was small, however, results demonstrate that participants were able to share both text-based and image-based questions for impersonation attack
Published inProcs 2014 9th Int Conf for Internet Technology and Secured Transactions (ICITST)
RelationsSchool of Computer Science
MetadataShow full item record
Showing items related by title, author, creator and subject.
Woods, Philip (2007)This article emphasises the extent to which conceptions of authenticity are forged through social interaction and socially mediated identities and how, in turn, authentic leadership involves the transformation of the ...
Low, M.R. (University of Hertfordshire, 1993)Most of the methods currently used to protect both users and systems and their objects and servers, involve authentication of principals and access control of these objects and servers. Authentication and access control ...
Xiao, Hannan; Christianson, B.; Zhang, Y. (IEEE, 2008)