Security and Usability of Authentication by Challenge Questions in Online Examination
Online examinations are an integral component of many online learning environments and a high-stake process for students, teachers and educational institutions. They are the target of many security threats, including intrusion by hackers and collusion. Collu-sion happens when a student invites a third party to impersonate him/her in an online test, or to abet with the exam questions. This research proposed a profile-based chal-lenge question approach to create and consolidate a student’s profile during the learning process, to be used for authentication in the examination process. The pro-posed method was investigated in six research studies using a usability test method and a risk-based security assessment method, in order to investigate usability attributes and security threats. The findings of the studies revealed that text-based questions are prone to usability issues such as ambiguity, syntactic variation, and spelling mistakes. The results of a usability analysis suggested that image-based questions are more usable than text-based questions (p < 0.01). The findings identified that dynamic profile questions are more efficient and effective than text-based and image-based questions (p < 0.01). Since text-based questions are associated with an individual’s personal information, they are prone to being shared with impersonators. An increase in the numbers of chal-lenge questions being shared showed a significant linear trend (p < 0.01) and increased the success of an impersonation attack. An increase in the database size decreased the success of an impersonation attack with a significant linear trend (p < 0.01). The security analysis of dynamic profile questions revealed that an impersonation attack was not successful when a student shared credentials using email asynchronously. However, a similar attack was successful when a student and impersonator shared information in real time using mobile phones. The response time in this attack was significantly different when a genuine student responded to his challenge questions (p < 0.01). The security analysis revealed that the use of dynamic profile questions in a proctored exam can influence impersonation and abetting. This view was supported by online programme tutors in a focus group study.
MetadataShow full item record
Showing items related by title, author, creator and subject.
Payne, Helen (2001)
'But is it a question worth asking?' : A reflective case study describing how public involvement can lead to researchers' ideas being abandoned Boote, Jonathan; Dalgleish, Mary; Freeman, Janet; Jones, Zena; Miles, Marianne; Rodgers, Helen (2014-06)Background It is good practice for the public to be involved in developing research ideas into grant applications. Some positive accounts of this process have been published, but little is known about when their reactions ...
Hamilton, Marina (Longman, 2011)This is an essential revision book for every law student. Law Express Question and Answer: Criminal Law is written to aid students with improving every answer they submit by bettering their understanding of what examiners ...