Graphical and text based challenge questions for secure and usable authentication in online examinations

In traditional online examination environments, physical interaction is often replaced with authentication mechanisms. The absence of face-to-face interaction increases the number of authentication challenges. The authors developed and implemented a Profile Based Authentication Framework (PBAF) with the aim to integrate learning and examination processes for secure online examinations. The PBAF approach utilizes the widely used knowledge-based authentication mechanisms: login identifier and passwords and challenge questions. These approaches are reported with a number of benefits and limitations in term of usability and security. Previous studies suggests that the use of image-based graphical authentication may provide usable and secure solution. This paper presents the findings of an empirical study, utilizing a hybrid approach combining image and text-based challenge questions in a real online learning environment. A traffic light system was implemented to improve usability of the PBAF. The traffic light system relaxed authentication constraints for a significant number of users' attempts which would otherwise be penalized (p<; 0.01). An abuse case scenario was designed to assess the security of the PBAF method against impersonation attack. The number of participants in abuse case scenario was small, however, results demonstrate that participants were able to share both text-based and image-based questions for impersonation attack.

[1]  Nasir D. Memon,et al.  Authentication using graphical passwords: effects of tolerance and image choice , 2005, SOUPS '05.

[2]  Serge Egelman,et al.  It's No Secret. Measuring the Security and Reliability of Authentication via “Secret” Questions , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[3]  Hannan Xiao,et al.  Using Challenge Questions for Student Authentication in Online Examination , 2012 .

[4]  Hannan Xiao,et al.  Privacy and usability of image and text based challenge questions authentication in online examination , 2014, 2014 International Conference on Education Technologies and Computers (ICETC).

[5]  Hannan Xiao,et al.  Profile based student authentication in online examination , 2012, International Conference on Information Society (i-Society 2012).

[6]  Robert W. Reeder,et al.  1 + 1 = you: measuring the comprehensibility of metaphors for configuring backup authentication , 2009, SOUPS.

[7]  乔安娜·L·扬森,et al.  Authentication system and method , 2000 .

[8]  Hannan Xiao,et al.  Usability of profile based student authentication and traffic light system in online examinations , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[9]  Mike Just Designing Secure Yet Usable Credential Recovery Systems With Challenge Questions , 2003 .

[10]  P S Brooke Student ethics. , 1993, Deans Notes.

[11]  Selçuk Karaman,et al.  Examining the Effects of Flexible Online Exams on Students' Engagement in E-Learning. , 2011 .

[12]  Jiang Huiping,et al.  Strong password authentication protocols , 2010, 2010 4th International Conference on Distance Learning and Education.

[13]  R. Shepard Recognition memory for words, sentences, and pictures , 1967 .

[14]  V. S. Reed,et al.  Pictorial superiority effect. , 1976, Journal of experimental psychology. Human learning and memory.

[15]  Ray A. Perlner,et al.  Electronic Authentication Guideline , 2014 .

[16]  Liviu Iftode,et al.  Building robust authentication systems with activity-based personal questions , 2009, SafeConfig '09.

[17]  Mike Just,et al.  Designing and evaluating challenge-question systems , 2004, IEEE Security & Privacy Magazine.

[18]  Arjun Jaiswal,et al.  Graphical Password Authentication using Cued Click Points , 2014 .

[19]  Ariel Rabkin,et al.  Personal knowledge questions for fallback authentication: security questions in the era of Facebook , 2008, SOUPS '08.

[20]  Nicolas Christin,et al.  Security through a different kind of obscurity: evaluating distortion in graphical authentication schemes , 2011, CHI.

[21]  Ray A. Perlner,et al.  Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology (Special Publication 800-63-1) , 2012 .

[22]  Hannan Xiao,et al.  Evaluating security and usability of profile based challenge questions authentication in online examinations , 2014, Journal of Internet Services and Applications.

[23]  Mike Just,et al.  On the security and usability of dual credential authentication in UK online banking , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[24]  J. L. Colwell,et al.  Student Ethics in Online Courses , 2005, Proceedings Frontiers in Education 35th Annual Conference.

[25]  Markus Jakobsson,et al.  Messin' with Texas Deriving Mother's Maiden Names Using Public Records , 2005, ACNS.