Abrar Ullah

Evaluating security and usability of profile based challenge questions authentication in online examinations

Student authentication in online learning environments is an increasingly challenging issue due to the inherent absence of physical interaction with online users and potential security threats to online examinations. This study is part of ongoing research on student authentication in online examinations evaluating the potential benefits of using challenge questions. The authors developed a Profile Based Authentication Framework (PBAF), which utilises challenge questions for students’ authentication in online examinations. This paper examines the findings of an empirical study in which 23 participants used the PBAF including an abuse case security analysis of the PBAF approach. The overall usability analysis suggests that the PBAF is efficient, effective and usable. However, specific questions need replacement with suitable alternatives due to usability challenges. The results of the current research study suggest that memorability, clarity of questions, syntactic variation and question relevance can cause usability issues leading to authentication failure. A configurable traffic light system was designed and implemented to improve the usability of challenge questions. The security analysis indicates that the PBAF is resistant to informed guessing in general, however, specific questions were identified with security issues. The security analysis identifies challenge questions with potential risks of informed guessing by friends and colleagues. The study was performed with a small number of participants in a simulation online course and the results need to be verified in a real educational context on a larger sample size.

A classification of threats to remote online examinations

Summative online examinations is a high stake process which faces many security threats. The lack of face-to-face interaction, monitoring or invigilation motivates many threats, which includes intrusion by hackers and collusion by students. This paper is based on a survey of literature to present a threat classification using security abuse case scenarios. Collusion is one of the challenging threats, when a student invites a third party collaborator to impersonate or aid him/her in an online test. While mitigation of all types of threats is important, the risk of collusion is increasingly challenging because it is difficult to detect such attacks.

Intelligent e-learning repository system for sharing learning resources

The proliferation of Internet and technology triggered exponential growth in adoption of e-learning by many organizations worldwide. E-learning offers many benefits including ease of access, availability, re-usability and rich learning resources. With advances is technology, learning methods and objects have evolved from conventional text based content to multimedia and interactive knowledge objects. Learning objects can be useful for tutors and learners, however, there are some limitation to sharing of learning objects across many platforms to benefit respective learners. Learning objects are confined to resource owners and organizations. This study is part of an ongoing research to design a Unified E-learning Repository System (ULRS) for sharing learning objects from a centralized repository to benefit learners across many e-learning platforms. The authors have presented design of ULRS framework.

A Dynamic Profile Questions Approach to Mitigate Impersonation in Online Examinations

Online examinations are an integral component of many online learning environments, which face many security challenges. Collusion is seen as a major security threat to such examinations, when a student invites a third party to impersonate or abet in a test. This work aims to strengthen the authentication of students via the use of dynamic profile questions. The study reported in this paper involved 31 online participants from five countries over a five-week period. The results of usability and security analysis are reported. The dynamic profile questions were more usable than both the text-based and image-based questions (p < 0.01). An impersonation abuse scenario was simulated using email and mobile phone. The impersonation attack via email was not successful, however, students were able to share answers to dynamic profile questions with a third party impersonator in real time, which resulted in 93% correct answers. The sharing of information via phone took place in real time during an online test and the response time of an impersonator was significantly different (p < 0.01) than a student. The study also revealed that a response time factor may be implemented to identify and report impersonation attacks.

A study into the usability and security implications of text and image based challenge questions in the context of online examination

Online examinations are an integral component of online learning environments and research studies have identified academic dishonesty as a critical threat to the credibility of such examinations. Academic dishonesty exists in many forms. Collusion is seen as a major security threat, wherein a student invites a third party for help or to impersonate him or her in an online examination. This work aims to investigate the authentication of students using text-based and image-based challenge questions. The study reported in this paper involved 70 online participants from nine countries completing a five week online course and simulating an abuse case scenario. The results of a usability analysis suggested that i) image-based questions are more usable than text-based questions (p < 0.01) and ii) using a more flexible data entry method increased the usability of text-based questions (p < 0.01). An impersonation abuse scenario was simulated to test the influence of sharing with different database sizes. The findings revealed that iii) an increase in the number of questions shared for impersonation increased the success of an impersonation attack and the results showed a significant linear trend (p < 0.01). However, the number of correct answers decreased when the attacker had to memorize and answer the questions in an invigilated online examination or their response to questions was timed. The study also revealed that iv) an increase in the size of challenge question database decreased the success of an impersonation attack (p < 0.01).

Usability of Activity-Based and Image-Based Challenge Questions in Online Student Authentication

There has been a renewed interest in secure authentication of students in online examinations. Online examinations are important and high stake assets in the context of remote online learning. The logistical challenges and absence of live invigilation in remote un-supervised online examination makes the identification and authentication process extremely difficult. The authors implemented pre-defined text-based challenge questions for student authentication in online examination using a Profile Based Authentication Framework PBAF approach. The pre-defined questions require students to register their answers, which causes distraction and usability challenges. In this study, a non-invasive activity-based learning journey questions approach was implemented combined with the image-based questions, using the PBAF approach. Findings of the study shows significant difference in the efficiency of activity-based and image-based questions during the learning process pi¾ź i¾ź0.01. There was a significant difference in the accuracy of activity-based questions and activity-date questions pi¾ź