University of Hertfordshire

By the same authors

Graphical and text based challenge questions for secure and usable authentication in online examinations

Research output: Chapter in Book/Report/Conference proceedingConference contribution

View graph of relations
Original languageEnglish
Title of host publicationProcs 2014 9th Int Conf for Internet Technology and Secured Transactions (ICITST)
PublisherIEEE
Pages302-308
Number of pages7
DOIs
Publication statusPublished - Dec 2014
Event9th Int Conf for Internet Technology and Secured Transactions (ICITST) - London, United Kingdom
Duration: 8 Dec 201410 Dec 2014

Conference

Conference9th Int Conf for Internet Technology and Secured Transactions (ICITST)
CountryUnited Kingdom
CityLondon
Period8/12/1410/12/14

Abstract

In traditional online examination environments, physical interaction is often replaced with authentication mechanisms. The absence of face-to-face interaction increases the number of authentication challenges. The authors developed and implemented a Profile Based Authentication Framework (PBAF) with the aim to integrate learning and examination processes for secure online examinations. The PBAF approach utilizes the widely used knowledge-based authentication mechanisms: login identifier and passwords and challenge questions. These approaches are reported with a number of benefits and limitations in term of usability and security. Previous studies suggests that the use of image-based graphical authentication may provide usable and secure solution. This paper presents the findings of an empirical study, utilizing a hybrid approach combining image and text-based challenge questions in a real online learning environment. A traffic light system was implemented to improve usability of the PBAF. The traffic light system relaxed authentication constraints for a significant number of users' attempts which would otherwise be penalized (p<; 0.01). An abuse case scenario was designed to assess the security of the PBAF method against impersonation attack. The number of participants in abuse case scenario was small, however, results demonstrate that participants were able to share both text-based and image-based questions for impersonation attack

ID: 8442092