Graphical and text based challenge questions for secure and usable authentication in online examinations

A. Ullah, Hannan Xiao, T. Barker, M. Lilley

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)


In traditional online examination environments, physical interaction is often replaced with authentication mechanisms. The absence of face-to-face interaction increases the number of authentication challenges. The authors developed and implemented a Profile Based Authentication Framework (PBAF) with the aim to integrate learning and examination processes for secure online examinations. The PBAF approach utilizes the widely used knowledge-based authentication mechanisms: login identifier and passwords and challenge questions. These approaches are reported with a number of benefits and limitations in term of usability and security. Previous studies suggests that the use of image-based graphical authentication may provide usable and secure solution. This paper presents the findings of an empirical study, utilizing a hybrid approach combining image and text-based challenge questions in a real online learning environment. A traffic light system was implemented to improve usability of the PBAF. The traffic light system relaxed authentication constraints for a significant number of users' attempts which would otherwise be penalized (p<; 0.01). An abuse case scenario was designed to assess the security of the PBAF method against impersonation attack. The number of participants in abuse case scenario was small, however, results demonstrate that participants were able to share both text-based and image-based questions for impersonation attack
Original languageEnglish
Title of host publicationProcs 2014 9th Int Conf for Internet Technology and Secured Transactions (ICITST)
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages7
Publication statusPublished - Dec 2014
Event9th Int Conf for Internet Technology and Secured Transactions (ICITST) - London, United Kingdom
Duration: 8 Dec 201410 Dec 2014


Conference9th Int Conf for Internet Technology and Secured Transactions (ICITST)
Country/TerritoryUnited Kingdom


  • authorisation
  • computer graphics
  • knowledge based systems
  • learning (artificial intelligence)
  • PBAF approach
  • face-to-face interaction
  • graphical challenge questions
  • image-based graphical authentication
  • impersonation attack
  • knowledge-based authentication mechanisms
  • login identifier
  • online examination environments
  • online learning environment
  • passwords
  • physical interaction
  • profile based authentication framework
  • secure authentication
  • text based challenge questions
  • traffic light system
  • usable authentication
  • Authentication
  • Educational institutions
  • Image recognition
  • Internet
  • Syntactics
  • Usability
  • Online learning
  • authentication
  • challenge questions
  • examination
  • profile
  • security
  • usability


Dive into the research topics of 'Graphical and text based challenge questions for secure and usable authentication in online examinations'. Together they form a unique fingerprint.

Cite this