Hannan Xiao scite author profile

With the growth of Internet and technology in the past decade, online learning has become increasingly popular and evolved. Online examination is an integral and vital component of online learning. Student assessment in online learning is largely submitted remotely without any face-to-face interaction and therefore, student authentication is widely seen as one of the major challenges. This study aims to investigate potential threats to student authentication in the online examinations and analyzing the benefits and limitations of the existing authentication approaches. We propose the use of challenge questions for student authentication in the online examinations. For this purpose, we designed a profile based authentication framework (PBAF) together with a user-id and password for the authentication of students during online examinations, utilizing a cohort of personal and academic questions as challenge questions. We conducted an empirical study on a group of online students from local and overseas Universities. The result shows the impact of questions type on the usability, in particular the amount of time taken by the introduction of the proposed approach. We also conducted a post experiment survey to collect student feedback on the proposed technique.

show abstract

A study into the usability and security implications of text and image based challenge questions in the context of online examination

Ullah

Xiao

Barker

2018

Educ Inf Technol

View full text Add to dashboard Cite

Online examinations are an integral component of online learning environments and research studies have identified academic dishonesty as a critical threat to the credibility of such examinations. Academic dishonesty exists in many forms. Collusion is seen as a major security threat, wherein a student invites a third party for help or to impersonate him or her in an online examination. This work aims to investigate the authentication of students using text-based and image-based challenge questions. The study reported in this paper involved 70 online participants from nine countries completing a five week online course and simulating an abuse case scenario. The results of a usability analysis suggested that i) image-based questions are more usable than text-based questions (p < 0.01) and ii) using a more flexible data entry method increased the usability of text-based questions (p < 0.01). An impersonation abuse scenario was simulated to test the influence of sharing with different database sizes. The findings revealed that iii) an increase in the number of questions shared for impersonation increased the success of an impersonation attack and the results showed a significant linear trend (p < 0.01). However, the number of correct answers decreased when the attacker had to memorize and answer the questions in an invigilated online examination or their response to questions was timed. The study also revealed that iv) Educ Inf Technol (2019) an increase in the size of challenge question database decreased the success of an impersonation attack (p < 0.01).

show abstract

Guarantor and reputation based trust model for Social Internet of Things

Xiao

Sidhu

Christianson

2015

View full text Add to dashboard Cite

A Dynamic Profile Questions Approach to Mitigate Impersonation in Online Examinations

2018

View full text Add to dashboard Cite

Online examinations are an integral component of many online learning environments, which face many security challenges. Collusion is seen as a major security threat to such examinations, when a student invites a third party to impersonate or abet in a test. This work aims to strengthen the authentication of students via the use of dynamic profile questions. The study reported in this paper involved 31 online participants from five countries over a five-week period. The results of usability and security analysis are reported. The dynamic profile questions were more usable than both the text-based and image-based questions (p < 0.01). An impersonation abuse scenario was simulated using email and mobile phone. The impersonation attack via email was not successful, however, students were able to share answers to dynamic profile questions with a third party impersonator in real time, which resulted in 93% correct answers. The sharing of information via phone took place in real time during Abrar Ullah ( ) Llandaff Campus, Cardiff Metropolitan University, Cardiff, CF5 2YB, UK e-mail: aaaullah@cardiffmet.ac.uk Hannan Xiao · Trevor Barker College Lane Campus, University of Hertfordshire, Hatfield, AL10 9AB, UK e-mail: h.xiao@herts.ac.ukTrevor Barker e-mail: t.1.barker@herts.ac.uk an online test and the response time of an impersonator was significantly different (p < 0.01) than a student. The study also revealed that a response time factor may be implemented to identify and report impersonation attacks.

show abstract

A Cloud-Based RFID Authentication Protocol with Insecure Communication Channels

Xiao

Alshehri

Christianson

2016

View full text Add to dashboard Cite

Radio Frequency Identification (RFID) has become a widespread technology to automatically identify objects and with the development of cloud computing, cloud-based RFID systems attract more research these days. Several cloud-based RFID authentication protocols have been proposed to address privacy and security properties in the environment where the cloud provider is untrusted therefore the tag's data are encrypted and anonymously stored in the cloud database. However, most of the cloud-based RFID authentication protocols assume secure communication channels between the reader and the cloud server. To protect data transmission between the reader and the cloud server without any help from a third party, this paper proposes a cloud-based RFID authentication protocol with insecure communication channels (cloud-RAPIC) between the reader and the cloud server. The cloud-RAPIC protocol preserves tag privacy even when the tag does not update its identification. The cloud-RAPIC protocol has been analyzed using the UPriv model and AVISPA verification tool which have proved that the protocol preserves tag privacy and protects data secrecy.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Hannan Xiao

Using Challenge Questions for Student Authentication in Online Examination

A study into the usability and security implications of text and image based challenge questions in the context of online examination

Guarantor and reputation based trust model for Social Internet of Things

A Dynamic Profile Questions Approach to Mitigate Impersonation in Online Examinations

A Cloud-Based RFID Authentication Protocol with Insecure Communication Channels

Contact Info

Product

Resources

About