A study into the usability and security implications of text and image based challenge questions in the context of online examination

Ullah, Abrar; Xiao, Hannan; Barker, Trevor

doi:10.1007/s10639-018-9758-7

Cited by 32 publications

(38 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…3), memorability, usability, performance, and cost. Previous researches focus on the memorability and usability [16,17] that differs the Fig. 3 includes other collective techniques performance and cost.…”

Section: A Knowledge-based Authentication (Kba)mentioning

confidence: 99%

See 1 more Smart Citation

Knowledge based Authentication Techniques and Challenges

Alhakami¹,

ShouqAlhrbi²

2020

IJACSA

View full text Add to dashboard Cite

Knowledge-based Authentication (KBA) is an authentication approach, which verifying the user identity when accessing services such as finical websites. KBA requests specific information to prove personal identity of the owner. This paper discusses the challenges that are faced by KBA techniques. Memorability is the main obstacle in KBA since the users trying to utilize simple passwords or unify the passwords in various services, a step that cause problems and issues with compliance with security policies. Furthermore, the technique of mixing username/password is considered as another important challenge of KBA due to the recall-based authentication. This discussion includes a comparative analysis of KBA's techniques based on trade-off criteria to support making of decision. This study's results can support organizations in the recommendations process of a suitable KBA technique for organizations.

show abstract

Section: A Knowledge-based Authentication (Kba)mentioning

confidence: 99%

“…According to the literature, KBA was identified as the approach used to combine some challenges (i.e. questions) to verify claimed users where the answers of these challenges came from their knowledge [16].…”

Section: Introductionmentioning

confidence: 99%

Knowledge based Authentication Techniques and Challenges

Alhakami¹,

ShouqAlhrbi²

2020

IJACSA

View full text Add to dashboard Cite

show abstract

“…• A study [43] by authors identified that an increase in the number of questions shared, increased the success of an impersonation attack. Also, an increase in the profile (database) size decreased the success of an impersonation attack.…”

Section: Previous Researchmentioning

confidence: 99%

A Dynamic Profile Questions Approach to Mitigate Impersonation in Online Examinations

2018

Self Cite

View full text Add to dashboard Cite

Online examinations are an integral component of many online learning environments, which face many security challenges. Collusion is seen as a major security threat to such examinations, when a student invites a third party to impersonate or abet in a test. This work aims to strengthen the authentication of students via the use of dynamic profile questions. The study reported in this paper involved 31 online participants from five countries over a five-week period. The results of usability and security analysis are reported. The dynamic profile questions were more usable than both the text-based and image-based questions (p < 0.01). An impersonation abuse scenario was simulated using email and mobile phone. The impersonation attack via email was not successful, however, students were able to share answers to dynamic profile questions with a third party impersonator in real time, which resulted in 93% correct answers. The sharing of information via phone took place in real time during Abrar Ullah ( ) Llandaff Campus, Cardiff Metropolitan University, Cardiff, CF5 2YB, UK e-mail: aaaullah@cardiffmet.ac.uk Hannan Xiao · Trevor Barker College Lane Campus, University of Hertfordshire, Hatfield, AL10 9AB, UK e-mail: h.xiao@herts.ac.ukTrevor Barker e-mail: t.1.barker@herts.ac.uk an online test and the response time of an impersonator was significantly different (p < 0.01) than a student. The study also revealed that a response time factor may be implemented to identify and report impersonation attacks.

show abstract

“…In another such episode, a renowned company Dunkin' Donuts faced a data breach on January 17, 2019, for another time in almost three months when hackers gained access to their customer's accounts through credential stuffing attacks [2]. On April 17, 2019 private data of about 100 million Just Dial end users was found undefended on openly available servers [3]. These reports of data breach are alarm bells that signal for prompt solutions and organizations cannot wait for more instances to happen.…”

Section: Introductionmentioning

confidence: 99%

“…Though significant efforts have been made to ensure security by the researchers and industry professionals, all the suggested steps are in the later stages of the development of a web application. This is one of the major flaws which render the web applications vulnerable and results in data breaches [3], [4]. The security estimation needs to be done at the initial stages of web application development.…”

Section: Introductionmentioning

confidence: 99%

A Knowledge-Based Integrated System of Hesitant Fuzzy Set, AHP and TOPSIS for Evaluating Security-Durability of Web Applications

et al. 2020

View full text Add to dashboard Cite

There has been a phenomenal increase in the use of web applications in every facet of human endeavor. From education, healthcare, banking, business to governance and so much more now depends on secure web applications. This accelerated growth in the use of web applications has led to increase in the complexity of security and hence the present day developers have to contribute more significantly towards meeting the users' requirements. However, the high security of web application is not yet efficacious enough because the durability of web application is not as much as it should be. In this context, it is important to consider that ensuring sustainability of security at the early stage of web application development process may reduce costs and rework entailed during the development of secure and durable web applications. Hence, there is a need to focus on increasing the lifespan of a secure web application. Quantitative estimation of security-durability plays a significant role for improving the lifespan of a secure web application. Thus, to optimize the security assurance effort for a specific lifespan , this paper is aimed at estimating the securitydurability of web application. For estimating security-durability, this paper uses a hybrid approach of Hesitant Fuzzy (HF) sets, Analytic Hierarchy Process (AHP) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) techniques. The effectiveness of the combined approach of HF-AHP-TOPSIS is tested for its accuracy in a web application for an academic institution, Babasaheb Bhimrao Ambedkar University in India. To check the sensitivity of outcomes, authors of the paper have taken altered forms of the University's web application. The result established contains the security-durability assessment. This work seeks to be an important contribution in enhancing the security-durability and would be beneficial for experts who are working in this domain.

show abstract

A study into the usability and security implications of text and image based challenge questions in the context of online examination

Cited by 32 publications

References 26 publications

Knowledge based Authentication Techniques and Challenges

Knowledge based Authentication Techniques and Challenges

A Dynamic Profile Questions Approach to Mitigate Impersonation in Online Examinations

A Knowledge-Based Integrated System of Hesitant Fuzzy Set, AHP and TOPSIS for Evaluating Security-Durability of Web Applications

Contact Info

Product

Resources

About