Biohashing: two factor authentication featuring fingerprint data and tokenised random number

Online examinations are an integral component of online learning environments and research studies have identified academic dishonesty as a critical threat to the credibility of such examinations. Academic dishonesty exists in many forms. Collusion is seen as a major security threat, wherein a student invites a third party for help or to impersonate him or her in an online examination. This work aims to investigate the authentication of students using text-based and image-based challenge questions. The study reported in this paper involved 70 online participants from nine countries completing a five week online course and simulating an abuse case scenario. The results of a usability analysis suggested that i) image-based questions are more usable than text-based questions (p < 0.01) and ii) using a more flexible data entry method increased the usability of text-based questions (p < 0.01). An impersonation abuse scenario was simulated to test the influence of sharing with different database sizes. The findings revealed that iii) an increase in the number of questions shared for impersonation increased the success of an impersonation attack and the results showed a significant linear trend (p < 0.01). However, the number of correct answers decreased when the attacker had to memorize and answer the questions in an invigilated online examination or their response to questions was timed. The study also revealed that iv) Educ Inf Technol (2019) an increase in the size of challenge question database decreased the success of an impersonation attack (p < 0.01).

show abstract

“…a smart card and Bwhat you are^e.g. biometrics (Jin et al 2004). These methods are driven by knowledge, objects and human characteristics.…”

Section: Authentication Approachesmentioning

confidence: 99%

A study into the usability and security implications of text and image based challenge questions in the context of online examination

2018

View full text Add to dashboard Cite

show abstract

“…a smart card and "what you are" e.g. biometrics [25]. These methods are driven by knowledge, objects and human characteristics.…”

Section: Authentication Approachesmentioning

confidence: 99%

A Dynamic Profile Questions Approach to Mitigate Impersonation in Online Examinations

2018

View full text Add to dashboard Cite

Online examinations are an integral component of many online learning environments, which face many security challenges. Collusion is seen as a major security threat to such examinations, when a student invites a third party to impersonate or abet in a test. This work aims to strengthen the authentication of students via the use of dynamic profile questions. The study reported in this paper involved 31 online participants from five countries over a five-week period. The results of usability and security analysis are reported. The dynamic profile questions were more usable than both the text-based and image-based questions (p < 0.01). An impersonation abuse scenario was simulated using email and mobile phone. The impersonation attack via email was not successful, however, students were able to share answers to dynamic profile questions with a third party impersonator in real time, which resulted in 93% correct answers. The sharing of information via phone took place in real time during Abrar Ullah ( ) Llandaff Campus, Cardiff Metropolitan University, Cardiff, CF5 2YB, UK e-mail: aaaullah@cardiffmet.ac.uk Hannan Xiao · Trevor Barker College Lane Campus, University of Hertfordshire, Hatfield, AL10 9AB, UK e-mail: h.xiao@herts.ac.ukTrevor Barker e-mail: t.1.barker@herts.ac.uk an online test and the response time of an impersonator was significantly different (p < 0.01) than a student. The study also revealed that a response time factor may be implemented to identify and report impersonation attacks.

show abstract

“…In biometric encryption, described in [3],a correlation filter is used to extract features from biometric samples and subsequently both the features and the filter is multiplied with a noise value, providing a masked reference before embedding a random key (the pseudo identity) in the reference using a lookup table. Similarly, in the bio-hashing algorithm by Roberge et al [4], features are derived using an integrated wavelet and Fourier-Mellintransform framework (WFMT) before the inner product of the feature and a sequence of orthogonal random patterns are calculated and binarized. The resulting bit string constitutes the pseudo identity of the subject.…”

Section: Template Protection Scheme Surveymentioning

confidence: 99%

Multitier Biometric Template Security Using Cryptographic Salts and Personal Image Identification

Khandelwal

Gupta

2014

ELCVIA

View full text Add to dashboard Cite

Security of biometric template is the most challenging aspect of biometric identification system.Storing the biometric template in the database increases the chance of compromising it which may lead to serious threat and misuse of the individual identity. This paper proposes a novel and computationally simpler approach to store a biometric sample in the form of template by using cryptographic salts. Use of Personal Image Identification (PII) makes the proposed algorithm more robust and adds another tier of security. The saltcrypted templates are created and stored instead of storing the actual biometric sample.The algorithm has been analytically proved computationally simple compared to the existing template security mechanisms. The structure of saltcrypted template is entirely dependent on user interaction through PII. Actual template is not stored at any point of time which adds new dimension to the security and hence to individual identity. The accuracy of the proposed method is equally good as the recent methods with less computational complexity.

show abstract

Biohashing: two factor authentication featuring fingerprint data and tokenised random number

Cited by 625 publications

References 5 publications

A study into the usability and security implications of text and image based challenge questions in the context of online examination

A study into the usability and security implications of text and image based challenge questions in the context of online examination

A Dynamic Profile Questions Approach to Mitigate Impersonation in Online Examinations

Multitier Biometric Template Security Using Cryptographic Salts and Personal Image Identification

Contact Info

Product

Resources

About