Evaluating Security and Usability of Profile Based Challenge Questions Authentication in Online Examinations

© 2014 Ullah et al.; licensee Springer. This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly credited.Student authentication in online learning environments is an increasingly challenging issue due to the inherent absence of physical interaction with online users and potential security threats to online examinations. This study is part of ongoing research on student authentication in online examinations evaluating the potential benefits of using challenge questions. The authors developed a Profile Based Authentication Framework (PBAF), which utilises challenge questions for students’ authentication in online examinations. This paper examines the findings of an empirical study in which 23 participants used the PBAF including an abuse case security analysis of the PBAF approach. The overall usability analysis suggests that the PBAF is efficient, effective and usable. However, specific questions need replacement with suitable alternatives due to usability challenges. The results of the current research study suggest that memorability, clarity of questions, syntactic variation and question relevance can cause usability issues leading to authentication failure. A configurable traffic light system was designed and implemented to improve the usability of challenge questions. The security analysis indicates that the PBAF is resistant to informed guessing in general, however, specific questions were identified with security issues. The security analysis identifies challenge questions with potential risks of informed guessing by friends and colleagues. The study was performed with a small number of participants in a simulation online course and the results need to be verified in a real educational context on a larger sample sizePeer reviewedFinal Published versio

Privacy and Usability of Image and Text Based Challenge Questions Authentication in Online Examination

In many online examinations, physical invigilation is often replaced with traditional authentication approaches for student identification. Secure and usable authentication approaches are important for high stake online examinations. A Profile Based Authentication Framework (PBAF) was developed and implemented in a real online learning course embedded with summative online examination. Based on users’ experience of using the PBAF in an online course, online questionnaires were used to collect participants' feedback on effectiveness, layout and appearance, user satisfaction, distraction and privacy concerns. Based on overall findings of the quantitative analysis, there was a positive feedback on the use of a hybrid approach utilizing image and text based challenge questions for better usability. However, the number of questions presented during learning and examination processes were reported to be too many and caused distraction. Participants expressed a degree of concern on sharing personal and academic information with little or no privacy concern on using favorite question

A Multi-factor Authentication Method for Security of Online Examinations

Security of online examinations is the key to success of remote online learning. However, it faces many conventional and non-conventional security threats. Impersonation and abetting are rising non-conventional security threats, when a student invites a third party to impersonate or abet in a remote exam. This work proposed dynamic profile questions authentication to identify that the person taking an online test is the same who completed the course work. This is combined with remote proctoring to prevent students from taking help from a third party during exam. This research simulated impersonation and abetting attacks in remote online course and laboratory based control simulation to analyse the impact of dynamic profile questions and proctoring. The study also evaluated effectiveness of the proposed method. The findings indicate that dynamic profile questions are highly effective. The security analysis shows that impersonation attack was not successful

Pengaruh Aspek Pedagogis dan Interaksi Sistem pada Penilaian Usabilitas Sistem E-Learning

Penelitian ini bertujuan untuk melihat pengaruh faktor pedagogis maupun interaksi sistem pada penilaian usabilitas sistem e-learning. Pendekatan pada penilaian sistem e-learning, yang selama ini terbelah antara bertumpu pada satu faktor, atau berupaya menggabungkan keduanya tanpa membedakan kekhasan karakteristiknya. Upaya unifikasi tanpa membedakan karakter tersebut akan menyulitkan perumusan tindak lanjut hasil penilain yang dilakukan, sebab tindak lanjut pasca penilaian memiliki perbedaan pada kedua jenis faktor tersebut. Faktor-faktor pedagogis maupun usabilitas sistem mungkin berpengaruh, diperoleh dari hasil studi literatur pada penelitian-penelitian sebelumnya. Pengujian terhadap faktor-faktor tersebut dilakukan dengan melakukan survei kepada para pengguna sistem VCLASS di Universitas Indo Global Mandiri (UIGM). Selain diharapkan mendapatkan faktor-faktor yang diperlukan dalam penyusunan kerangka penilaian usabilitas sistem e-learning, penelitian ini juga dapat memberikan kontribusi terhadap penyempurnaan sistem VCLASS UIGM

Exploring the influence of facial verification software on student academic performance in online learning environments

In spite of the advances in technology in the e-learning field during the last decades, there is still a gap of software and tools that actually improve the assessment of this kind of education by preventing students from cheating when they perform their activities online. Currently, most learning management systems do not offer enough tools or characteristics to check that students are who they assure when they carry out their exercises or online tests. Facial verification software can be considered an interesting tool to answer this need. This facial software helps to verify the identity of the students when they perform their activities, with the intention of confirming whether they are who they claim to be. However, its use could modify the academic results of the students due to psychological factors (e.g. they could feel spied, ashamed or too controlled). The aim of this article is to investigate whether the utilization of facial verification software can modify the academic performance of students in their online activities. In this work, the grades of 70 master students were analyzed and the conclusions pointed out that the academic performance obtained by the students is similar for both groups: those who have used facial authentication and those who did not use it

Cybersecurity of Online Proctoring Systems

The online proctored examinations are adopted exceedingly in all forms of academic education and professional training. AI with Machine Learning technology take the leading role in supporting authentication, authorization, and operational control of proctored online examination. The paper discusses how administrative, physical, and technical controls can help mitigate related cybersecurity vulnerabilities of online proctoring systems (OPS). The paper considers two classes of OPS: fully automated AI-enabled systems and hybrid systems (automated AI-enabled with an expert live proctor in control). Based on the review of 20 online proctoring systems, the paper discusses methods and techniques of multi-factor authentication and authorizations, including the use of challenge-response, biometrics (face and voice recognition), and blockchain technology. The discussion of operational controls includes the use of lockdown browsers, webcam detection of behavioral signs of fraud, endpoint security, VPN and VM, screen-sharing and keyboard listening programs, technical controls to mitigate the absence of spatial (physical area) controls, compliance with regulations (GDPR), etc. Other topics discussed include confidentiality of the exam content, logging of control data, video and sound recording for auditing, limitations of endpoint-based security protection and detection techniques of behavior-based cheating and the effect of new intrusive technology on students’ privacy. In conclusion, the paper lists advanced features of online proctoring systems

Security and Usability of Authentication by Challenge Questions in Online Examination

Online examinations are an integral component of many online learning environments and a high-stake process for students, teachers and educational institutions. They are the target of many security threats, including intrusion by hackers and collusion. Collu-sion happens when a student invites a third party to impersonate him/her in an online test, or to abet with the exam questions. This research proposed a profile-based chal-lenge question approach to create and consolidate a student’s profile during the learning process, to be used for authentication in the examination process. The pro-posed method was investigated in six research studies using a usability test method and a risk-based security assessment method, in order to investigate usability attributes and security threats. The findings of the studies revealed that text-based questions are prone to usability issues such as ambiguity, syntactic variation, and spelling mistakes. The results of a usability analysis suggested that image-based questions are more usable than text-based questions (p < 0.01). The findings identified that dynamic profile questions are more efficient and effective than text-based and image-based questions (p < 0.01). Since text-based questions are associated with an individual’s personal information, they are prone to being shared with impersonators. An increase in the numbers of chal-lenge questions being shared showed a significant linear trend (p < 0.01) and increased the success of an impersonation attack. An increase in the database size decreased the success of an impersonation attack with a significant linear trend (p < 0.01). The security analysis of dynamic profile questions revealed that an impersonation attack was not successful when a student shared credentials using email asynchronously. However, a similar attack was successful when a student and impersonator shared information in real time using mobile phones. The response time in this attack was significantly different when a genuine student responded to his challenge questions (p < 0.01). The security analysis revealed that the use of dynamic profile questions in a proctored exam can influence impersonation and abetting. This view was supported by online programme tutors in a focus group study