Abstract
Online examinations are an integral component of many online learning environments, which face many security challenges. Collusion is seen as a major security threat to such examinations, when a student invites a third party to impersonate or abet in a test. This work aims to strengthen the authentication of students via the use of dynamic profile questions. The study reported in this paper involved 31 online participants from five countries over a five-week period. The results of usability and security analysis are reported. The dynamic profile questions were more usable than both the text-based and image-based questions (p < 0.01). An impersonation abuse scenario was simulated using email and mobile phone. The impersonation attack via email was not successful, however, students were able to share answers to dynamic profile questions with a third party impersonator in real time, which resulted in 93% correct answers. The sharing of information via phone took place in real time during an online test and the response time of an impersonator was significantly different (p < 0.01) than a student. The study also revealed that a response time factor may be implemented to identify and report impersonation attacks.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Watson, G., Sottile, J.: Cheating in the Digital Age: Do Students Cheat More in Online Courses? Online J. Dist. Learn. Adm. 13(1), n1 (2010)
Moini, A., Madni, A.M.: Leveraging Biometrics for User Authentication in Online Learning: A Systems Perspective. IEEE Syst. J. 3(4), 469–76 (2009)
Ullah, A., Xiao, H., Lilley, M.: Profile Based Student Authentication in Online Examination. In: International Conference on Information Society 2012. IEEE, London (2012)
Rabkin, A.: Personal knowledge questions for fallback authentication: Security questions in the era of Facebook. In: SOUPS 2008: Proceedings of the 4th Symposium on Usable Privacy and Security 2008, p. 23. ACM, New York (2008)
Evans, E.D., Craig, D.: Teacher and student perceptions of academic cheating in middle and senior high schools. J. Educ. Res. 84(1), 44–53 (1990)
Apampa, K.M., Wills, G., Argles, D.: User security issues in summative e-assessment security. Int. J. Digit. Soc. (IJDS) 1(2), 1–13 (2010)
Ayodele, T., Shoniregun, C., Akmayeva, G.: Towards E-Learning Security: A Machine Learning Approach. In: International Conference on Information Society (i-Society) 2011, IEEE (2011)
Sonhera, N., Kritzinger, E., Loock, M.: A Proposed Cyber Threat Incident Handling Framework for Schools in South Africa. In: Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference, ACM (2012)
Ullah, A., Xiao, H., Barker, T.: A Classification of Threats to Remote Online Examinations. In: International Conference and Workshop on Computing and Communication (IEMCON) 2016, IEEE (2016)
Kerka, S., Wonacott, M.E.: Assessing Learners Online. Practitioner File, Washington (2000)
Rowe N. C.: Cheating in online student assessment: Beyond plagiarism. Online Journal of Distance Learning Administration VII N2 (2004)
Mcgee, P.: Supporting Academic Honesty in Online Courses. J. Educ. Online 10(1), n1 (2013)
Howell, S., Sorenson, D., Tippets, H.: The news about cheating for distance educators. Faculty Focus Specialty Report [serial on the Internet]. 2010: Available from: http://www.facultyfocus.com/wp-content/uploads/images/promoting-academic-integrity-in-online-edu1.pdf
Paullet, K., Chawdhry, A.A., Douglas, D.M., Pinchot, J.: Assessing Faculty perceptions and techniques to combat academic dishonesty in online courses. In: Proceedings of the EDSIG Conference (2015)
Church, K., De Oliveira, R.: What’s up with whatsapp?: comparing mobile instant messaging behaviors with traditional SMS. In: Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services 2013, ACM (2013)
Oghuma, A.P., Chang, Y., Libaque-Saenz, C.F., Park, M. -C., Rho, J.J.: Benefit-confirmation model for post-adoption behavior of mobile instant messaging applications: A comparative analysis of KakaoTalk and Joyn in Korea. Telecommun. Policy 39(8), 658–77 (2015)
Mccarthy, N.: Whatsapp Reaches One Billion Users. New Jersey: Forbes LLC; 2016 [cited 2016 03/02/2016]; Available from: http://www.forbes.com/sites/niallmccarthy/2016/02/02/whatsapp-reaches-one-billion-users-infographic/#14158bb0520b
Dee, T.S., Jacob, B.A.: Rational ignorance in education: A field experiment in student plagiarism. J. Human Resour. 47(2), 397–434 (2012)
Rogers, C.F.: Faculty perceptions about e-cheating during online testing. J. Comput. Sci. Coll. 22(2), 206–12 (2006)
Manion, T.R., Kim, R.Y., Patiejunas, K.: inventors; Google Patents, assignee. Remote desktop access2014
Barbour, A.: The 10 most inventive cheating attempts on online exams (2014)
Heussner, K.M.: 5 ways online education can keep its students honest. GIGAM Research [serial on the Internet]. 2012: Available from: https://gigaom.com/2012/11/17/5-ways-online-education-can-keep-its-students-honest/
Respondus. Respondus Assessment Tools for Learning Systems. Redmond, WA2016 [01/04/2016]; Available from: https://www.respondus.com/products/lockdown-browser/
Kitahara, R., Westfall, F., Mankelwicz, J.: New, multi-faceted hybrid approaches to ensuring academic integrity. J. Acad. Bus. Ethics 3(1), 1–12 (2011)
Jin, A.T.B., Ling, D.N.C., Goh, A.: Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11), 2245–55 (2004)
Weippl, E.R.: Security in e-learning eLearn. Magazine 2005(3), 3 (2005)
Jortberg, M.A.: Methods to verify the identity of distance learning students. Acxiom; 2009 [cited 2011 01/04/2011]; Available from: http://u.cs.biu.ac.il/ariel/download/de666/resources/dependable_distributed_testing/verify_students.pdf
Hafiz, M.D., Abdullah, A.H., Ithnin, N., Mammi, H.K.: Towards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique. In: 2008 AICMS 08 Second Asia International Conference on Modeling & Simulation, IEEE (2008)
Deo, V., Seidensticker, R.B., Simon, D.R.: inventors; Google Patents, assignee. Authentication system and method for smart card transactions. US1998
Agulla, E.G., Rifón, L. A., Castro, J.L.A., Mateo, C.G.: Is My Student at the Other Side? Applying Biometric Web Authentication to E-Learning Environments. In: Eighth IEEE International Conference on Advanced Learning Technologies, IEEE (2008)
Ko, C.C., Cheng, C.D.: Secure Internet examination system based on video monitoring. Internet Res. 14(1), 48–61 (2004)
Bailie, J.L., Jortberg, M.A.: Online learner authentication: Verifying the identity of online users. Bull.-Board Postings 547, 17 (2009)
Derakhshani, R., Schuckers, S. a. C., Hornak, L.A., O’gorman, L.: Determination of vitality from a non-invasive biomedical measurement for use in fingerprint scanners. Pattern Recogn. 36(2), 383–96 (2003)
Ratha, N.K., Bolle, R.M., Pandit, V.D., Vaish, V.: Robust Fingerprint Authentication Using Local Structural Similarity. In: 2000 Fifth IEEE Workshop on Applications of Computer Vision, IEEE (2000)
Sahoo, S.K., Choubisa, T.: Multimodal Biometric Person Authentication: A Review IETE. Techn. Rev. 29(1), 54 (2012)
Mahmood, N.: Remote Proctoring Software Means Students Can Now Take Exams From Home. Technological News Portal; 2010 [cited 2011 13/07/2011]; Available from: http://thetechjournal.com/science/remote-proctoring-software-means-students-can-now-take-exams-from-home.xhtml
Ullah, A., Xiao, H., Barker, T., Lilley, M.: Evaluating security and usability of profile based challenge questions authentication in online examinations. J. Internet Serv. Appl. 5(1), 2 (2014)
Ullah, A., Xiao, H., Lilley, M., Barker, T.: Usability of Profile Based Student Authentication and Traffic Light System in Online Examination. In: The 7Th International Conference for Internet Technology and Secured Transactions (ICITST). IEEE, London (2012)
Ullah, A., Xiao, H., Lilley, M., Barker, T.: Using Challenge Questions for Student Authentication in Online Examination. Int. J. Infonomics (IJI) 5(3/4), 9 (2012)
Ullah, A.: Security and Usability of Authentication by Challenge Questions in Online Examination (2017)
Ullah, A., Barker, T., Xiao, H.: A focus group study: Usability and security of challenge question authentication in online examinations. In: International Conference on Information Technology and Applications (ICITA); Sydney Australia: Academic Alliance International (2017)
Ullah, A., Xiao, H., Barker, T., Lilley, M.: Graphical and Text Based Challenge Questions for Secure and Usable Authentication in Online Examinations. In: The 9Th International Conference for Internet Technology and Secured Transactions (ICITST). IEEE, London (2014)
Ullah, A., Xiao, H., Barker, T: A study into the usability and security implications of text and image based challenge questions in the context of online examination unpublished (2017)
Corry, M.D., Frick, T.W., Hansen, L.: User-centered design and usability testing of a web site: An illustrative case study. Educ. Technol. Res. Dev. 45(4), 65–76 (1997)
Mcgraw, G.: Software security Security & Privacy. IEEE 2(2), 80–3 (2004)
Bangor, A., Kortum, P., Miller, J.: Determining what individual SUS scores mean: Adding an adjective rating scale. J. Usability Stud. 4(3), 114–23 (2009)
Acknowledgments
A special thank you to those who contributed to this paper: Paul Kirk Business Manager and Jay Beavan, MARS Programmer, School of Postgraduate Medical and Dental Education, Cardiff University for their help and support with the study.
Author information
Authors and Affiliations
Corresponding author
Appendix: Dynamic Profile Questions
Appendix: Dynamic Profile Questions
-
Q.1
which one of the following statement below were written by you?
-
I am currently in second year of Economics Degree
-
I have a degree in Chemistry from Trinity College Dublin, Ireland and pursued a part-time research MSc in Computational Chemistry with Trinity College. 3 publications.
-
I used SQL during the second year of my course a few years ago, along with Java (JDBC)
-
Currently I’m enrolled at the MSc Computer Science course, previously I studied BSC (Hons) in Computers and Electronics at the Northampton University.
-
None of the above
-
-
Q.2
which one of the following statement below were written by you as a course objective
-
I have over seven year experience in the IT sector, I’m currently working as database administrator/programmer
-
I am doing this course as part of my CPD required in my workplace
-
I would like to pursue this course in order to learn more for my field of work and have more knowledge for advancement.
-
I want to do this course because i can work as a freelancer after doing php as i have seen so many projects in Freelancer, Odesk and Elance and i already have some experience of Sql.
-
None of the above
-
-
Q.3
which of the following statement were written in your introduction email?
-
For networking I need to know some of scripting languages and so I want to learn php.
-
I work in a non-IT related field- I am a cook.
-
Have already got the basics in HND for PHP and MySQL but thought this would be a good opportunity to refresh memory and expand on this
-
Recently my employer have introduced software products and web pages written in PHP and using MySQL databases so it will be highly beneficial for my career to familiarize myself with this technologies.
-
None of the above
-
-
Q.4
which one of the following discussion posts were made by you?
-
I just completed the week 1 quiz and all the contents of week 1. I can’t access to week 2, Am I too late for it, or is there any specific reason for it?
-
When I run the page that should execute Hello World. I’m getting an error saying the URL was not found on the server
-
I’ve tried the following: Test after starting of Apache (and MySQL), go to the address http://localhost/ or http://127.0.0.1/ in your browser and examine all of the XAMPP examples and tools. but all I get is a HTTP 404 not found page
-
Did you save the example1.php in your xampp folder correctly? (i.e. make a new folder called myproject in the htdocs folder)
-
None of the above
-
-
Q.5
which one of the following discussion posts were made by you?
-
I have now completed week 1 assignment. Can I have access to week 1 quiz?
-
I have managed to install XAMPP but I cannot connect to MySQL module. I have tried to uninstall and reinstall but nothing is working. I had installed MYSQL database previously.
-
Thanks Mr Abrar but I do not think that is going to be necessary. I have managed to install XAMPP on another computer.
-
Hi Evens, It works for me but it is not is English. AND. Many thanks Chelsea, not a great start but you cracked it.
-
None of the above
-
-
Q.6
which one of the following discussion posts were made by you?
-
I found this too. Googling it, as I understand it what is happening is when the script first runs the $i variable is not initialized, effectively resulting in a null being passed in to the switch statement
-
You have stated that the second example is the same as the first one. So how come you have used quotation marks for the second example?
-
Normally port 443 is used for secure host and accessible using https
-
You nailed it. Perfect. Actually if the port is used by another service, apache won’t start as the port is already taken.
-
None of the above
-
-
Q.7
your score for the week 1 quiz was:
-
Within the 60%-69% range
-
Within the 80%-100% range
-
Within the 40% -59% Range
-
Within the 70%-79% range
-
Less than 40%
-
-
Q.8
which one of the following assignments have you submitted in week 1?
-
Write a PHP program to assign your name to $myname and qualification to $qualification variables and display the output on page with on two separate lines.
-
List examples of logical operators and provide evidence with php programs?
-
Write a php function to compute standard deviation of data array?
-
Write a php program to connect to database using PDO and retrieve data using select statement?
-
None of the above
-
-
Q.9
which one of the following assignments have you submitted in week 1?
-
Write a php program to demonstrate difference between static, private and public class?
-
Write a PHP program to assign any two numbers to two variables and display their sum on screen.
-
Write a php program for traffic lights control
-
Write a php program to submit data using form $_POST and insert into MySQL database?
-
None of the above
-
-
Q.10
which one of the following assignments have you submitted in week 1?
-
Write a PHP program to assign any number to a variable and display the value using pre-decrement operator (–). Check PHP operators for help.
-
Write a PHP program to compute factorial of a number n?
-
Write a PHP program to demonstrate post decrement
-
Write a PHP program to compare pre-increment with post-increment
-
None of the above
-
-
Q.11
which one of the following PHP code belongs to your assignment?
-
while ($minNum < $maxNum){
-
echo ”Perform addition: $a + $b = ”.$addition.””;
-
foreach($data s $dataitem)
-
$sum = $numberone + $numbertwo;
-
None of the above
-
-
Q.12
which one of the following PHP code belongs to your assignment?
-
$a= + +$a;
-
$sum(a + b);
-
$addition = $a + $b;
-
addFunction(10,10);
-
None of the above
-
-
Q.13
your score for the assignment 1 was:
-
Within the 40% -69% Range
-
Within the 70%-79% range
-
Within the 80%-89% range
-
Within the 90%-100% range
-
None of the above
-
-
Q.14
which one of the following reflection posts were made by you?
-
I have learnt to create php classes and objects
-
I have learnt to create my first PHP page and coding, assign variables and the different arithmetic operations.
-
I have learnt to create database connection to backend using PHP in week 6
-
I have learnt email function using php, which is very relevant to my ongoing project
-
None of the above
-
-
Q.15
which one of the following assignments have you submitted in week 2?
-
Write a PHP program to develop gradebook using array
-
Write a PHP program to display your favorite fruit from the given choices: Mango, Orange, Apple, Plum, Cherry, pineapple, kewi using PHP Switch statement.
-
Write a PHP program to display odd number for array list
-
Write a PHP program to sort an array list
-
None of the above
-
-
Q.16
which one of the following assignments have you submitted in week 2?
-
Write a PHP program using an indexed array to store name of cars: Honda, BMW, Toyota, Ford, Audi and Fiat and print them all on screen line by line.
-
Develop a bubble sort program using PHP
-
Develop push and pop functions of stack using PHP program
-
Write a php program to connect to database using PDO and retrieve data using select statement?
-
None of the above
-
-
Q.17
which one of the following PHP code belongs to your assignment 2?
-
print_largest($array);
-
While(NOT $thelargetnumber)
-
function getLarget($array =array());
-
$cars[0]=”Honda”;
-
None of the above
-
-
Q.18
which one of the following PHP code belongs to your assignment 2?
-
echo $cars[0].” ”.$cars[1].” ”.$cars[2].” ”.$cars[3].” ”.$cars[4].” ”.$cars[5];
-
foreach($numbers in $numbersArray())
-
echo $find_favorite_fruite($fruitArray);
-
Do While ($num[0] < $num[1])
-
None of the above
-
Rights and permissions
Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
About this article
Cite this article
Ullah, A., Xiao, H. & Barker, T. A Dynamic Profile Questions Approach to Mitigate Impersonation in Online Examinations. J Grid Computing 17, 209–223 (2019). https://doi.org/10.1007/s10723-018-9442-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10723-018-9442-6