2008 | OriginalPaper | Buchkapitel
CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud
verfasst von : D. Nali, P. C. van Oorschot
Erschienen in: Computer Security - ESORICS 2008
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Identity fraud (IDF) may be defined as unauthorized exploitation of credential information through the use of false identity. We propose
CROO
, a universal (i.e. generic) infrastructure and protocol to either prevent IDF (by detecting attempts thereof), or limit its consequences (by identifying cases of previously undetected IDF).
CROO
is a capture resilient one-time password scheme, whereby each user must carry a personal trusted device used to generate one-time passwords (OTPs) verified by online trusted parties. Multiple trusted parties may be used for increased scalability. OTPs can be used regardless of a transaction’s purpose (e.g. user authentication or financial payment), associated credentials, and online or on-site nature; this makes
CROO
a universal scheme. OTPs are not sent in cleartext; they are used as keys to compute MACs of hashed transaction information, in a manner allowing OTP-verifying parties to confirm that given user credentials (i.e. OTP-keyed MACs) correspond to claimed hashed transaction details. Hashing transaction details increases user privacy. Each OTP is generated from a PIN-encrypted non-verifiable key; this makes users’ devices resilient to off-line PIN-guessing attacks.
CROO
’s credentials can be formatted as existing user credentials (e.g. credit cards or driver’s licenses).