CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud

13 years 6 months ago

Download www.ccsl.carleton.ca

Abstract. Identity fraud (IDF) may be defined as unauthorized exploitation of credential information through the use of false identity. We propose CROO, a universal (i.e. generic) infrastructure and protocol to either prevent IDF (by detecting attempts thereof), or limit its consequences (by identifying cases of previously undetected IDF). CROO is a capture resilient one-time password scheme, whereby each user must carry a personal trusted device used to generate one-time passwords (OTPs) verified by online trusted parties. Multiple trusted parties may be used for increased scalability. OTPs can be used regardless of a transaction's purpose (e.g. user authentication or financial payment), associated credentials, and online or on-site nature; this makes CROO a universal scheme. OTPs are not sent in cleartext; they are used as keys to compute MACs of hashed transaction information, in a manner allowing OTP-verifying parties to confirm that given user credentials (i.e. OTPkeyed MACs)...

D. Nali, Paul C. van Oorschot

Real-time Traffic

ESORICS 2008 | One-time Passwords | Security Privacy | Transaction Details | User Credentials |

claim paper

Post Info
More Details (n/a)

Added	19 Oct 2010
Updated	19 Oct 2010
Type	Conference
Year	2008
Where	ESORICS
Authors	D. Nali, Paul C. van Oorschot

Comments (0)

Sciweavers

CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud

ESORICS 2008 | One-time Passwords | Security Privacy | Transaction Details | User Credentials |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers