Sciweavers

ESORICS
2008
Springer

CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud

14 years 2 months ago
CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud
Abstract. Identity fraud (IDF) may be defined as unauthorized exploitation of credential information through the use of false identity. We propose CROO, a universal (i.e. generic) infrastructure and protocol to either prevent IDF (by detecting attempts thereof), or limit its consequences (by identifying cases of previously undetected IDF). CROO is a capture resilient one-time password scheme, whereby each user must carry a personal trusted device used to generate one-time passwords (OTPs) verified by online trusted parties. Multiple trusted parties may be used for increased scalability. OTPs can be used regardless of a transaction's purpose (e.g. user authentication or financial payment), associated credentials, and online or on-site nature; this makes CROO a universal scheme. OTPs are not sent in cleartext; they are used as keys to compute MACs of hashed transaction information, in a manner allowing OTP-verifying parties to confirm that given user credentials (i.e. OTPkeyed MACs)...
D. Nali, Paul C. van Oorschot
Added 19 Oct 2010
Updated 19 Oct 2010
Type Conference
Year 2008
Where ESORICS
Authors D. Nali, Paul C. van Oorschot
Comments (0)