Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Enterprise strength security on a JXTA P2P network

Abstract: Summary form only given. When one begins to think about security and P2P networks, and in particular, ad-hoc P2P networks with no real centralization, there are potentially billions of peer nodes, all possibly vulnerable to attack in a multitude of ways: Impersonation attacks and thus identity theft by unauthorized or falsely authorized parties; Invasion of privacy and all that that carries with it; Loss of data integrity; We imagine the equivalent of antimatter, a complete negation of the fundamental principles of security, or the antisecure net. Those among us with a strong interest in the secure net, and making P2P not only an accepted but preferred way of both doing business in the enterprise as well as protecting the personal privacy of the innocent users of P2P software require a toolbox with sockets, and a socket wrench that is capable of applying the torque that is appropriate to each scenario we wish to secure. It is easy enough for each peer node to be its own certificate authority, create its own root and service certificates, distribute the root certificate out-of-band or in some cases inband, different sockets for different scenarios, and then use transport layer security to insure two way authorization and privacy. Another socket that can be used by small communities of peers to assure that the public keys that they distribute can be trusted with some degree of certainty based on the reputation of the signers. Finally, without actually using a recognized CA, one can apply even more torque to tighten the security on a P2P network. Select one or more well protected and trusted systems, and give to them certificate-granting authority. These systems are unlike standard CAs in the sense that they are peers in the P2P Network. To acquire a certificate the peer must be authorized perhaps by using an LDAP directory with a recognized protected password. Here, the CA can also use a secure connection to a corporate LDAP service to authorize requesting peers. In the end, each of the above scenarios, each socket in our mythical toolbox, is a not so mythical. This is how Project JXTA approaches security, and what we will discuss in this keynote presentation.

CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud

Abstract: Identity fraud (IDF) may be defined as unauthorized exploitation of credential information through the use of false identity. We propose CROO , a universal (i.e. generic) infrastructure and protocol to either prevent IDF (by detecting attempts thereof), or limit its consequences (by identifying cases of previously undetected IDF). CROO is a capture resilient one-time password scheme, whereby each user must carry a personal trusted device used to generate one-time passwords (OTPs) verified by online trusted parties. Multiple trusted parties may be used for increased scalability. OTPs can be used regardless of a transaction's purpose (e.g. user authentication or financial payment), associated credentials, and online or on-site nature; this makes CROO a universal scheme. OTPs are not sent in cleartext; they are used as keys to compute MACs of hashed transaction information, in a manner allowing OTP-verifying parties to confirm that given user credentials (i.e. OTP-keyed MACs) correspond to claimed hashed transaction details. Hashing transaction details increases user privacy. Each OTP is generated from a PIN-encrypted non-verifiable key; this makes users' devices resilient to off-line PIN-guessing attacks. CROO 's credentials can be formatted as existing user credentials (e.g. credit cards or driver's licenses).

Investigating identity fraud management practices in e-tail sector: a systematic review

Abstract: Identity fraud is a growing issue for online retail organisations. The literature on this issue is scattered, and none of the studies presents a holistic view of identity fraud management practices in the online retail context. Therefore, the purpose of this paper is to investigate the identity fraud management practices and present a comprehensive set of practices for e-tail sector.,A systematic literature review approach was adopted, and the articles were selected through pre-set inclusion criteria. The authors synthesised existing literature to investigate identity fraud management in e-tail sector.,The research finds that literature on practices for identity fraud management is scattered. The findings also reveal that firms assume identity fraud issues as a technological challenge, which is one of the major reasons for a gap in effective management of identity frauds. This research suggests e-tailers to deal this issue as a management challenge and counter strategies should be developed in technological, human and organisational aspects.,This study is limited to the published sources of data. Studies, based on empirical data, will be helpful to support the argument of this study; additionally, future studies are recommended to include a wide number of databases.,This research will help e-tail organisations to understand the whole of identity fraud management and help them develop and implement a comprehensive set of practices at each stage, for effective management identity frauds.,This research makes unique contributions by synthesising existing literature at each stage of fraud management and encompasses social, organisational and technological aspects. It will also help academicians understanding a holistic view of available research and opens new lines for future research.