Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Voter Identity Theft: Submitting Changes to Voter Registrations Online to Disrupt Elections

Abstract: Could an attacker impact U.S. elections by merely changing voter registrations online? This reportedly happened during the 2016 Republican primary election in Riverside County, California. What about elsewhere? We surveyed official voter record websites for the 50 states and the District of Columbia and assessed the means and costs for an attacker to change voter addresses. Relatedly, an attacker could also change party affiliations, delete voter registrations, or request absentee ballots online. A voter whose address was changed without her knowledge, for example, in most states would have a polling place different than expected. On Election Day, when she appeared at her presumed polling place, she would have been unable to cast a regular vote because her name was not on the precinct’s register. She may have been turned away or given a provisional ballot, and in many cases, a provisional ballot would not count. Perpetrated at scale, changing voter addresses, deleting voter registrations, or requesting absentee ballots could disenfranchise a significant percentage of voters, and if carefully distributed, such an attack might go unnoticed even if the impact was significant. So, how practical is it to submit false changes to voter registrations online? Sweeney L, Yoo J, Zang J. Voter Identity Theft: Submitting Changes to Voter Registrations Online to Disrupt Elections. Technology Science. 2017090601. Version 2. September 6, 2017. http://techscience.org/a/2017090601 3 Results summary: We found that in 2016, the District of Columbia and 35 of the 50 states had websites that allowed voters to submit registration changes. These websites determined whether a visitor was an actual voter by requesting commonly available personal information. Some websites gave multiple ways for a voter to self-identify. Of these, {name, date of birth, address} was required in 15, {name, date of birth, driver’s license number} was required in 27, and {name, date of birth, last 4 SSN} was required in 3. We found that an attacker could acquire the voter names, demographic information and government-issued numbers needed to impersonate voters on all 36 websites from government offices, data brokers, the deep web, or darknet markets. Overall, the total cost of an attack varied based on the number of voters to impersonate, data sources used, whether the websites had CAPTCHAs, and specific states of interest. We found that the practical costs of changing 1 percent of the voters on all 36 websites could range from $10,081 to $24,926 depending on whether the attacker used data from government, data broker, darknet or other sources. Costs for an attack on a specific geographical area or state were much less, such as $1 for Alaska or $1,020 for Illinois. Back office processes and election practices, which varied among states, could have possibly limited attack success rates.

Cyberspace Identity Theft: The Conceptual Framework

Abstract: The present age of technological advances has extended the reach of crimes into the Internet. Nevertheless, while the Internet may have led to the emergence of wholly new crimes, it has mostly brought about new ways of committing preexisting crimes. (Garner, 2000) For example, although it is often called a 21st century phenomenon, (Hoar, 2001) cyberspace identity theft is, in fact, not a new type of crime. (United Nations, Handbook on Identity Related Crime, 2011)Long before the emergence of the Internet, identity thieves stole people’s identities through dumpster diving by searching for personal identifying information such as social security and bank account numbers in the trash left outside people’s homes. The identity thief uses information relating to the identity of another person’s such as name, address, telephone number, mother’s maiden name, social security number, social insurance number, health card number, bank account information, driver’s license number and date of birth. It is stealing someone’s identity information to commit theft, fraud or other crimes. DOI: 10.5901/mjss.2015.v6n4s3p595

Two new economic models for privacy

Abstract: Private data is leaked more and more in our society. Wikileaks, Facebook, and identity theft are just three examples. So, modeling privacy is important. Cryptographers do not provide methods to address whether data should remain private or not. The use of entropy does not reflect the cost associated with the loss of private data.In this paper we provide two economic models for privacy. Our first model is a lattice structured extension of attack graphs. Our second model is a stochastic almost combinatorial game, where two or more players can make stochastic moves in an almost combinatorial setup. In both models, a user can decide attempting transitions between states, representing a user's private information, based on multiple criterion including the cost of an attempt, the probability of success, the number of earlier attempts to obtain this private information and (possibly) the available budget.In a variant of our models we use multigraphs. We use this when a transition between two states could be performed in different ways. To reduce the increase in complexity, we introduce a technique converting the multigraph to a simple directed graph. We discuss the advantages and disadvantages of this conversion. We also briefly discuss potential uses of our privacy models.

IdProF: Identity provisioning framework for smart environments

Abstract: Inhabitants of smart environments should interact with each other in a seamless context-sensitive manner. Identity verification is a frequent task required before any interaction. However, every interaction requires a different identity profile and a different verification protocol. Asking inhabitants to verify themselves before every interaction is a tedious, time-consuming process that disrupts inhabitants' activities and degrades the overall performance. To avoid such problems, we propose IdProF, a secure context-sensitive seamless multi-modal identity provisioning framework for smart environments. IdProF builds an encrypted 360-Degree Inhabitant Profile (i.e., 360DIP) using the inhabitant's activities history and the corresponding access and usage patterns for environment's resources. Using the developed 360DIP, and based on the involved context (e.g., location, involved activity, interacting inhabitant, access date and time), IdProF generates a Disposable Customized Virtual Inhabitant Profile (DCVIP) on demand, then creates a customized identity proxy to handle the identity verification for the required interaction. In case of DCVIP generation failure, warnings are sent to the inhabitant to verify the interaction. We believe, IdProF reduces the risks for identity theft/loss, as it does not depend only on unique identifiers, but it takes into consideration the dynamics of the inhabitants' behaviors as well as their access and usage patterns.

A comparative analysis of the EU GDPR to the US’s breach notifications

Abstract: One component of the newly implemented European Union General Data Protection Regulation (GDPR), a revision of a 1995 directive, is mandatory breach notification. The US has no such federal law. Th...