Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Fraud and Identity Theft Issues

Abstract: Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain. In spite of the different possible attacks discussed in later chapters, this chapter can focus on phishing attacks – a form of indirect attacks– such as an act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. Phishing attacks use ‘spoofed’ e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, et cetera. The vulnerabilities on various phishing methods such as domain name spoofing, URL obfuscation, susceptive e-mails, spoofed DNS and IP addresses, and cross site scripting are analyzed, and the chapter concludes that an integrated approach is required to mitigate phishing attacks.

OLYMPUS: A distributed privacy-preserving identity management system

Abstract: Despite the latest initiatives and research efforts to increase user privacy in digital scenarios, identity-related cybercrimes such as identity theft, wrong identity or user transactions surveillance are growing. In particular, blanket surveillance that might be potentially accomplished by Identity Providers (IdPs) contradicts the data minimization principle laid out in GDPR. Hence, user movements across Service Providers (SPs) might be tracked by malicious IdPs that become a central dominant entity, as well as a single point of failure in terms of privacy and security, putting users at risk when compromised. To cope with this issue, the OLYMPUS H2020 EU project is devising a truly privacy-preserving, yet user-friendly, and distributed identity management system that addresses the data minimization challenge in both online and offline scenarios. Thus, OLYMPUS divides the role of the IdP among various authorities by relying on threshold cryptography, thereby preventing user impersonation and surveillance from malicious or nosy IdPs. This paper overviews the OLYMPUS framework, including requirements considered, the proposed architecture, a series of use cases as well as the privacy analysis from the legal point of view.

Fundamentals of Biometrics —Hand Written Signature and Iris

Abstract: Biometric is a metric of apparent nontransferable uniqueness provided by users presence Biometrics are extremely convenient form of providing identity and cannot be lent to another individual Due to digital impersonation security techniques are predominantly using biometrics To eliminate identity theft, a measurable physical characteristic or behavioral trait is more reliable In factual scenario, blend of biometric identification and a keypad code provides virtually unbreakable security The consequential statistical error rates of biometric security systems are calculated for a large population The choice of biometric is application specific The number of users, technical implementation and operating environment will influence the selection of distinguishing biometric trait The hand written signature characteristics and iris texture variations form an occurrence vector to provide biohashing

An Authentication Model Involving Trusted Third Party for M-Commerce

Abstract: In this paper, a new authentication model for M-Commerce is proposed. The protocol has three novel characteristics as opposed to the existing protocols involving trusted third party in M-commerce. Firstly, it is minimal and can reduce the requirement of computational resources for mobile terminals. Secondly, it is manageable. The third party just provides security authentication, credit standing and session key for both the buyer and the seller, whereas it doesn't provide buyer's private payment information such as credit-card / debit-card information. In this way, it can avoid large scale of identity theft effectively. Thirdly, it can meet SSO of buyers. Its correctness is verified by using CSP/FDR. The checking result shows that this new protocol model satisfies the authentication and key distribution properties that it claimed.