Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Virtual Integrity: Faithfully Navigating the Brave New Web

Abstract: It's unavoidable--every time we surf the Web we are bombarded with temptations vying for our thoughts, dreams, time, and money. As a high-ranking government computer security expert and an avid personal Internet user, Daniel Lohrmann knows these lures well. In Virtual Integrity, he sets out to answer an important question: How can we safely surf our values?Approachable and essential for all Web users, this book reveals the vast scope of the current battle, creative new answers to the problem, and practical steps everyone can follow. Delving into more than just commonly discussed issues of Internet gambling and pornography, Lohrmann offers a rare holistic vision for how to avoid "integrity theft" and unpacks a revolutionary new paradigm for integrity security. EXCERPT Over the past 24 years, I've led teams building websites and customer-focused portals that have changed the way citizens and businesses interact with government - for the better. Since working for the National Security Agency in the 1980s, I've circled the globe fixing computers, battling hackers, stopping computer viruses, and taking on a never-ending list of "bad guys." America still faces serious challenges from foreign threats, and many books have been written and websites developed on all aspects of cybersecurity, organized crime, and protecting your confidential information. I've seen firsthand a lot of these threats and abuses of Internet capabilities. But in the past few years, an even more troubling trend has grabbed my attention. I am referring to an extraordinary increase in the numbers of temptations we face in cyberspace. New seductions are cleverly packaged as "innovative opportunities" that are really appeals to engage in unproductive, harmful, even immoral activities online. A much wider set of questions have arisen that can't be answered by simply blocking spam, installing web filters, or upgrading your antivirus software and PC firewall. These virtual threats can have the net effect of taking away some of the most important things in life. As individuals, institutions, and a nation, we spend significant time battling identity theft online, but we neglect to fight other negative aspects of Internet life that I call "integrity theft." We need a new approach to virtual integrity.

Towards a Model for Data Breaches: An Universal Problem for the Public

Abstract: The topic of data breaches, protection of information and data security salient to business and criminal justice researchers, practitioners in all profit and nonprofit organizations, consumer advocate groups and legislators throughout the world. This article analyzes the trends in data breaches in the United States and classifies them into five general industry sectors and eighteen sub-sectors using a new model recently developed by the authors and also provides basic recommendations for information and security personnel in every industry throughout the world to use to improve data protection and thus help protect public information for consumers and all types of organizations. The 2,280 data breaches tracked by the Privacy Rights Clearinghouse from 2005 through 2010 were used in the study. The findings indicate that the trends for the annual number of data breaches for the five general industries and their sub-sectors have increased, although inconsistently, over the six-year period. The analysis and classification of data breaches by general and sub-sector industries with the use of this new data breach model provides an awareness of the data breach problem for information managers and security personnel in public and private sector organizations throughout the world and also provides a workable methodological framework to help them develop innovative and useful policies for safeguarding personal information of consumers, clients, employees and other entities. The topic of data breaches and information management remains salient to business and criminal justice researchers, practitioners in all profit and nonprofit organizations, consumer advocate groups and legislators throughout the world. Keywords – Data breaches, public information, data protection, identity theft. Normal 0 false false false EN-US X-NONE X-NONE

Towards secure network communications with clients having cryptographically attestable integrity

Abstract: In a client-server communication, the server side must trust the client before releases confidential data or accepts commands received from the client. While industry best practices and considerable amount of research focus on secure credential authentication, we stress that this is at most a deceptive effort, providing only a false sense of security. We underline the sharp contradiction between state-of-the-art industry wide practices and the security that researchers campaign for, with special focus on online banking solutions. We present a brief review of a wide range of cyberattack techniques used today to perform large scale identity theft, financial fraud or espionage. We believe that current approaches, including inside-OS security solutions or relying only on credential authentication are outdated, and an industry wide shift is needed to provide trustable, integrity attested clients. Our solution is created around a type 1 bare-metal hypervisor, relying on hardware-enforced technologies to provide strong isolation between a secure operating environment on the clients and a possibly compromised OS. Blending an easily deployable solution with remote cryptographic identity attestation support, we believe that our proposal carries a significant value, both from security point of view and market applicability. In order to support a proper evaluation of the strength and weaknesses of the solution, we also present a comprehensive review of various remaining attack techniques and strategies.

Fast and Accurate Likelihood Ratio Based Biometric Comparison in the Encrypted Domain

Abstract: As applications of biometric verification proliferate, users become more vulnerable to privacy infringement. Biometric data is very privacy sensitive as it may contain information as gender, ethnicity and health conditions which should not be shared with third parties during the verification process. Moreover, biometric data that has fallen into the wrong hands often leads to identity theft. Secure biometric verification schemes try to overcome such privacy threats. Unfortunately, existing secure solutions either introduce a heavy computational or communication overhead or have to accept a high loss in accuracy; both of which make them impractical in real-world settings. This paper presents a novel approach to secure biometric verification aiming at a practical trade-off between efficiency and accuracy, while guaranteeing full security against honest-but-curious adversaries. The system performs verification in the encrypted domain using elliptic curve based homomorphic ElGamal encryption for high efficiency. Classification is based on a log-likelihood ratio classifier which has proven to be very accurate. No private information is leaked during the verification process using a two-party secure protocol. Initial tests show highly accurate results that have been computed within milliseconds range.