Why the Equifax Breach Should Not Have Mattered

12/30/2017
by   Marten Lohstroh, et al.
0

Data security, which is concerned with the prevention of unauthorized access to computers, databases, and websites, helps protect digital privacy and ensure data integrity. It is extremely difficult, however, to make security watertight, and security breaches are not uncommon. The consequences of stolen credentials go well beyond the leakage of other types of information because they can further compromise other systems. This paper criticizes the practice of using clear-text identity attributes, such as Social Security or driver's license numbers -- which are in principle not even secret -- as acceptable authentication tokens or assertions of ownership, and proposes a simple protocol that straightforwardly applies public-key cryptography to make identity claims verifiable, even when they are issued remotely via the Internet. This protocol has the potential of elevating the business practices of credit providers, rental agencies, and other service companies that have hitherto exposed consumers to the risk of identity theft, to where identity theft becomes virtually impossible.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
05/26/2023

Fast IDentity Online with Anonymous Credentials (FIDO-AC)

Web authentication is a critical component of today's Internet and the d...
research
06/15/2018

Anonymous Identity-Based Encryption with Identity Recovery

Anonymous Identity-Based Encryption can protect privacy of the receiver....
research
09/04/2023

Fortifying Public Safety: A Dynamic Role-Based Access Control Paradigm for Cloud-Centric IoT

The evolution of communication technologies, exemplified by the Internet...
research
10/15/2021

HTTPA: HTTPS Attestable Protocol

Hypertext Transfer Protocol Secure (HTTPS) protocol has become integral ...
research
07/13/2018

An Improved Bound for Security in an Identity Disclosure Problem

Identity disclosure of an individual from a released data is a matter of...

Please sign up or login with your details

Forgot password? Click here to reset