{"id":13183,"date":"2021-12-07T20:26:18","date_gmt":"2021-12-08T01:26:18","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13183"},"modified":"2026-06-02T14:59:24","modified_gmt":"2026-06-02T18:59:24","slug":"tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/","title":{"rendered":"TR-06-14: CROO: A Generic Architecture and Protocol to Detect Identity Fraud"},"content":{"rendered":"\n<section class=\"w-screen px-6 cu-section cu-section--white ml-offset-center md:px-8 lg:px-14\">\n    <div class=\"space-y-6 cu-max-w-child-5xl  md:space-y-10 cu-prose-first-last\">\n\n            <div class=\"cu-textmedia flex flex-col lg:flex-row mx-auto gap-6 md:gap-10 my-6 md:my-12 first:mt-0 max-w-5xl\">\n        <div class=\"justify-start cu-textmedia-content cu-prose-first-last\" style=\"flex: 0 0 100%;\">\n            <header class=\"font-light prose-xl cu-pageheader md:prose-2xl cu-component-updated cu-prose-first-last\">\n                                    <h1 class=\"cu-prose-first-last font-semibold !mt-2 mb-4 md:mb-6 relative after:absolute after:h-px after:bottom-0 after:bg-cu-red after:left-px text-3xl md:text-4xl lg:text-5xl lg:leading-[3.5rem] pb-5 after:w-10 text-cu-black-700 not-prose\">\n                        TR-06-14: CROO: A Generic Architecture and Protocol to Detect Identity Fraud\n                    <\/h1>\n                \n                                \n                            <\/header>\n\n                    <\/div>\n\n            <\/div>\n\n    <\/div>\n<\/section>\n\n<p>Carleton University<br>\n<a href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/\">Technical Report<\/a> TR-06-14<br>\nDecember 20, 2006<\/p>\n\n\n\n<h2 id=\"croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\" class=\"wp-block-heading\">CROO: A Generic Architecture and Protocol to Detect Identity Fraud<\/h2>\n\n\n\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<p class=\"tr_t3\">D. Nali &amp; P.C. van Oorschot<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<h3>Abstract<\/h3>\n<p>Identity fraud (IDF) may be defined as unauthorized exploitation of credential information through the use of false identity. We abstract the problem of IDF by defining fundamental terms, identifying major stakeholders, and modeling the generic process of IDF. We then propose CROO, a generic architecture and protocol to either prevent IDF (by detecting attempts thereof), or limit its consequences (by identifying cases of previously undetected IDF). CROO is a Capture Resilient Online One-time password scheme, whereby each user must carry a personal trusted device used to generate and send encrypted one-time passwords (OTPs) verified by online trusted parties. OTPs are generated and verified at any desired user transaction, and can be used regardless of the transaction&#8217;s purpose, associated credentials, and online or on-site nature; this makes CROO a generic scheme. OTPs are combined with hashed transaction information, in a manner allowing OTP-verifying parties to confirm the transaction information&#8217;s correctness; this provides a certain level of user privacy, and prevents OTPs from being used for transactions other than those for which they were intended. Each OTP is generated from a PIN-encrypted non-verifiable key; this makes users personal devices resilient to off-line PIN-guessing attacks.<\/p>\n<p><a href=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/sites\/260\/TR-06-14.pdf\">TR-06-14.pdf<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Carleton University Technical Report TR-06-14 December 20, 2006 CROO: A Generic Architecture and Protocol to Detect Identity Fraud D. Nali &amp; P.C. van Oorschot Abstract Identity fraud (IDF) may be defined as unauthorized exploitation of credential information through the use of false identity. We abstract the problem of IDF by defining fundamental terms, identifying major [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":12352,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_cu_dining_location_slug":"","footnotes":"","_links_to":"","_links_to_target":""},"cu_page_type":[],"class_list":["post-13183","page","type-page","status-publish","hentry"],"acf":{"cu_post_thumbnail":false},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13183"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13183\/revisions"}],"predecessor-version":[{"id":13184,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13183\/revisions\/13184"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12352"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13183"}],"wp:term":[{"taxonomy":"cu_page_type","embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/cu_page_type?post=13183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}