{"id":13183,"date":"2021-12-07T20:26:18","date_gmt":"2021-12-08T01:26:18","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13183"},"modified":"2021-12-07T20:26:18","modified_gmt":"2021-12-08T01:26:18","slug":"tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/","title":{"rendered":"TR-06-14: CROO: A Generic Architecture and Protocol to Detect Identity Fraud"},"content":{"rendered":"<p>Carleton University<br \/>\n<a href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/\">Technical Report<\/a> TR-06-14<br \/>\nDecember 20, 2006<\/p>\n<h2>CROO: A Generic Architecture and Protocol to Detect Identity Fraud<\/h2>\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<p class=\"tr_t3\">D. Nali &amp; P.C. van Oorschot<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<h3>Abstract<\/h3>\n<p>Identity fraud (IDF) may be defined as unauthorized exploitation of credential information through the use of false identity. We abstract the problem of IDF by defining fundamental terms, identifying major stakeholders, and modeling the generic process of IDF. We then propose CROO, a generic architecture and protocol to either prevent IDF (by detecting attempts thereof), or limit its consequences (by identifying cases of previously undetected IDF). CROO is a Capture Resilient Online One-time password scheme, whereby each user must carry a personal trusted device used to generate and send encrypted one-time passwords (OTPs) verified by online trusted parties. OTPs are generated and verified at any desired user transaction, and can be used regardless of the transaction&#8217;s purpose, associated credentials, and online or on-site nature; this makes CROO a generic scheme. OTPs are combined with hashed transaction information, in a manner allowing OTP-verifying parties to confirm the transaction information&#8217;s correctness; this provides a certain level of user privacy, and prevents OTPs from being used for transactions other than those for which they were intended. Each OTP is generated from a PIN-encrypted non-verifiable key; this makes users personal devices resilient to off-line PIN-guessing attacks.<\/p>\n<p><a href=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/TR-06-14.pdf\">TR-06-14.pdf<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Carleton University Technical Report TR-06-14 December 20, 2006 CROO: A Generic Architecture and Protocol to Detect Identity Fraud D. Nali &amp; P.C. van Oorschot Abstract Identity fraud (IDF) may be defined as unauthorized exploitation of credential information through the use of false identity. We abstract the problem of IDF by defining fundamental terms, identifying major [&hellip;]<\/p>\n","protected":false},"author":49,"featured_media":0,"parent":12352,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_mi_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TR-06-14: CROO: A Generic Architecture and Protocol to Detect Identity Fraud - School of Computer Science<\/title>\n<meta name=\"description\" content=\"Carleton University Technical Report TR-06-14 December 20, 2006 CROO: A Generic Architecture and Protocol to Detect Identity Fraud D. Nali &amp; P.C. van\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/\",\"url\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/\",\"name\":\"TR-06-14: CROO: A Generic Architecture and Protocol to Detect Identity Fraud - School of Computer Science\",\"isPartOf\":{\"@id\":\"https:\/\/carleton.ca\/scs\/#website\"},\"datePublished\":\"2021-12-08T01:26:18+00:00\",\"dateModified\":\"2021-12-08T01:26:18+00:00\",\"description\":\"Carleton University Technical Report TR-06-14 December 20, 2006 CROO: A Generic Architecture and Protocol to Detect Identity Fraud D. Nali &amp; P.C. van\",\"breadcrumb\":{\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/carleton.ca\/scs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Research\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SCS Technical Reports\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Technical Reports 2006\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"TR-06-14: CROO: A Generic Architecture and Protocol to Detect Identity Fraud\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/carleton.ca\/scs\/#website\",\"url\":\"https:\/\/carleton.ca\/scs\/\",\"name\":\"School of Computer Science\",\"description\":\"Carleton University\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/carleton.ca\/scs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TR-06-14: CROO: A Generic Architecture and Protocol to Detect Identity Fraud - School of Computer Science","description":"Carleton University Technical Report TR-06-14 December 20, 2006 CROO: A Generic Architecture and Protocol to Detect Identity Fraud D. Nali &amp; P.C. van","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/","url":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/","name":"TR-06-14: CROO: A Generic Architecture and Protocol to Detect Identity Fraud - School of Computer Science","isPartOf":{"@id":"https:\/\/carleton.ca\/scs\/#website"},"datePublished":"2021-12-08T01:26:18+00:00","dateModified":"2021-12-08T01:26:18+00:00","description":"Carleton University Technical Report TR-06-14 December 20, 2006 CROO: A Generic Architecture and Protocol to Detect Identity Fraud D. Nali &amp; P.C. van","breadcrumb":{"@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/tr-06-14-croo-a-generic-architecture-and-protocol-to-detect-identity-fraud\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/carleton.ca\/scs\/"},{"@type":"ListItem","position":2,"name":"Research","item":"https:\/\/carleton.ca\/scs\/research\/"},{"@type":"ListItem","position":3,"name":"SCS Technical Reports","item":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/"},{"@type":"ListItem","position":4,"name":"Technical Reports 2006","item":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2006\/"},{"@type":"ListItem","position":5,"name":"TR-06-14: CROO: A Generic Architecture and Protocol to Detect Identity Fraud"}]},{"@type":"WebSite","@id":"https:\/\/carleton.ca\/scs\/#website","url":"https:\/\/carleton.ca\/scs\/","name":"School of Computer Science","description":"Carleton University","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/carleton.ca\/scs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"acf":{"banner_image_type":"none","banner_button":"no"},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13183"}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/49"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13183"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13183\/revisions"}],"predecessor-version":[{"id":13184,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13183\/revisions\/13184"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12352"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}