Detecting and Preventing Credential Misuse in OTP-Based Two and Half Factor Authentication Toward Centralized Services Utilizing Blockchain-Based Identity Management

This work focuses on the problem of detection and prevention of stolen and misused secrets (such as private keys) for authentication toward centralized services. We propose a solution for such a problem based on the blockchain-based two-factor authentication scheme SmartOTPs, which we modify for our purposes and utilize in the setting of two and half-factor authentication against a centralized service provider. Our proposed solution consists of four entities that interact together to ensure authentication: (1) the user, (2) the authenticator, (3) the service provider, and (4) the smart contract. Out of two and a half factors of our solution, the first factor stands for the private key, and the second and a half factor stands for one-time passwords (OTPs) and their precursors, where OTPs are obtained from the precursors (a.k.a., pre-images) by cryptographically secure hashing. We describe the protocol for bootstrapping our approach as well as the authentication procedure. We make the security analysis of our solution, where on top of the main attacker model that steals secrets from the client, we analyze man-in-the-middle attacks and malware tampering with the client. In the case of stolen credentials, we show that our solution enables the user to immediately detect the attack occurrence and proceed to re-initialization with fresh credentials

The development of the image of a selective collegiate public institution and the effects of that image upon admissions : the case of the College of William and Mary in Virginia, 1946-1980

The purpose of this case study was to trace the development of the image of the College of William and Mary in order to test the hypothesis: The image of a selective liberal arts college is not exclusive to the private sector. In tracing the development of the image, the concept of saga, defined by Clark (1968) as an historically based understanding of organizational development was viewed as the theoretical basis for the study. Four factors were found to have a positive impact upon the development of the selective image of the College. (1) The restoration and growth of Colonial Williamsburg which attracts over one million visitors to the area each year. (2) The admission philosophy and policies which projected and fostered a selective image prior to the actual development of selectivity. (3) The administrative philosophy and development of the mission of the institution as espoused by the four presidents who served during the period. (4) The student bodies of the time period studied--their academic credentials, activities and foci during their college careers--both as a group and as individuals.;Statistics were compiled for the period 1946-1980 listing: the number of applicants; the percentage accepted; the percentage of admitted students enrolled; and the high school academic credentials including test scores and ranks-in-class. These were used to demonstrate the degree of selectivity which developed during the period

Privacy-Preserving Trust Management Mechanisms from Private Matching Schemes

Cryptographic primitives are essential for constructing privacy-preserving communication mechanisms. There are situations in which two parties that do not know each other need to exchange sensitive information on the Internet. Trust management mechanisms make use of digital credentials and certificates in order to establish trust among these strangers. We address the problem of choosing which credentials are exchanged. During this process, each party should learn no information about the preferences of the other party other than strictly required for trust establishment. We present a method to reach an agreement on the credentials to be exchanged that preserves the privacy of the parties. Our method is based on secure two-party computation protocols for set intersection. Namely, it is constructed from private matching schemes.Comment: The material in this paper will be presented in part at the 8th DPM International Workshop on Data Privacy Management (DPM 2013

A Decentralised Digital Identity Architecture

Current architectures to validate, certify, and manage identity are based on centralised, top-down approaches that rely on trusted authorities and third-party operators. We approach the problem of digital identity starting from a human rights perspective, with a primary focus on identity systems in the developed world. We assert that individual persons must be allowed to manage their personal information in a multitude of different ways in different contexts and that to do so, each individual must be able to create multiple unrelated identities. Therefore, we first define a set of fundamental constraints that digital identity systems must satisfy to preserve and promote privacy as required for individual autonomy. With these constraints in mind, we then propose a decentralised, standards-based approach, using a combination of distributed ledger technology and thoughtful regulation, to facilitate many-to-many relationships among providers of key services. Our proposal for digital identity differs from others in its approach to trust in that we do not seek to bind credentials to each other or to a mutually trusted authority to achieve strong non-transferability. Because the system does not implicitly encourage its users to maintain a single aggregated identity that can potentially be constrained or reconstructed against their interests, individuals and organisations are free to embrace the system and share in its benefits.Comment: 30 pages, 10 figures, 3 table