Detecting and Preventing Credential Misuse in OTP-Based Two and Half Factor Authentication Toward Centralized Services Utilizing Blockchain-Based Identity Management
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F23%3APU149341" target="_blank" >RIV/00216305:26230/23:PU149341 - isvavai.cz</a>
Result on the web
<a href="http://dx.doi.org/10.1109/ICBC56567.2023.10174997" target="_blank" >http://dx.doi.org/10.1109/ICBC56567.2023.10174997</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/ICBC56567.2023.10174997" target="_blank" >10.1109/ICBC56567.2023.10174997</a>
Alternative languages
Result language
angličtina
Original language name
Detecting and Preventing Credential Misuse in OTP-Based Two and Half Factor Authentication Toward Centralized Services Utilizing Blockchain-Based Identity Management
Original language description
This paper focuses on the problem of detection and prevention of stolen and misused secrets (such as private keys) for authentication toward centralized services. We propose a solution for this problem, based on SmartOTPs, the two-factor authentication scheme against the blockchain, which is intended for smart contract wallets and utilizes one-time passwords (OTPs). We modify SmartOTPs for our purposes and utilize them in the setting of two-and-a-half-factor authentication against a centralized service provider. Out of two and a half factors of our solution, the first factor stands for the private key, and the second and a half factor stands for OTPs and their precursors (a.k.a., pre-images), where OTPs are obtained from the precursors by cryptoaraphically secure hashing. We describe the protocol for bootstrapping our approach as well as the authentication procedure. In the case of stolen creden-tials from the client, we show that our solution enables the user to immediately detect it and proceed to re-initialization with fresh credentials. We utilize blockchain-based identity management and decentralized identities of users to simplify the overhead of the registration process and reinitialization.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
<a href="/en/project/8A21012" target="_blank" >8A21012: Distributed Artificial Intelligent Systems</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach
Others
Publication year
2023
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)
ISBN
979-8-3503-1019-1
ISSN
—
e-ISSN
—
Number of pages
4
Pages from-to
1-4
Publisher name
Institute of Electrical and Electronics Engineers
Place of publication
Dubai
Event location
Dubaj
Event date
May 1, 2023
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
001032797100118