Detecting and Preventing Credential Misuse in OTP-Based Two and Half Factor Authentication Toward Centralized Services Utilizing Blockchain-Based Identity Management

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F23%3APU149341" target="_blank" >RIV/00216305:26230/23:PU149341 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1109/ICBC56567.2023.10174997" target="_blank" >http://dx.doi.org/10.1109/ICBC56567.2023.10174997</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/ICBC56567.2023.10174997" target="_blank" >10.1109/ICBC56567.2023.10174997</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Detecting and Preventing Credential Misuse in OTP-Based Two and Half Factor Authentication Toward Centralized Services Utilizing Blockchain-Based Identity Management

Popis výsledku v původním jazyce

This paper focuses on the problem of detection and prevention of stolen and misused secrets (such as private keys) for authentication toward centralized services. We propose a solution for this problem, based on SmartOTPs, the two-factor authentication scheme against the blockchain, which is intended for smart contract wallets and utilizes one-time passwords (OTPs). We modify SmartOTPs for our purposes and utilize them in the setting of two-and-a-half-factor authentication against a centralized service provider. Out of two and a half factors of our solution, the first factor stands for the private key, and the second and a half factor stands for OTPs and their precursors (a.k.a., pre-images), where OTPs are obtained from the precursors by cryptoaraphically secure hashing. We describe the protocol for bootstrapping our approach as well as the authentication procedure. In the case of stolen creden-tials from the client, we show that our solution enables the user to immediately detect it and proceed to re-initialization with fresh credentials. We utilize blockchain-based identity management and decentralized identities of users to simplify the overhead of the registration process and reinitialization.

Název v anglickém jazyce

Detecting and Preventing Credential Misuse in OTP-Based Two and Half Factor Authentication Toward Centralized Services Utilizing Blockchain-Based Identity Management

Popis výsledku anglicky

This paper focuses on the problem of detection and prevention of stolen and misused secrets (such as private keys) for authentication toward centralized services. We propose a solution for this problem, based on SmartOTPs, the two-factor authentication scheme against the blockchain, which is intended for smart contract wallets and utilizes one-time passwords (OTPs). We modify SmartOTPs for our purposes and utilize them in the setting of two-and-a-half-factor authentication against a centralized service provider. Out of two and a half factors of our solution, the first factor stands for the private key, and the second and a half factor stands for OTPs and their precursors (a.k.a., pre-images), where OTPs are obtained from the precursors by cryptoaraphically secure hashing. We describe the protocol for bootstrapping our approach as well as the authentication procedure. In the case of stolen creden-tials from the client, we show that our solution enables the user to immediately detect it and proceed to re-initialization with fresh credentials. We utilize blockchain-based identity management and decentralized identities of users to simplify the overhead of the registration process and reinitialization.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/8A21012" target="_blank" >8A21012: Distributed Artificial Intelligent Systems</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)

ISBN

979-8-3503-1019-1

ISSN

—

e-ISSN

—

Počet stran výsledku

4

Strana od-do

1-4

Název nakladatele

Institute of Electrical and Electronics Engineers

Místo vydání

Dubai

Místo konání akce

Dubaj

Datum konání akce

1. 5. 2023

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

001032797100118