Publication Details

Detecting and Preventing Credential Misuse in OTP-Based Two and Half Factor Authentication Toward Centralized Services Utilizing Blockchain-Based Identity Management

DRGA Jozef, HOMOLIAK Ivan, VANČO Juraj, PEREŠÍNI Martin, HANÁČEK Petr and VASILAKOS Athanasios. Detecting and Preventing Credential Misuse in OTP-Based Two and Half Factor Authentication Toward Centralized Services Utilizing Blockchain-Based Identity Management. In: 2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). Dubai: Institute of Electrical and Electronics Engineers, 2023, pp. 1-4. ISBN 0-06-000020-1.
Czech title
Detekce a prevence zneužití přihlasovacích údajú vůči centralizovaným službám při dvou a půlfaktorovém ověřování na bázi OTP
Type
conference paper
Language
english
Authors
Drga Jozef, Mgr. (DITS FIT BUT)
Homoliak Ivan, doc. Ing., Ph.D. (DITS FIT BUT)
Vančo Juraj (FAI UTB)
Perešíni Martin, Ing. (DITS FIT BUT)
Hanáček Petr, doc. Dr. Ing. (DITS FIT BUT)
Vasilakos Athanasios, prof. Ing., Ph.D. (LTU)
Keywords
  • Centers For Services,
  • Identity Management,
  • Blockchain-based Identity Management,
  • Privacy,
  • Service Providers,
  • Secret Key,
  • User Identification,
  • Smart Contracts,
  • Authentication Scheme,
  • Mnemonic,
  • Types Of Attacks,
  • Public Key,
  • Malware,
  • Authentication Process,
  • Merkle Tree
Abstract

This paper focuses on the problem of detection and prevention of stolen and misused secrets (such as private keys) for authentication toward centralized services. We propose a solution for this problem, based on SmartOTPs, the two-factor authentication scheme against the blockchain, which is intended for smart contract wallets and utilizes one-time passwords (OTPs). We modify SmartOTPs for our purposes and utilize them in the setting of two-and-a-half-factor authentication against a centralized service provider. Out of two and a half factors of our solution, the first factor stands for the private key, and the second and a half factor stands for OTPs and their precursors (a.k.a., pre-images), where OTPs are obtained from the precursors by cryptoaraphically secure hashing. We describe the protocol for bootstrapping our approach as well as the authentication procedure. In the case of stolen creden-tials from the client, we show that our solution enables the user to immediately detect it and proceed to re-initialization with fresh credentials. We utilize blockchain-based identity management and decentralized identities of users to simplify the overhead of the registration process and reinitialization.

Published
2023
Pages
1-4
Proceedings
2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)
Conference
5th IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Dubaj, AE
ISBN
0-06-000020-1
Publisher
Institute of Electrical and Electronics Engineers
Place
Dubai, AE
DOI
UT WoS
001032797100118
EID Scopus
BibTeX
@INPROCEEDINGS{FITPUB12718,
   author = "Jozef Drga and Ivan Homoliak and Juraj Van\v{c}o and Martin Pere\v{s}\'{i}ni and Petr Han\'{a}\v{c}ek and Athanasios Vasilakos",
   title = "Detecting and Preventing Credential Misuse in OTP-Based Two and Half Factor Authentication Toward Centralized Services Utilizing Blockchain-Based Identity Management",
   pages = "1--4",
   booktitle = "2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)",
   year = 2023,
   location = "Dubai, AE",
   publisher = "Institute of Electrical and Electronics Engineers",
   ISBN = "0-06-000020-1",
   doi = "10.1109/ICBC56567.2023.10174997",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/12718"
}
Back to top