Publication Details

Detecting and Preventing Credential Misuse in OTP-Based Two and Half Factor Authentication Toward Centralized Services Utilizing Blockchain-Based Identity Management

DRGA, J.; HOMOLIAK, I.; VANČO, J.; PEREŠÍNI, M.; HANÁČEK, P.; VASILAKOS, A. Detecting and Preventing Credential Misuse in OTP-Based Two and Half Factor Authentication Toward Centralized Services Utilizing Blockchain-Based Identity Management. In 2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). Dubai: Institute of Electrical and Electronics Engineers, 2023. p. 1-4. ISBN: 979-8-3503-1019-1.

Czech title

Detekce a prevence zneužití přihlasovacích údajú vůči centralizovaným službám při dvou a půlfaktorovém ověřování na bázi OTP

Type

conference paper

Language

English

Authors

Drga Jozef, Mgr. (FIT)
Homoliak Ivan, doc. Ing., Ph.D. (DITS)
Vančo Juraj
Perešíni Martin, Ing. (DITS)
Hanáček Petr, doc. Dr. Ing. (DITS)
Vasilakos Athanasios

Keywords

   - Centers For Services,
   - Identity Management,
   - Blockchain-based Identity Management,
   - Privacy,
   - Service Providers,
   - Secret Key,
   - User Identification,
   - Smart Contracts,
   - Authentication Scheme,
   - Mnemonic,
   - Types Of Attacks,
   - Public Key,
   - Malware,
   - Authentication Process,
   - Merkle Tree

Abstract

This paper focuses on the problem of detection and prevention of stolen and
misused secrets (such as private keys) for authentication toward centralized
services. We propose a solution for this problem, based on SmartOTPs, the
two-factor authentication scheme against the blockchain, which is intended for
smart contract wallets and utilizes one-time passwords (OTPs). We modify
SmartOTPs for our purposes and utilize them in the setting of
two-and-a-half-factor authentication against a centralized service provider. Out
of two and a half factors of our solution, the first factor stands for the
private key, and the second and a half factor stands for OTPs and their
precursors (a.k.a., pre-images), where OTPs are obtained from the precursors by
cryptoaraphically secure hashing. We describe the protocol for bootstrapping our
approach as well as the authentication procedure. In the case of stolen
creden-tials from the client, we show that our solution enables the user to
immediately detect it and proceed to re-initialization with fresh credentials. We
utilize blockchain-based identity management and decentralized identities of
users to simplify the overhead of the registration process and reinitialization.

Published

2023

Pages

1–4

Proceedings

2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)

Conference

5th IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Dubaj, AE

ISBN

979-8-3503-1019-1

Publisher

Institute of Electrical and Electronics Engineers

Place

Dubai

DOI

10.1109/ICBC56567.2023.10174997

UT WoS

001032797100118

EID Scopus

2-s2.0-85166267464

BibTeX

@inproceedings{BUT185114,
  author="Jozef {Drga} and Ivan {Homoliak} and Juraj {Vančo} and Martin {Perešíni} and Petr {Hanáček} and Athanasios {Vasilakos}",
  title="Detecting and Preventing Credential Misuse in OTP-Based Two and Half Factor Authentication Toward Centralized Services Utilizing Blockchain-Based Identity Management",
  booktitle="2023 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)",
  year="2023",
  pages="1--4",
  publisher="Institute of Electrical and Electronics Engineers",
  address="Dubai",
  doi="10.1109/ICBC56567.2023.10174997",
  isbn="979-8-3503-1019-1"
}