CROO: A Universal Infrastructure and Protocol to Detect Identity Fraud (Extended Version)

IDentity Fraud (IDF) may be defined as unauthorized exploitation of credential information through the use of false identity. The authors propose CROO, a universal (i.e. generic) infrastructure and protocol to either prevent IDF (by detecting attempts thereof), or limit its consequences (by identifying cases of previously undetected IDF). CROO is a capture resilient one-time password scheme, whereby each user must carry a personal trusted device used to generate One-Time Passwords (OTPs) verified by online trusted parties. Multiple trusted parties may be used for increased scalability.