Why the Equifax Breach Should Not Have Mattered
Marten Lohstroh

Citation
Marten Lohstroh. "Why the Equifax Breach Should Not Have Mattered". Talk or presentation, 12, December, 2017.

Abstract
Data security, which is concerned with the prevention of unauthorized access to computers, databases, and websites, helps protect digital privacy and ensure data integrity. It is extremely difficult, however, to make security watertight, and security breaches are not uncommon. The consequences of stolen credentials go well beyond the leakage of other types of information because they can further compromise other systems. This paper criticizes the practice of using clear-text identity attributes, such as Social Security numbers or driver’s license numbers—which are in principle not even secret—as acceptable authentication tokens or assertions of ownership. This paper offers a simple protocol that straightforwardly applies public- key cryptography to make identity claims verifiable, even when they are issued remotely via the Internet. This protocol has the potential of elevating the business practices of credit providers, rental agencies, and other service companies that have hitherto exposed consumers to the risk of identity theft, to where identity theft becomes virtually impossible.

Electronic downloads

Citation formats  
  • HTML
    Marten Lohstroh. <a
    href="http://www.terraswarm.org/pubs/1026.html"
    ><i>Why the Equifax Breach Should Not Have
    Mattered</i></a>, Talk or presentation,  12,
    December, 2017.
  • Plain text
    Marten Lohstroh. "Why the Equifax Breach Should Not
    Have Mattered". Talk or presentation,  12, December,
    2017.
  • BibTeX
    @presentation{Lohstroh17_WhyEquifaxBreachShouldNotHaveMattered,
        author = {Marten Lohstroh},
        title = {Why the Equifax Breach Should Not Have Mattered},
        day = {12},
        month = {December},
        year = {2017},
        abstract = {Data security, which is concerned with the
                  prevention of unauthorized access to computers,
                  databases, and websites, helps protect digital
                  privacy and ensure data integrity. It is extremely
                  difficult, however, to make security watertight,
                  and security breaches are not uncommon. The
                  consequences of stolen credentials go well beyond
                  the leakage of other types of information because
                  they can further compromise other systems. This
                  paper criticizes the practice of using clear-text
                  identity attributes, such as Social Security
                  numbers or driver’s license numbers—which are
                  in principle not even secret—as acceptable
                  authentication tokens or assertions of ownership.
                  This paper offers a simple protocol that
                  straightforwardly applies public- key cryptography
                  to make identity claims verifiable, even when they
                  are issued remotely via the Internet. This
                  protocol has the potential of elevating the
                  business practices of credit providers, rental
                  agencies, and other service companies that have
                  hitherto exposed consumers to the risk of identity
                  theft, to where identity theft becomes virtually
                  impossible.},
        URL = {http://terraswarm.org/pubs/1026.html}
    }
    

Posted by Marten Lohstroh on 15 Dec 2017.
Groups: services

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.