Citation
Marten Lohstroh. "Why the Equifax Breach Should Not Have Mattered". Talk or presentation, 12, December, 2017.

Abstract
Data security, which is concerned with the prevention of unauthorized access to computers, databases, and websites, helps protect digital privacy and ensure data integrity. It is extremely difficult, however, to make security watertight, and security breaches are not uncommon. The consequences of stolen credentials go well beyond the leakage of other types of information because they can further compromise other systems. This paper criticizes the practice of using clear-text identity attributes, such as Social Security numbers or driver’s license numbers—which are in principle not even secret—as acceptable authentication tokens or assertions of ownership. This paper offers a simple protocol that straightforwardly applies public- key cryptography to make identity claims verifiable, even when they are issued remotely via the Internet. This protocol has the potential of elevating the business practices of credit providers, rental agencies, and other service companies that have hitherto exposed consumers to the risk of identity theft, to where identity theft becomes virtually impossible.

Electronic downloads

• Lohstroh_WorldCIS_17_Talk.pdf · application/pdf · 4888 kbytes

• HTML

  Marten Lohstroh. <a
  href="http://www.terraswarm.org/pubs/1026.html"
  ><i>Why the Equifax Breach Should Not Have
  Mattered</i></a>, Talk or presentation,  12,
  December, 2017.

• Plain text

  Marten Lohstroh. "Why the Equifax Breach Should Not
  Have Mattered". Talk or presentation,  12, December,
  2017.

• BibTeX

  @presentation{Lohstroh17_WhyEquifaxBreachShouldNotHaveMattered,
      author = {Marten Lohstroh},
      title = {Why the Equifax Breach Should Not Have Mattered},
      day = {12},
      month = {December},
      year = {2017},
      abstract = {Data security, which is concerned with the
                prevention of unauthorized access to computers,
                databases, and websites, helps protect digital
                privacy and ensure data integrity. It is extremely
                difficult, however, to make security watertight,
                and security breaches are not uncommon. The
                consequences of stolen credentials go well beyond
                the leakage of other types of information because
                they can further compromise other systems. This
                paper criticizes the practice of using clear-text
                identity attributes, such as Social Security
                numbers or driver’s license numbers—which are
                in principle not even secret—as acceptable
                authentication tokens or assertions of ownership.
                This paper offers a simple protocol that
                straightforwardly applies public- key cryptography
                to make identity claims verifiable, even when they
                are issued remotely via the Internet. This
                protocol has the potential of elevating the
                business practices of credit providers, rental
                agencies, and other service companies that have
                hitherto exposed consumers to the risk of identity
                theft, to where identity theft becomes virtually
                impossible.},
      URL = {http://terraswarm.org/pubs/1026.html}
  }
  

Posted by Marten Lohstroh on 15 Dec 2017.
Groups: services