By Topic

Identity and Security

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Steven M. Bellovin ; Columbia University

A strong identification system presupposes a strong notion of identity. The Internet, though, is multilayered; identity is different at each layer. My computer has three different MAC addresses and several IP addresses, including many IP addresses and logins for different instant message systems. If I switch computers, locations, or employers, several of these would change. Am I no longer myself? Sophistry, some would say; those could all be temporarily bound to my "real" identity. In that case, we already have pretty strong identification, in the combination of time stamp, IP address, and log files. Most online misbehavior comes from hacked machines; in turns, these machines have been hacked because of buggy code. Strong authentication is useful in many circumstances, but the bad guys don't have to go through the authentication system-they simply go around it. A strongly encrypted, strongly authenticated connection between a hacked machine and another target still lets the bad guys in, whereas identification does nothing but mislead the good guys. In other words, identification will be useful only when we don't need it because we've solved the computer security problem.

Published in:

IEEE Security & Privacy  (Volume:8 ,  Issue: 2 )