Who goes there? Verifying identity online

Feb 17, 2012

We are all used to logging into networks where we have a unique identity, verified by the network server and associated with our account for other members of the network to see. Such an identity-based network system is useful because it is relatively simple. However, there are three major drawbacks including loss of anonymity of communicating users, misplaced trust and identity theft.

Researchers at the University of Texas at Austin have devised a new type of network that allows users to be authenticated without relying on unique identities.

Writing in the International Journal of Security and Networks, Mohamed Gouda and colleagues asked themselves how they might get around these three problem areas of conventional networks. How can one design a network without user identities and what does it mean for a user to authenticate another in such a network? They suggest that rather than each user having an identity, a network based on an addressing system associated with an unlimited, user-selected list of pseudonyms can circumvent all the problems of loss of , identity theft and misplaced trust. The network authority server is then the only party, other than each user that knows their address and which of their pool of pseudonyms is associated with the address at any given time.

"The problem of anonymous communication over a network is an old and respected problem, and has inspired a considerable amount of research," the researchers explain. Papers dating back to at least 1981 have attempted to address this issue. Anonymized email based on and the layered connection approach of the Tor protocol, and Onion routing, have been used successfully over the last couple of decades. However, all of these approaches have scaling problems that limit the number of concurrent users without huge investment in network servers to carry the requisite .

The researchers explain that in their novel users do not have identities. Users are contacted by searching for their , which they change frequently. Authentication is done by the users themselves, not by the certification of a central authority. In this network, as there is no identity, there is no . "We suggest that this may be a whole new kind of network, distinct from both traditional client-server and reputation-based peer-to-peer networks," the team says.

Explore further: Computer scientists can predict the price of Bitcoin

More information: "Is that you? Authentication in a network without identities" in Int. J. Security and Networks, vol 6, issue 4, 181-190

add to favorites email to friend print save as pdf

Related Stories

Sony PlayStation network users face password change

May 01, 2011

Users of Sony's PlayStation Network will have to change their passwords, the Japanese entertainment and technology giant said Sunday as it looks to boost security after its system was hacked.

Recommended for you

Tablets, cars drive AT&T wireless gains—not phones

7 hours ago

AT&T says it gained 2 million wireless subscribers in the latest quarter, but most were from non-phone services such as tablets and Internet-connected cars. The company is facing pricing pressure from smaller rivals T-Mobile ...

Twitter looks to weave into more mobile apps

8 hours ago

Twitter on Wednesday set out to weave itself into mobile applications with a free "Fabric" platform to help developers build better programs and make more money.

Blink, point, solve an equation: Introducing PhotoMath

9 hours ago

"Ma, can I go now? My phone did my homework." PhotoMath, from the software development company MicroBlink, will make the student's phone do math homework. Just point the camera towards the mathematical expression, ...

Google unveils app for managing Gmail inboxes

9 hours ago

Google is introducing an application designed to make it easier for its Gmail users to find and manage important information that can often become buried in their inboxes.

User comments : 0