Who goes there? Verifying identity online

Feb 17, 2012

We are all used to logging into networks where we have a unique identity, verified by the network server and associated with our account for other members of the network to see. Such an identity-based network system is useful because it is relatively simple. However, there are three major drawbacks including loss of anonymity of communicating users, misplaced trust and identity theft.

Researchers at the University of Texas at Austin have devised a new type of network that allows users to be authenticated without relying on unique identities.

Writing in the International Journal of Security and Networks, Mohamed Gouda and colleagues asked themselves how they might get around these three problem areas of conventional networks. How can one design a network without user identities and what does it mean for a user to authenticate another in such a network? They suggest that rather than each user having an identity, a network based on an addressing system associated with an unlimited, user-selected list of pseudonyms can circumvent all the problems of loss of , identity theft and misplaced trust. The network authority server is then the only party, other than each user that knows their address and which of their pool of pseudonyms is associated with the address at any given time.

"The problem of anonymous communication over a network is an old and respected problem, and has inspired a considerable amount of research," the researchers explain. Papers dating back to at least 1981 have attempted to address this issue. Anonymized email based on and the layered connection approach of the Tor protocol, and Onion routing, have been used successfully over the last couple of decades. However, all of these approaches have scaling problems that limit the number of concurrent users without huge investment in network servers to carry the requisite .

The researchers explain that in their novel users do not have identities. Users are contacted by searching for their , which they change frequently. Authentication is done by the users themselves, not by the certification of a central authority. In this network, as there is no identity, there is no . "We suggest that this may be a whole new kind of network, distinct from both traditional client-server and reputation-based peer-to-peer networks," the team says.

Explore further: Can cartoons be used to teach machines to understand the visual world?

More information: "Is that you? Authentication in a network without identities" in Int. J. Security and Networks, vol 6, issue 4, 181-190

add to favorites email to friend print save as pdf

Related Stories

Sony PlayStation network users face password change

May 01, 2011

Users of Sony's PlayStation Network will have to change their passwords, the Japanese entertainment and technology giant said Sunday as it looks to boost security after its system was hacked.

Recommended for you

Five ways the superintelligence revolution might happen

Sep 26, 2014

Biological brains are unlikely to be the final stage of intelligence. Machines already have superhuman strength, speed and stamina – and one day they will have superhuman intelligence. This is of course ...

User comments : 0