Who goes there? Verifying identity online

Feb 17, 2012

We are all used to logging into networks where we have a unique identity, verified by the network server and associated with our account for other members of the network to see. Such an identity-based network system is useful because it is relatively simple. However, there are three major drawbacks including loss of anonymity of communicating users, misplaced trust and identity theft.

Researchers at the University of Texas at Austin have devised a new type of network that allows users to be authenticated without relying on unique identities.

Writing in the International Journal of Security and Networks, Mohamed Gouda and colleagues asked themselves how they might get around these three problem areas of conventional networks. How can one design a network without user identities and what does it mean for a user to authenticate another in such a network? They suggest that rather than each user having an identity, a network based on an addressing system associated with an unlimited, user-selected list of pseudonyms can circumvent all the problems of loss of , identity theft and misplaced trust. The network authority server is then the only party, other than each user that knows their address and which of their pool of pseudonyms is associated with the address at any given time.

"The problem of anonymous communication over a network is an old and respected problem, and has inspired a considerable amount of research," the researchers explain. Papers dating back to at least 1981 have attempted to address this issue. Anonymized email based on and the layered connection approach of the Tor protocol, and Onion routing, have been used successfully over the last couple of decades. However, all of these approaches have scaling problems that limit the number of concurrent users without huge investment in network servers to carry the requisite .

The researchers explain that in their novel users do not have identities. Users are contacted by searching for their , which they change frequently. Authentication is done by the users themselves, not by the certification of a central authority. In this network, as there is no identity, there is no . "We suggest that this may be a whole new kind of network, distinct from both traditional client-server and reputation-based peer-to-peer networks," the team says.

Explore further: Ride-sharing could cut cabs' road time by 30 percent

More information: "Is that you? Authentication in a network without identities" in Int. J. Security and Networks, vol 6, issue 4, 181-190

add to favorites email to friend print save as pdf

Related Stories

Sony PlayStation network users face password change

May 01, 2011

Users of Sony's PlayStation Network will have to change their passwords, the Japanese entertainment and technology giant said Sunday as it looks to boost security after its system was hacked.

Recommended for you

Ride-sharing could cut cabs' road time by 30 percent

22 hours ago

Cellphone apps that find users car rides in real time are exploding in popularity: The car-service company Uber was recently valued at $18 billion, and even as it faces legal wrangles, a number of companies ...

Avatars make the Internet sign to deaf people

Aug 29, 2014

It is challenging for deaf people to learn a sound-based language, since they are physically not able to hear those sounds. Hence, most of them struggle with written language as well as with text reading ...

Chameleon: Cloud computing for computer science

Aug 26, 2014

Cloud computing has changed the way we work, the way we communicate online, even the way we relax at night with a movie. But even as "the cloud" starts to cross over into popular parlance, the full potential ...

User comments : 0