Steven M. Bellovin
Encyclopedia
Steven M. Bellovin is a researcher on computer networking and security. He is currently a Professor in the Computer Science department at Columbia University
, having previously been a Fellow at AT&T Labs
Research in Florham Park, New Jersey
.
, and an MS and PhD in Computer Science from the University of North Carolina at Chapel Hill
.
As a graduate student, Bellovin was one of the originators of USENET
. He later suggested that Gene Spafford
should create the Phage mailing list as a response to the Morris Worm.
He and Michael Merritt invented the Encrypted key exchange
password-authenticated key agreement
methods.
Bellovin has been active in the IETF
. He was a member of the Internet Architecture Board
from 1996-2002. Bellovin later was Security Area co-director, and a member of the Internet Engineering Steering Group
(IESG) from 2002-2004. He identified some key security weaknesses in the Domain Name System
; this and other weaknesses eventually led to the development of DNSSEC
.
He received 2007 National Computer Systems Security Award by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA).. In 2001, he was elected to the National Academy of Engineering
for his contributions to network and security.
He was responsible for the discovery that one-time pads
were invented in 1882, not 1917, as previously believed.
Bellovin is an active NetBSD
user and a NetBSD
developer focusing on architectural, operational, and security issues.
Columbia University
Columbia University in the City of New York is a private, Ivy League university in Manhattan, New York City. Columbia is the oldest institution of higher learning in the state of New York, the fifth oldest in the United States, and one of the country's nine Colonial Colleges founded before the...
, having previously been a Fellow at AT&T Labs
AT&T Labs
AT&T Labs, Inc. is the research & development division of AT&T, where scientists and engineers work to understand and advance innovative technologies relevant to networking, communications, and information. Over 1800 employees work in six locations: Florham Park, NJ; Middletown, NJ; Austin, TX;...
Research in Florham Park, New Jersey
New Jersey
New Jersey is a state in the Northeastern and Middle Atlantic regions of the United States. , its population was 8,791,894. It is bordered on the north and east by the state of New York, on the southeast and south by the Atlantic Ocean, on the west by Pennsylvania and on the southwest by Delaware...
.
Career
He received a BA degree from Columbia UniversityColumbia University
Columbia University in the City of New York is a private, Ivy League university in Manhattan, New York City. Columbia is the oldest institution of higher learning in the state of New York, the fifth oldest in the United States, and one of the country's nine Colonial Colleges founded before the...
, and an MS and PhD in Computer Science from the University of North Carolina at Chapel Hill
University of North Carolina at Chapel Hill
The University of North Carolina at Chapel Hill is a public research university located in Chapel Hill, North Carolina, United States...
.
As a graduate student, Bellovin was one of the originators of USENET
Usenet
Usenet is a worldwide distributed Internet discussion system. It developed from the general purpose UUCP architecture of the same name.Duke University graduate students Tom Truscott and Jim Ellis conceived the idea in 1979 and it was established in 1980...
. He later suggested that Gene Spafford
Gene Spafford
Eugene Howard Spafford , commonly known as Spaf, is a professor of computer science at Purdue University and a leading computer security expert....
should create the Phage mailing list as a response to the Morris Worm.
He and Michael Merritt invented the Encrypted key exchange
Encrypted key exchange
Encrypted Key Exchange is a family of password-authenticated key agreement methods described by Steven M. Bellovin and Michael Merritt...
password-authenticated key agreement
Password-authenticated key agreement
In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
methods.
Bellovin has been active in the IETF
Internet Engineering Task Force
The Internet Engineering Task Force develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite...
. He was a member of the Internet Architecture Board
Internet Architecture Board
The Internet Architecture Board is the committee charged with oversight of the technical and engineering development of the Internet by the Internet Society ....
from 1996-2002. Bellovin later was Security Area co-director, and a member of the Internet Engineering Steering Group
Internet Engineering Steering Group
The Internet Engineering Steering Group is a body composed of the Internet Engineering Task Force chair and area directors.It provides the final technical review of Internet standards and is responsible for day-to-day management of the IETF...
(IESG) from 2002-2004. He identified some key security weaknesses in the Domain Name System
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
; this and other weaknesses eventually led to the development of DNSSEC
DNSSEC
The Domain Name System Security Extensions is a suite of Internet Engineering Task Force specifications for securing certain kinds of information provided by the Domain Name System as used on Internet Protocol networks...
.
He received 2007 National Computer Systems Security Award by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA).. In 2001, he was elected to the National Academy of Engineering
National Academy of Engineering
The National Academy of Engineering is a government-created non-profit institution in the United States, that was founded in 1964 under the same congressional act that led to the founding of the National Academy of Sciences...
for his contributions to network and security.
He was responsible for the discovery that one-time pads
One-time pad
In cryptography, the one-time pad is a type of encryption, which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key of the same length as the plaintext, resulting...
were invented in 1882, not 1917, as previously believed.
Bellovin is an active NetBSD
NetBSD
NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...
user and a NetBSD
NetBSD
NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...
developer focusing on architectural, operational, and security issues.
Selected publications
Bellovin is the author and co-author of several books, RFCs and technical papers, including:- Firewalls and Internet Security: Repelling the Wily Hacker ISBN 0-201-63357-4 (with W. Cheswick) - one of the first books on internet security.
- RFC 1579 Firewall-Friendly FTP
- RFC 1675 Security Concerns for IPng
- RFC 1681 On Many Addresses per Host
- RFC 1948 Defending Against Sequence Number Attacks
- RFC 3514 The Security Flag in the IPv4 Header (April Fools' Day RFCApril Fools' Day RFCAlmost every April Fools' Day since 1989, the Internet Engineering Task Force has published one or more humorous RFC documents, following in the path blazed by the June 1973 RFC 527 entitled ARPAWOCKY, which parodied Lewis Carroll's nonsense poem Jabberwocky...
) - RFC 3554 On the Use of Stream Control Transmission Protocol (SCTP) with IPsec (with J. Ioannidis, A. Keromytis, R. Stewart.)
- RFC 3631 Security Mechanisms for the Internet (with J. Schiller, Ed., C. Kaufman)
- RFC 4107 Guidelines for Cryptographic Key Management (with R. Housley)