SAN FRANCISCO -- While anonymity is often employed as a security mechanism by Internet users, strong authentication and unique identifiers are more practical methods, based on comments made by Vint Cerf, chief Internet evangelist at Google.
"The notion of uniqueness is incredibly powerful. It should never be given up," asserted Cerf while speaking at the 2013 RSA Conference.
Often referred to as one of the fathers of the Internet, Cerf delivered a sincere lecture about "axiomatic authentication," or pseudonyms versus precise identification, to a packed keynote hall on Wednesday afternoon.
Acknowledging that some of his ideas might be "stupid," Cerf also argued his suggestions about more secure systems might also all be about simplicity.
In describing a hypothetical situation about discovering if a person's online identity is valid or not, Cerf touched on the debate around digital signatures and just how authoritative this medium is yet.
Cerf explained, "It's often the case that people try to imbue the digital environment to insist it provide more functionality and assurance than the real world does. I think that's a little unfair. But we don't want the digital environment to be any less trusted."
Cerf noted that it often depends on the jurisdiction of where the digital signature was created given that some countries have passed laws that digital signatures are just as legal as printed signatures. But he hinted that still doesn't solve the question of how they are really validated.
"There all kinds of details that we have to work out that this can be trusted as much as physical signatures," Cerf explained. "It's often the case that people try to imbue the digital environment to insist it provide more functionality and assurance than the real world does. I think that's a little unfair. But we don't want the digital environment to be any less trusted."
The challenge that Cerf put forth to the developers and engineers in the audience is to design a system that capitalizes on the strong authentication property to configured closed or open systems to manage or access authenticated devices. Cerf suggested to imagine a device running on hardware that can generate public and private key pairs in which the private key can't be extracted without destroying the pair. Furthermore, imagine that the private key can't be computed from the public key -- at least not in any amount of time that would be useful. Finally, this device needs to encrypt or decrypt digital objects on demand. Citing the number of connected and mobile devices growing like wildfire worldwide, Cerf warned we should be very thoughtful that a lot of these devices are going to be apart of our environment. He continued to say that there might be hundreds of devices associated with us (and therefore, our personal data) at home, in cars, at work, and elsewhere. Thus, he said we don't want them to be interfered with or release information to parties other than the ones we want to authorize. Revisiting the challenge about verifying identities through a chip that can manage public and private profiles on-demand, Cerf posited that exact identification is the ticket. He concluded, "We want strong authentication to be our friend here."