Steven M. Bellovin is a researcher on

computer networking A computer network is a collection of communicating computers and other devices, such as printers and smart phones. In order to communicate, the computers and devices must be connected by wired media like copper cables, optical fibers, or b ...

and

security Security is protection from, or resilience against, potential harm (or other unwanted coercion). Beneficiaries (technically referents) of security may be persons and social groups, objects and institutions, ecosystems, or any other entity or ...

who has been a professor in the computer science department at

Columbia University Columbia University in the City of New York, commonly referred to as Columbia University, is a Private university, private Ivy League research university in New York City. Established in 1754 as King's College on the grounds of Trinity Churc ...

since 2005. Previously, Bellovin was a fellow at

AT&T Labs AT&T Labs, Inc. (formerly AT&T Laboratories, Inc.) is the research & development division of AT&T, the telecommunications company. It employs some 1,800 people in various locations, including: Bedminster, New Jersey; Middletown Township, New J ...

Research in Florham Park,

New Jersey New Jersey is a U.S. state, state located in both the Mid-Atlantic States, Mid-Atlantic and Northeastern United States, Northeastern regions of the United States. Located at the geographic hub of the urban area, heavily urbanized Northeas ...

. In September 2012, Bellovin was appointed chief technologist for the United States

Federal Trade Commission The Federal Trade Commission (FTC) is an independent agency of the United States government whose principal mission is the enforcement of civil (non-criminal) United States antitrust law, antitrust law and the promotion of consumer protection. It ...

, replacing Edward W. Felten, who returned to

Princeton University Princeton University is a private university, private Ivy League research university in Princeton, New Jersey, United States. Founded in 1746 in Elizabeth, New Jersey, Elizabeth as the College of New Jersey, Princeton is the List of Colonial ...

."FTC Announces Appointments to Agency Leadership Positions"
FTC press release, August 3, 2012 He served in this position from September 2012 to August 2013. In February 2016, Bellovin became the first technology scholar for the Privacy and Civil Liberties Oversight Board."Technology Scholar Appointed by Privacy and Civil Liberties Oversight Board"
, PCLOB press release, February 12, 2016

Career

Bellovin received a BA degree from

, and an MS and PhD in computer science from the

University of North Carolina at Chapel Hill The University of North Carolina at Chapel Hill (UNC, UNC–Chapel Hill, or simply Carolina) is a public university, public research university in Chapel Hill, North Carolina, United States. Chartered in 1789, the university first began enrolli ...

. As a graduate student, Bellovin was one of the originators of

USENET Usenet (), a portmanteau of User's Network, is a worldwide distributed discussion system available on computers. It was developed from the general-purpose UUCP, Unix-to-Unix Copy (UUCP) dial-up network architecture. Tom Truscott and Jim Elli ...

. He later suggested that Gene Spafford should create the Phage mailing list as a response to the

Morris Worm The Morris worm or Internet worm of November 2, 1988, is one of the oldest computer worms distributed via the Internet, and the first to gain significant mainstream media attention. It resulted in the first felony conviction in the US under the ...

. Bellovin and Michael Merritt invented the encrypted key exchange

password-authenticated key agreement In cryptography, a password-authenticated key agreement (PAK) method is an interactive method for two or more parties to establish cryptographic keys based on one or more parties' knowledge of a password. An important property is that an eavesdrop ...

methods. He was also responsible for the discovery that

one-time pad The one-time pad (OTP) is an encryption technique that cannot be Cryptanalysis, cracked in cryptography. It requires the use of a single-use pre-shared key that is larger than or equal to the size of the message being sent. In this technique, ...

s were invented in 1882, not 1917, as previously believed. Bellovin has been active in the

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...

. He was a member of the

Internet Architecture Board The Internet Architecture Board (IAB) is a committee of the Internet Engineering Task Force (IETF) and an advisory body of the Internet Society (ISOC). Its responsibilities include architectural oversight of IETF activities, Internet Standards ...

from 1996–2002. Bellovin later was security area codirector, and a member of the

Internet Engineering Steering Group The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...

(IESG) from 2002–2004. He identified some key security weaknesses in the

Domain Name System The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information ...

; this and other weaknesses eventually led to the development of

DNSSEC The Domain Name System Security Extensions (DNSSEC) is a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System ( DNS) in Internet Protocol ( IP) networks. The protoco ...

. He received 2007 National Computer Systems Security Award by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). In 2001, he was elected as a member into the

National Academy of Engineering The National Academy of Engineering (NAE) is an American Nonprofit organization, nonprofit, NGO, non-governmental organization. It is part of the National Academies of Sciences, Engineering, and Medicine (NASEM), along with the National Academ ...

for his contributions to network applications and security. In 2015, Bellovin was part of a team of proponents that included

Matt Blaze Matt Blaze is an American researcher who focuses on the areas of secure systems, cryptography, and trust management. He is currently the McDevitt Chair of Computer Science and Law at Georgetown University, and is on the board of directors of the ...

, J. Alex Halderman,

Nadia Heninger Nadia Heninger (born 1982) is an American cryptography, cryptographer, computer security expert, and Computational number theory, computational number theorist at the University of California, San Diego. Contributions Heninger is known for her wo ...

, and Andrea M. Matwyshyn who successfully proposed a security research exemption to Section 1201 of the Digital Millennium Copyright Act. Bellovin is an active

NetBSD NetBSD is a free and open-source Unix-like operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was fork (software development), forked. It continues to ...

user and a

developer focusing on architectural, operational, and security issues. He is a two-time recipient of the Usenix Lifetime Achievement Award. In 1995 he and two others received the award “for their work in creating

.”. In 2023, he and two others received the award “for a profound and lasting impact on Computer Science, Computer Security, Law, and Public Policy through their groundbreaking research, their influential publications, and their dedication to advancing knowledge that informs public policy.”.

Selected publications

Bellovin is the author and co-author of several books, RFCs and technical papers, including: * '' Firewalls and Internet Security: Repelling the Wily Hacker'' (with W. Cheswick) – one of the first books on internet security. ** ''Firewalls and Internet Security: Repelling the Wily Hacker'' 2nd edition (with Cheswick and Aviel D. Rubin) * ''Thinking Security: Stopping Next Year's Hackers'' (2015) * ''Firewall-Friendly FTP'' * ''Security Concerns for IPng'' * ''On Many Addresses per Host'' * ''Defending Against Sequence Number Attacks'' * RFC 3514 ''The Security Flag in the IPv4 Header'' ( April Fools' Day RFC) * ''On the Use of Stream Control Transmission Protocol (SCTP) with IPsec'' (with J. Ioannidis, A. Keromytis, R. Stewart.) * ''Security Mechanisms for the Internet'' (with J. Schiller, Ed., C. Kaufman) * ''Guidelines for Cryptographic Key Management'' (with R. Housley) As of October 21, 2020, his publications have been cited 19,578 times, and he has an

h-index The ''h''-index is an author-level metric that measures both the productivity and citation impact of the publications, initially used for an individual scientist or scholar. The ''h''-index correlates with success indicators such as winning t ...

of 59.

References

External links

Missing Link: Knotty Privacy – Interview With Steven Bellovin
Heise News, August 4, 2019
"Steven M. Bellovin", DBLP Bibliography "Amnesty v. McConnell - Declaration of Steven M. Bellovin", ''ACLU''
{{DEFAULTSORT:Bellovin, Steven M. American computer security academics Members of the United States National Academy of Engineering Living people Stuyvesant High School alumni Columbia College (New York) alumni Scientists at Bell Labs American chief technology officers Columbia School of Engineering and Applied Science faculty Usenet people Cypherpunks Year of birth missing (living people) Federal Trade Commission personnel Scientists from Brooklyn

Career

Selected publications

See also

References

External links