Email-Based Identification and Authentication: An Alternative to PKI?

F or more than a decade, businesses, governments, universities, and other organizations have developed and deployed identification–authentication systems based on public-key infrastructure (PKI). But despite this strong institutional support, an alternative system for identification and authentication organically evolved, improved, and spread during recent years. This identification–authentication regime is not based on public-key cryptography, but instead on the ability to receive email sent to a particular address. In this article, I argue that despite some security shortcomings , email-based identification and authentication (EBIA) is a reasonable approach for many current commercial and government applications. EBIA provides a better match to the usability, privacy, autonomy, resiliency, and real-world business requirements than PKI technology. Today, even sensitive applications that let us enter into binding business agreements worth thousands of dollars (for example, on eBay) and electronically transfer money between bank accounts (for example, with PayPal), use EBIA. Here, I analyze its advantages and weaknesses, discuss best practices for its continued use, and show how EBIA might evolve into a system with stronger security properties. The " Related work " textbox on page 24 describes other PKI alternatives in progress. Personal identifiers typically are names, symbols, or codes that represent a human being. Identifiers can be contextu-ally or globally unique: There is only one George Bush who lives at 1600 Pennsylvania Avenue in Washington, D.C., but there are two people named George Bush in the New York City telephone directory and another 15 elsewhere in New York state. Sometimes different people can use the same identi-fier—a family can share a telephone number, for example. Other applications require singularly unique identifiers. In 1936, the Social Security Board adopted the nine-digit social security number (SSN) system to track the earnings of different Americans with the same names. The 1935 Social Security Act required tracking each American's earnings through his or her employment lifetime because it based, in part, retirement benefits on lifetime earnings (see " The History of Social Security; " www.ssa.gov/ history/). Thus, while two people living today in New York City have the George Bush name, each of them should have a unique SSN. Moreover, those numbers should be different from that of the George Bush living on Pennsylvania Avenue in Washington, D.C., and every other person cataloged in the social security system. Universal identifiers, which the SSN has become, are identifiers used simultaneously by different organizations. But not all universal identifiers were designed …