Steven M. Bellovin
|Alma mater||Columbia University|
|Known for||USENET; computer security; firewalls; cryptography|
|Doctoral advisor||David Parnas|
Steven M. Bellovin is a researcher on computer networking and security. He has been a professor in the Computer Science department at Columbia University since 2005. Previously, Bellovin was a Fellow at AT&T Labs Research in Florham Park, New Jersey.
In September 2012, Bellovin was appointed Chief Technologist for the United States Federal Trade Commission, replacing Edward W. Felten, who returned to Princeton University. He served in this position from September 2012 to August 2013.
He and Michael Merritt invented the Encrypted key exchange password-authenticated key agreement methods. He was also responsible for the discovery that one-time pads were invented in 1882, not 1917, as previously believed.
Bellovin has been active in the IETF. He was a member of the Internet Architecture Board from 1996–2002. Bellovin later was Security Area co-director, and a member of the Internet Engineering Steering Group (IESG) from 2002–2004. He identified some key security weaknesses in the Domain Name System; this and other weaknesses eventually led to the development of DNSSEC.
He received 2007 National Computer Systems Security Award by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). In 2001, he was elected as a member into the National Academy of Engineering for his contributions to network applications and security.
In 2015, Bellovin was part of a team of proponents that included Matt Blaze, J. Alex Halderman, Nadia Heninger, and Andrea M. Matwyshyn who successfully proposed a security research exemption to Section 1201 of the Digital Millennium Copyright Act.
Bellovin is the author and co-author of several books, RFCs and technical papers, including:
- Firewalls and Internet Security: Repelling the Wily Hacker ISBN 0-201-63357-4 (with W. Cheswick) – one of the first books on internet security.
- Thinking Security: Stopping Next Year's Hackers (2015) ISBN 978-0134277547
- RFC 1579 Firewall-Friendly FTP
- RFC 1675 Security Concerns for IPng
- RFC 1681 On Many Addresses per Host
- RFC 1948 Defending Against Sequence Number Attacks
- RFC 3514 The Security Flag in the IPv4 Header (April Fools' Day RFC)
- RFC 3554 On the Use of Stream Control Transmission Protocol (SCTP) with IPsec (with J. Ioannidis, A. Keromytis, R. Stewart.)
- RFC 3631 Security Mechanisms for the Internet (with J. Schiller, Ed., C. Kaufman)
- RFC 4107 Guidelines for Cryptographic Key Management (with R. Housley)
This article needs additional citations for verification. (October 2019)
- Steve Bellovin's home page
- "Steven M. Bellovin | InformIT".
- "Archived copy". Archived from the original on 2010-12-05. Retrieved 2010-03-20.CS1 maint: archived copy as title (link)
- "FTC Announces Appointments to Agency Leadership Positions", FTC press release, August 3, 2012
- "FTC Chief Technologists". Federal Trade Commission. 2018-05-01. Retrieved 2021-07-02.
- "Technology Scholar Appointed by Privacy and Civil Liberties Oversight Board" Archived 2016-02-17 at the Wayback Machine, PCLOB press release, February 12, 2016
- "Columbia College Today" (PDF). Columbia College Today. Fall 2019. p. 58. Retrieved December 24, 2020.
- John Markoff (July 25, 2011). "Codebook Shows an Encryption Form Dates Back to Telegraphs". New York Times. Retrieved 2011-07-26.
- NIST/NSA National Computer Systems Security Award 2007
- "Dr. Steven M. Bellovin".
- "Section 1201 Rulemaking: Sixth Triennial Proceeding to Determine Exemptions to the Prohibition on Circumvention" (PDF).
- "Steven Bellovin - Google Scholar Citations". scholar.google.com. Retrieved 2020-10-21.