RSA Data Security, Inc

Template:Blacklisted-links

RSA Security LLC
RSA
Type Division of EMC Corporation
Traded as Template:NASDAQ was
Industry Encryption and Network Security
Fate Acquired by EMC Corporation
Founded 1982[1][2]
Founder(s) [1]
Headquarters Bedford, Massachusetts, United States
Key people
  • Thomas P. Heiser (President)
  • Arthur W. Coviello, Jr. (Executive Chairman)
Products Encryption and network security software
Revenue Not separately disclosed by EMC
Employees 1,319 (as of 2007)
Parent EMC Corporation
Website

RSA Security LLC,[3] formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company. RSA was named after the initials of its co-founders, Ron Rivest, Adi Shamir, and Len Adleman, after whom the RSA public key cryptography algorithm was also named.[4] Among its products include the RSA BSAFE cryptography libraries and the SecurID authentication token. It also organizes the annual RSA Conference, an information security conference.

Founded as an independent company in 1982, RSA Security, Inc. was acquired by EMC Corporation in 2006 for US$ 2.1 billion and operates as a division within EMC.[5]

RSA is based in Bedford, Massachusetts, maintaining offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan.

History

Ron Rivest, Adi Shamir and Leonard Adleman developed the RSA encryption algorithm in 1977. They founded RSA Data Security in 1982.[1][2]

  • In 1995 RSA sent a handful of people across the hall to found Digital Certificates International, better known as VeriSign.
  • The company then called Security Dynamics acquired RSA Data Security in July 1996 and DynaSoft AB in 1997.
  • In January 1997 it proposed the first of the DES Challenges which led to the first public breaking of a message based on the Data Encryption Standard.
  • In February 2001, it acquired Xcert International, Inc., a privately held company that developed and delivered digital certificate-based products for securing e-business transactions.
  • In May 2001, it acquired 3-G International, Inc., a privately held company that developed and delivered smart card and biometric authentication products.
  • In August 2001, it acquired Securant Technologies, Inc., a privately held company that produced ClearTrust, an identity management product.
  • In December 2005, it acquired Cyota, a privately held Israeli company specializing in online security and anti-fraud solutions for financial institutions.
  • In April 2006 it acquired PassMark Security.
  • On September 14, 2006, RSA stockholders approved the acquisition of the company by EMC Corporation for $2.1 billion.[5][6][7]
  • On 2007 RSA acquired Valyd Software, a Hyderabad based Indian company specializing in File and Data Security .
  • In 2009 RSA launched the RSA Share Project.[8] As part of this project, some of the RSA BSAFE libraries were made available for free. To promote the launch, RSA ran a programming competition with a US$10,000 first prize.[9]
  • RSA introduced a new CyberCrime Intelligence Service designed to help organisations identify computers, information assets and identities compromised by trojans and other online attacks.[10]

Products

RSA enVision is a security information and event management (SIEM) platform, with centralised log-management service that enables organisations to simplify compliance process as well as optimise security-incident management as they occur.[11]

Security breach

On March 17, 2011, approximately a month after announcing its CyberCrime Intelligence Service, RSA disclosed that it had been hacked. It categorized the attack on its two-factor authentication products as an Advanced Persistent Threat.[12] The breach has links to the Sykipot attacks, the July 2011 SK Communications hack and the NightDragon series of attacks.[13] These links are what suggest that the same attackers are behind each of the attacks, and therefore that RSA was hacked by an APT.

NSA backdoor

As part of the Snowden leaks, it has been revealed that the US National Security Agency has been actively working to "Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets" as part of the Bullrun program.[14] RSA has shipped the products BSAFE toolkit and Data Protection Manager with a setting to use the Dual_EC_DRBG random number generator by default, which New York Times reported in 2013 contained a backdoor from the NSA. Encryption keys generated by a predictable random number generator would then be much easier to break by NSA. Because Dual_EC_DRBG had been shown already in 2006 and 2007 to be both a very poor random number generator, and to potentially contain the later confirmed backdoor, Professor Matthew Green has noted that no competent cryptographer would have used Dual_EC_DRBG, with the implicit underlying accusation that RSA security (or an RSA security employee) was pressured by the US government to insert the backdoor into their products. RSA Security recommended that users switch away from Dual_EC_DRBG after the New York Times' revelation of the backdoor in 2013, but denied that they had inserted a backdoor on purpose.[15][16]

So why would RSA pick Dual_EC as the default? You got me. Not only is Dual_EC hilariously slow -- which has real performance implications -- it was shown to be a just plain bad random number generator all the way back in 2006. By 2007, when Shumow and Ferguson raised the possibility of a backdoor in the specification, no sensible cryptographer would go near the thing. And the killer is that RSA employs a number of highly distinguished cryptographers! It's unlikely that they'd all miss the news about Dual_EC.
—Matthew Green, cryptographer and research professor at Johns Hopkins University, [15]

See also

References

External links

  • Verisign. Oral history interview 2004, Mill Valley, California.
  • RSA Data Security and VeriSign.
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.