Misplaced Pages

RSA Security: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 16:55, 22 January 2014 edit128.221.224.61 (talk) NSA Dual_EC_DRBG backdoorTag: section blanking← Previous edit Revision as of 17:31, 22 January 2014 edit undoPRRfan (talk | contribs)Extended confirmed users34,719 edits rv, come discuss at Talk pageNext edit →
Line 51: Line 51:
|accessdate=February 10, 2012}}</ref> RSA called it an ].<ref name="RSAHACKED">{{cite web|url=http://www.computerweekly.com/Articles/2011/03/18/245974/RSA-hit-by-advanced-persistent-threat-attacks.htm |title=RSA hit by advanced persistent threat attacks |date=March 18, 2011 |work=Computer Weekly |accessdate=May 4, 2011}}</ref> |accessdate=February 10, 2012}}</ref> RSA called it an ].<ref name="RSAHACKED">{{cite web|url=http://www.computerweekly.com/Articles/2011/03/18/245974/RSA-hit-by-advanced-persistent-threat-attacks.htm |title=RSA hit by advanced persistent threat attacks |date=March 18, 2011 |work=Computer Weekly |accessdate=May 4, 2011}}</ref>


===Relationship with NSA===
RSA's relationship with the NSA changed over the years. Menn, as well as cybersecurity analyst ]<ref name="carr" />, noted that the two once had an adversarial relationship. In the company's early years, RSA and its leaders were prominent advocates of strong cryptography for public use, while NSA and the Bush and Clinton administrations sought to prevent its proliferation.

{{quote|For almost 10 years, I've been going toe to toe with these people at Fort Meade. The success of this company <nowiki></nowiki> is the worst thing that can happen to them. To them, we're the real enemy, we're the real target. We have the system that they're most afraid of. If the U.S. adopted RSA as a standard, you would have a truly international, interoperable, unbreakable, easy-to-use encryption technology. And all those things together are so synergistically theatening to the N.S.A.'s interests that it's driving them into a frenzy.|RSA president James Bidzos in a June 1994 interview with the New York Times<ref name="carr">http://jeffreycarr.blogspot.dk/2014/01/nsas-10m-rsa-contract-origins.html</ref>}}

In the mid-1990s, RSA and Bidzos led a "fierce" public campaign against the ], an encryption chip with a backdoor to allow the U.S. government to decrypt communications. The Clinton administration pressed telecommunications companies to use the chip in their devices, and relaxed ] on products that used it. (Such restrictions had prevented RSA Security from selling its software abroad.) RSA joined civil libertarians and others in opposing the Clipper Chip by, among other things, distributing posters with a foundering sailing ship and the words "Sink Clipper!"<ref name="NSApaid" />

The relationship shifted from adversarial to cooperative after Bidzos stepped down as CEO in 1999, according to Victor Chan, who led RSA's department engineering until 2005: "When I joined there were 10 people in the labs, and we were fighting the NSA. It became a very different company later on."<ref name="NSApaid" />

For example, in 2010, RSA was reported to have accepted $10 million from the NSA to weaken encryption in its products. Moreover, company officials released a statement that said NSA had been an advocate of strong encryption in 2004:

{{quote|We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.|RSA, The Security Division of EMC<ref>https://blogs.rsa.com/news-media-2/rsa-response/</ref>}}

===NSA Dual_EC_DRBG backdoor===
From 2004 to 2013, RSA shipped security software — ] and ] &mdash; that included a secret ] ] in the random number generator ], which made data encrypted with these tools much easier to break for NSA, which had the secret ] to the back door. RSA Security was the most important distributor of the backdoored algorithm,<ref name="NSApaid" /> through other companies' use of their BSAFE cryptography library.

RSA Security employees had long been aware, at least, that Dual_EC_DRBG might contain a backdoor. Three employees were members of the ANSI X9F1 Tool Standards and Guidelines Group, to which Dual_EC_DRBG had been submitted for consideration in the early 1990s.<ref name="green_other">http://blog.cryptographyengineering.com/2013/12/a-few-more-notes-on-nsa-random-number.html</ref> The possibility that the random number generator could contain a backdoor was "first raised in an ANSI X9 meeting", according to John Kelsey, a co-author of the ] standard that contains Dual_EC_DRBG.<ref name="kelsey" />

In the mid-2000s, various researchers confirmed that Dual_EC_DRBG was a poor random number generator, and that the weaknesses could work as a carefully designed backdoor.<ref>http://eprint.iacr.org/2006/190</ref> In January 2005, two employees of the cryptography company ] &mdash; they were also members of the X9F1 group &mdash; wrote a patent application that described a backdoor for Dual_EC_DRBG identical to the NSA one.<ref name="patent">https://www.google.com/patents/CA2594670A1</ref> The patent application also described two ways to neutralize the backdoor. One of these &mdash; ensuring that two arbitrary elliptic curve points P and Q used in Dual_EC_DRBG are independently chosen &mdash; was added to the standard as an option, though NSA's backdoored version of P and Q remained as the standard's default option. (Kelsey knows of no implementers who actually generated their own non-backdoored P and Q.<ref name="kelsey">http://cryptome.org/2013/12/800-90-dual-ec-drbg.pdf</ref>)

Nevertheless, NIST included Dual_EC_DRBG in its 2006 ] standard, largely at the behest of NSA officials,<ref name="schneier" /> who had cited RSA Security's early use of the random number generator as an argument for its inclusion.<ref name="NSApaid" />

The ANSI standard group's suspicion had apparently not been widely publicized, because the potential backdoor was rediscovered in 2007 by Dan Shumow and Niels Ferguson when they implemented Dual_EC_DRBG in Windows.<ref>http://rump2007.cr.yp.to/15-shumow.pdf</ref> Shumow and Ferguson's work drew enough attention to the problem that security researcher ] declared that henceforth, no one could be tricked into using Dual_EC_DRBG.<ref>https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html</ref> (There does not seem to have been a general awareness that RSA Security had made it the default in some of its products until the Snowden leak.<ref name="schneier">{{cite web|url=https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html|title=The Strange Story of Dual_EC_DRBG|author=Bruce Schneier}}</ref>)

Given the strong and widely circulated technical arguments not to use Dual_EC_DRBG, Johns Hopkins University professor Matthew Green speculated in September 2013 that RSA Security (or an RSA Security employee) was pressured by the U.S. government to use it.<ref name="green" />

{{quote|text=So why would RSA pick Dual_EC as the default? You got me. Not only is Dual_EC hilariously slow — which has real performance implications — it was shown to be a just plain bad random number generator all the way back in 2006. By 2007, when Shumow and Ferguson raised the possibility of a backdoor in the specification, no sensible cryptographer would go near the thing. And the killer is that RSA employs a number of highly distinguished cryptographers! It's unlikely that they'd all miss the news about Dual_EC.|sign=Matthew Green, cryptographer and research professor at Johns Hopkins University|source=<ref name="green" />}}

In September 2013, the New York Times, drawing on the ], revealed that the NSA worked to "Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets" as part of the ] program. One of these vulnerabilities, the Times reported, was the Dual_EC_DRBG backdoor.<ref name="nyt9-13">{{cite web|url=http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html|publisher=New York Times|title=Secret Documents Reveal N.S.A. Campaign Against Encryption}}</ref>

After the Times published its article, RSA Security recommended that users switch away from Dual_EC_DRBG, but denied that they had deliberately inserted a backdoor.<ref name="green">{{cite web|url=http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html|title=RSA warns developers not to use RSA products|author=Matthew Green}}</ref><ref name="ars">{{cite web|url=http://arstechnica.com/security/2013/09/we-dont-enable-backdoors-in-our-crypto-products-rsa-tells-customers/|title=We don’t enable backdoors in our crypto products, RSA tells customers|publisher=Ars Technica}}</ref> RSA Security officials have largely declined to explain why they did not remove the dubious random number generator once the flaws became known (saying, for example, that "Dual_EC_DRBG was an accepted and publicly scrutinized standard")<ref name="ars" /> or why they did not implement the simple mitigation that NIST added to the standard to neutralize the suggested and later verified back door.<ref name="green" />

On {{date|2013-12-20}}, ]' Joseph Menn reported that NSA secretly paid RSA Security $10 million to set Dual_EC_DRBG as default in 2004. The story quoted former RSA Security employees as saying that "no alarms were raised because the deal was handled by business leaders rather than pure technologists".<ref name="NSApaid">{{cite news | url=http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220 | title=Exclusive: Secret contract tied NSA and security industry pioneer | date=December 20, 2013 | agency=Reuters | accessdate=December 20, 2013 | author=Menn, Joseph | location=San Francisco}}</ref> Interviewed by CNET, Schneier called the $10 million deal a bribe.<ref>{{cite web|url=http://news.cnet.com/8301-1009_3-57616205-83/security-firm-rsa-took-millions-from-nsa-report/|title=Security firm RSA took millions from NSA: report|publisher=CNET}}</ref>

RSA officials responded that they have not "entered into any contract or engaged in any project with the intention of weakening RSA’s products."<ref>{{cite web|url=https://blogs.rsa.com/news-media-2/rsa-response/|title=RSA Response to Media Claims Regarding NSA Relationship|publisher=RSA Security}}</ref> Menn stood by his story,<ref>http://www.theregister.co.uk/2013/12/23/rsa_nsa_response/</ref> and media analysis noted that RSA's carefully worded reply denied only that company officials knew about the backdoor when they agreed to the deal, an assertion Menn's story did not make.<ref>{{cite web|url=http://www.techdirt.com/articles/20131222/23532125671/rsas-denial-concerning-10-million-nsa-to-promote-broken-crypto-not-really-denial-all.shtml|title=RSA's 'Denial' Concerning $10 Million From The NSA To Promote Broken Crypto Not Really A Denial At All|publisher=techdirt}}</ref>

Finnish ] researcher ] cancelled his planned speech at the 2014 ] because of this backdoor,<ref>{{cite web|url=http://www.f-secure.com/weblog/archives/00002651.html|title=An Open Letter to the Chiefs of EMC and RSA}}</ref> and so have several others.<ref>{{cite web|url=http://news.cnet.com/8301-1009_3-57616842-83/rsa-conference-speakers-begin-to-bail-thanks-to-nsa/|title=C-net news}}</ref>
==Products== ==Products==
{{Expand section|date=December 2012}} {{Expand section|date=December 2012}}

Revision as of 17:31, 22 January 2014

RSA Security LLC
RSA Logo
Trade nameRSA
Company typeDivision of EMC Corporation
Traded asNasdaq: RSAS
IndustryEncryption and Network Security
Founded1982
Founder
FateAcquired by EMC Corporation
HeadquartersBedford, Massachusetts, United States
Key people
  • Thomas P. Heiser (President)
  • Arthur W. Coviello, Jr. (Executive Chairman)
ProductsEncryption and network security software
RevenueNot separately disclosed by EMC
Number of employees1,319 (as of 2007)
ParentEMC Corporation
Websitewww.rsa.com

RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company. RSA was named after the initials of its co-founders, Ron Rivest, Adi Shamir, and Len Adleman, after whom the RSA public key cryptography algorithm was also named. Among its products include the RSA BSAFE cryptography libraries and the SecurID authentication token. It also organizes the annual RSA Conference, an information security conference.

Founded as an independent company in 1982, RSA Security, Inc. was acquired by EMC Corporation in 2006 for US$2.1 billion and operates as a division within EMC.

RSA is based in Bedford, Massachusetts, maintaining offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan.

History

Ron Rivest, Adi Shamir and Leonard Adleman, who developed the RSA encryption algorithm in 1977, founded RSA Data Security in 1982.

  • In 1995, RSA sent a handful of people across the hall to found Digital Certificates International, better known as VeriSign.
  • The company then called Security Dynamics acquired RSA Data Security in July 1996 and DynaSoft AB in 1997.
  • In January 1997, it proposed the first of the DES Challenges which led to the first public breaking of a message based on the Data Encryption Standard.
  • In February 2001, it acquired Xcert International, Inc., a privately held company that developed and delivered digital certificate-based products for securing e-business transactions.
  • In May 2001, it acquired 3-G International, Inc., a privately held company that developed and delivered smart card and biometric authentication products.
  • In August 2001, it acquired Securant Technologies, Inc., a privately held company that produced ClearTrust, an identity management product.
  • In December 2005, it acquired Cyota, a privately held Israeli company specializing in online security and anti-fraud solutions for financial institutions.
  • In April 2006, it acquired PassMark Security.
  • On September 14, 2006, RSA stockholders approved the acquisition of the company by EMC Corporation for $2.1 billion.
  • On 2007 RSA acquired Valyd Software, a Hyderabad-based Indian company specializing in file and data security .
  • In 2009 RSA launched the RSA Share Project. As part of this project, some of the RSA BSAFE libraries were made available for free. To promote the launch, RSA ran a programming competition with a US$10,000 first prize.
  • In 2011, RSA introduced a new CyberCrime Intelligence Service designed to help organizations identify computers, information assets and identities compromised by trojans and other online attacks.

SecurID security breach

RSA SecurID security tokens.
Main article: SecurID § March_2011_system_compromise

On March 17, 2011, about a month after announcing its CyberCrime Intelligence Service, RSA disclosed an attack on its two-factor authentication products. The attack was similar to the Sykipot attacks, the July 2011 SK Communications hack, and the NightDragon series of attacks. RSA called it an Advanced Persistent Threat.

Relationship with NSA

RSA's relationship with the NSA changed over the years. Menn, as well as cybersecurity analyst Jeffrey Carr, noted that the two once had an adversarial relationship. In the company's early years, RSA and its leaders were prominent advocates of strong cryptography for public use, while NSA and the Bush and Clinton administrations sought to prevent its proliferation.

For almost 10 years, I've been going toe to toe with these people at Fort Meade. The success of this company is the worst thing that can happen to them. To them, we're the real enemy, we're the real target. We have the system that they're most afraid of. If the U.S. adopted RSA as a standard, you would have a truly international, interoperable, unbreakable, easy-to-use encryption technology. And all those things together are so synergistically theatening to the N.S.A.'s interests that it's driving them into a frenzy.

— RSA president James Bidzos in a June 1994 interview with the New York Times

In the mid-1990s, RSA and Bidzos led a "fierce" public campaign against the Clipper Chip, an encryption chip with a backdoor to allow the U.S. government to decrypt communications. The Clinton administration pressed telecommunications companies to use the chip in their devices, and relaxed export restrictions on products that used it. (Such restrictions had prevented RSA Security from selling its software abroad.) RSA joined civil libertarians and others in opposing the Clipper Chip by, among other things, distributing posters with a foundering sailing ship and the words "Sink Clipper!"

The relationship shifted from adversarial to cooperative after Bidzos stepped down as CEO in 1999, according to Victor Chan, who led RSA's department engineering until 2005: "When I joined there were 10 people in the labs, and we were fighting the NSA. It became a very different company later on."

For example, in 2010, RSA was reported to have accepted $10 million from the NSA to weaken encryption in its products. Moreover, company officials released a statement that said NSA had been an advocate of strong encryption in 2004:

We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.

— RSA, The Security Division of EMC

NSA Dual_EC_DRBG backdoor

From 2004 to 2013, RSA shipped security software — BSAFE toolkit and Data Protection Manager — that included a secret National Security Agency backdoor in the random number generator Dual_EC_DRBG, which made data encrypted with these tools much easier to break for NSA, which had the secret private key to the back door. RSA Security was the most important distributor of the backdoored algorithm, through other companies' use of their BSAFE cryptography library.

RSA Security employees had long been aware, at least, that Dual_EC_DRBG might contain a backdoor. Three employees were members of the ANSI X9F1 Tool Standards and Guidelines Group, to which Dual_EC_DRBG had been submitted for consideration in the early 1990s. The possibility that the random number generator could contain a backdoor was "first raised in an ANSI X9 meeting", according to John Kelsey, a co-author of the NIST SP 800-90A standard that contains Dual_EC_DRBG.

In the mid-2000s, various researchers confirmed that Dual_EC_DRBG was a poor random number generator, and that the weaknesses could work as a carefully designed backdoor. In January 2005, two employees of the cryptography company Certicom — they were also members of the X9F1 group — wrote a patent application that described a backdoor for Dual_EC_DRBG identical to the NSA one. The patent application also described two ways to neutralize the backdoor. One of these — ensuring that two arbitrary elliptic curve points P and Q used in Dual_EC_DRBG are independently chosen — was added to the standard as an option, though NSA's backdoored version of P and Q remained as the standard's default option. (Kelsey knows of no implementers who actually generated their own non-backdoored P and Q.)

Nevertheless, NIST included Dual_EC_DRBG in its 2006 NIST SP 800-90A standard, largely at the behest of NSA officials, who had cited RSA Security's early use of the random number generator as an argument for its inclusion.

The ANSI standard group's suspicion had apparently not been widely publicized, because the potential backdoor was rediscovered in 2007 by Dan Shumow and Niels Ferguson when they implemented Dual_EC_DRBG in Windows. Shumow and Ferguson's work drew enough attention to the problem that security researcher Bruce Schneier declared that henceforth, no one could be tricked into using Dual_EC_DRBG. (There does not seem to have been a general awareness that RSA Security had made it the default in some of its products until the Snowden leak.)

Given the strong and widely circulated technical arguments not to use Dual_EC_DRBG, Johns Hopkins University professor Matthew Green speculated in September 2013 that RSA Security (or an RSA Security employee) was pressured by the U.S. government to use it.

So why would RSA pick Dual_EC as the default? You got me. Not only is Dual_EC hilariously slow — which has real performance implications — it was shown to be a just plain bad random number generator all the way back in 2006. By 2007, when Shumow and Ferguson raised the possibility of a backdoor in the specification, no sensible cryptographer would go near the thing. And the killer is that RSA employs a number of highly distinguished cryptographers! It's unlikely that they'd all miss the news about Dual_EC.

— Matthew Green, cryptographer and research professor at Johns Hopkins University,

In September 2013, the New York Times, drawing on the Snowden leaks, revealed that the NSA worked to "Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets" as part of the Bullrun program. One of these vulnerabilities, the Times reported, was the Dual_EC_DRBG backdoor.

After the Times published its article, RSA Security recommended that users switch away from Dual_EC_DRBG, but denied that they had deliberately inserted a backdoor. RSA Security officials have largely declined to explain why they did not remove the dubious random number generator once the flaws became known (saying, for example, that "Dual_EC_DRBG was an accepted and publicly scrutinized standard") or why they did not implement the simple mitigation that NIST added to the standard to neutralize the suggested and later verified back door.

On 20 December 2013, Reuters' Joseph Menn reported that NSA secretly paid RSA Security $10 million to set Dual_EC_DRBG as default in 2004. The story quoted former RSA Security employees as saying that "no alarms were raised because the deal was handled by business leaders rather than pure technologists". Interviewed by CNET, Schneier called the $10 million deal a bribe.

RSA officials responded that they have not "entered into any contract or engaged in any project with the intention of weakening RSA’s products." Menn stood by his story, and media analysis noted that RSA's carefully worded reply denied only that company officials knew about the backdoor when they agreed to the deal, an assertion Menn's story did not make.

Finnish F-Secure researcher Mikko Hyppönen cancelled his planned speech at the 2014 RSA Conference because of this backdoor, and so have several others.

Products

This section needs expansion. You can help by adding to it. (December 2012)

RSA enVision is a security information and event management (SIEM) platform, with centralised log-management service that claims to "enable organisations to simplify compliance process as well as optimise security-incident management as they occur."

See also

References

  1. ^ "Distributed Team Cracks Hidden Message in RSA's 56-Bit RC5 Secret-Key Challenge". October 22, 1997. Retrieved February 22, 2009.
  2. ^ Kaliski, Burt (October 22, 1997). "Growing Up with Alice and Bob: Three Decades with the RSA Cryptosystem". Retrieved February 22, 2009.
  3. "RSA Security LLC Company Profile". Retrieved May 15, 2013.
  4. "RSA History". Retrieved June 8, 2011.
  5. ^ "EMC Announces Definitive Agreement to Acquire RSA Security, Further Advancing Information-Centric Security". Rsasecurity.com. June 29, 2006. Retrieved May 12, 2012.
  6. "EMC Newsroom: EMC News and Press Releases". Emc.com. Retrieved May 12, 2012.
  7. "EMC Completes RSA Security Acquisition, Announces Acquisition of Network Intelligence". Rsasecurity.com. September 18, 2006. Retrieved May 12, 2012.
  8. "RSA Share Project". Retrieved January 4, 2013.
  9. "Announcing the RSA Share Project Programming Contest". March 24, 2009. Retrieved January 4, 2013.
  10. "RSA CyberCrime Intelligence Service". rsa.com. Retrieved December 19, 2013.
  11. "Command and Control in the Fifth Domain" (PDF). Command Five Pty Ltd. February 2012. Retrieved February 10, 2012.
  12. "RSA hit by advanced persistent threat attacks". Computer Weekly. March 18, 2011. Retrieved May 4, 2011.
  13. ^ http://jeffreycarr.blogspot.dk/2014/01/nsas-10m-rsa-contract-origins.html
  14. ^ Menn, Joseph (December 20, 2013). "Exclusive: Secret contract tied NSA and security industry pioneer". San Francisco. Reuters. Retrieved December 20, 2013.
  15. https://blogs.rsa.com/news-media-2/rsa-response/
  16. http://blog.cryptographyengineering.com/2013/12/a-few-more-notes-on-nsa-random-number.html
  17. ^ http://cryptome.org/2013/12/800-90-dual-ec-drbg.pdf
  18. http://eprint.iacr.org/2006/190
  19. https://www.google.com/patents/CA2594670A1
  20. ^ Bruce Schneier. "The Strange Story of Dual_EC_DRBG".
  21. http://rump2007.cr.yp.to/15-shumow.pdf
  22. https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
  23. ^ Matthew Green. "RSA warns developers not to use RSA products".
  24. "Secret Documents Reveal N.S.A. Campaign Against Encryption". New York Times.
  25. ^ "We don't enable backdoors in our crypto products, RSA tells customers". Ars Technica.
  26. "Security firm RSA took millions from NSA: report". CNET.
  27. "RSA Response to Media Claims Regarding NSA Relationship". RSA Security.
  28. http://www.theregister.co.uk/2013/12/23/rsa_nsa_response/
  29. "RSA's 'Denial' Concerning $10 Million From The NSA To Promote Broken Crypto Not Really A Denial At All". techdirt.
  30. "An Open Letter to the Chiefs of EMC and RSA".
  31. "C-net news".
  32. "RSA Envision". EMC. Retrieved December 19, 2012.

External links

Dell EMC
Founders
Corporate Directors
Divisions
Products
Servers
Categories: