RSA Conference

Last updated
RSA Conference
New RSA Conference Logo.png
RSA Conference Expo June 7, 2022.jpg
RSA Conference 2022
StatusActive
GenreProfessional conference
Date(s)April 28-May 1, 2025
FrequencySeveral times a year
CountryUSA, United Kingdom, Asia & Japan, United Arab Emirates
Years active33 years ago
Inaugurated1991
Founder Jim Bidzos
Previous event Moscone Center, San Francisco, California, May 6-9, 2024
Next event Moscone Center, San Francisco, California, April 28-May 1, 2025
ParticipantsIT Security Professionals
Attendance45,000
Website www.rsaconference.com

The RSA Conference is a series of IT security conferences. Approximately 45,000 people attend one of the conferences each year. It was founded in 1991 as a small cryptography conference. RSA conferences take place in the United States, Europe, Asia, and the United Arab Emirates each year. The conference also hosts educational, professional networking, and awards programs.

Contents

History

Early history

The name RSA refers to the public-key encryption technology developed by RSA Data Security, Inc., which was founded in 1982. The abbreviation stands for Rivest, Shamir, and Adleman, the inventors of the technique. The idea for the first RSA conference was conceived in 1991 in a phone call between then RSA Security CEO Jim Bidzos and the Executive Director of the Electronic Privacy Information Center. [1] The first conference had just one panel, called "DES and DSS: Standards of Choice." It focused on why attendees should not adopt DSS, a standard that was expected to challenge RSA Security's status as the de facto standard for digital signatures. [2] [3] [1] :22–23

The event steadily grew and in 1993 it attracted more than 200 attendees. [1] :24 [3] Known for many years as the RSA Data Security Conference, [4] it eventually became just the RSA Conference. Over time the conference grew more business-oriented with an older demographic and more vendors, [5] which led to competitive issues for a time in the 1990s; European competitors to RSA Security sometimes could not get a booth, so they hired people to pass out flyers at the RSA conference encouraging attendees to visit them at hotels nearby. [5] In 1995 the conference criticized the Clipper Chip. If implemented, the chip would have given the U.S. government direct access to evidence on telecommunications devices with the chip installed. [6] The conference put up posters with "Sink Clipper" in big letters. [7] By 1997 the conference had grown to 2,500 attendees. [8] The first European RSA Conference took place in 2000 and started with just 5 tracks. [9]

According to Network World the conference's focus expanded from cryptography into a broader IT security conference with larger attendance in 2005, when Microsoft CEO Bill Gates did the keynote presentation. [2] According to Bidzos, the purpose of the conference became "for all kinds of things: drive standards, organize some opposition to government policies, promote the RSA name, [and] give all of our customers an opportunity". [1] :24 By 2008 the conference had 17,000 attendees and 375 participating IT security vendors. [3] It had 18 tracks and 230 sessions. [3]

Recent history

At the 2010 RSA conference, the Obama administration publicly revealed the Comprehensive National Cybersecurity Initiative (CNCI), which was created in 2008 and formerly kept a secret. [7] [10] In 2011, a California-based IT security company, HBGary, withdrew from speaking and exhibiting at the RSA conference, citing safety concerns. The company announced plans to reveal the identities of some members of the hacktivist group Anonymous and received retaliatory threats and hacks. [11] In 2014, 8 speakers boycotted the RSA conference after its sponsor, RSA Security, was accused of adding a backdoor to its products, so the National Security Agency could monitor users of RSA Security technology. The boycott began with then F-Secure Chief Technology Officer Mikko Hyppönen. He wanted RSA Security to apologize, whereas the company's statement was that the allegations were not true. [12] [13] Some noted that the RSA conference and RSA Security company are only loosely connected. [12] Discussion at that year's conference was focused heavily on leaks by Edward Snowden and NSA involvement with American technology companies. [14]

The first RSA Conference in the Asia-Pacific was introduced in 2013. [15] This was followed by the inaugural United Arab Emirates conference two years later. [16] In 2015 the conference added a clause to exhibitor contracts effectively prohibiting "booth babes" by requiring professional attire on the exhibitor floor. [7] [17] The policy was implemented in response to feedback that booth babes made the conference feel unprofessional. Fortune Magazine called the widespread practice of having booth babes at professional conferences "outdated" and unwelcoming to female attendees. [17] The following year, the RSA conference was focused on the FBI–Apple encryption dispute, regarding attempts by the government to gain access to iPhones containing evidence in criminal investigations. [7] [18]

As of 2017, the conference has an estimated 40,000–43,000 attendees in the United States. [19] [20] The 2021 conference was held 100% virtually, due to concerns about COVID-19. [21] The conference restored in-person events the following year. [22]

In 2020, RSA Conference and its parent company, RSA Security, were acquired by several investors in a $2 billion deal. [22] Two years later, RSA Security sold a majority interest in RSA Conference to private equity firm Crosspoint Capital Partners. [23] RSA Security sold its remaining interest in the RSA Conference events business to other investors in 2022. [22]

Content

The RSA Conference is an international conference series on IT security that takes place in the United States, Europe, Asia/Japan, and the United Arab Emirates. It also provides internet safety education for consumers and children, a security scholar program for IT security students, and operates award programs typically bestowed at conferences. [24] For example, one award is the Innovation Sandbox contest, which involves ten startups that present their technology to a panel of judges. [19] [25]

The 2017 conference in the U.S. had 15 keynotes, 700 speakers, 500 sessions, and 550 exhibitors. [20] An analysis of session keywords at the conference suggest that early conferences were focused on cryptography and commerce, but the topical focus of conferences transitioned to cloud and cybersecurity in the early 2000s. [26] Each conference has a theme, a practice that began in 1995. [2] Additionally, there are typically one or two IT security topics that the conference organizers pick to focus on each year. [19] Speaking positions at the RSA conference are highly competitive, with thousands of submissions for a few hundred speaking positions. [13]

RSA Conference Awards

As of 2024, the RSA conference sponsors the RSA Award for Excellence in Mathematics, co-sponsored by the International Association for Cryptologic Research, for "innovation and ongoing contribution to the field of cryptography". [27]

Related Research Articles

In cryptography, key size or key length refers to the number of bits in a key used by a cryptographic algorithm.

The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical science laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. From 1901 to 1988, the agency was named the National Bureau of Standards.

<span class="mw-page-title-main">National Security Agency</span> U.S. signals intelligence organization

The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems. The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine. The NSA has roughly 32,000 employees.

A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key can be different sizes and varieties, but in all cases, the strength of the encryption relies on the security of the key being maintained. A key's security strength is dependent on its algorithm, the size of the key, the generation of the key, and the process of key exchange.

<span class="mw-page-title-main">RC6</span> Block cipher

In cryptography, RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. The algorithm was one of the five finalists, and also was submitted to the NESSIE and CRYPTREC projects. It was a proprietary algorithm, patented by RSA Security.

Articles related to cryptography include:

<span class="mw-page-title-main">RSA Security</span> American computer security company

RSA Security LLC, formerly RSA Security, Inc. and trade name RSA, is an American computer and network security company with a focus on encryption and decryption standards. RSA was named after the initials of its co-founders, Ron Rivest, Adi Shamir and Leonard Adleman, after whom the RSA public key cryptography algorithm was also named. Among its products is the SecurID authentication token. The BSAFE cryptography libraries were also initially owned by RSA. RSA is known for incorporating backdoors developed by the NSA in its products. It also organizes the annual RSA Conference, an information security conference.

<i>Crypto</i> (book) Book by Steven Levy

Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age is a book about cryptography written by Steven Levy, published in 2001. Levy details the emergence of public key cryptography, digital signatures and the struggle between the National Security Agency and the "cypherpunks". The book details the creation of Data Encryption Standard (DES), RSA and the Clipper chip.

<span class="mw-page-title-main">Clipper chip</span> Encryption device promoted by the NSA in the 1990s

The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.

There are a number of standards related to cryptography. Standard algorithms and protocols provide a focus for study; standards for popular applications attract a large amount of cryptanalysis.

Capstone is a United States government long-term project to develop cryptography standards for public and government use. Capstone was authorized by the Computer Security Act of 1987, driven by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA); the project began in 1993.

Cryptography is the practice and study of encrypting information, or in other words, securing information from unauthorized access. There are many different cryptography laws in different nations. Some countries prohibit the export of cryptography software and/or encryption algorithms or cryptoanalysis methods. Some countries require decryption keys to be recoverable in case of a police investigation.

Dual_EC_DRBG is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public criticism, including the public identification of the possibility that the National Security Agency put a backdoor into a recommended implementation, it was, for seven years, one of four CSPRNGs standardized in NIST SP 800-90A as originally published circa June 2006, until it was withdrawn in 2014.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

<span class="mw-page-title-main">Bullrun (decryption program)</span> Code name of a decryption program run by the NSA

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

Dell BSAFE, formerly known as RSA BSAFE, is a FIPS 140-2 validated cryptography library, available in both C and Java. BSAFE was initially created by RSA Security, which was purchased by EMC and then, in turn, by Dell. When Dell sold the RSA business to Symphony Technology Group in 2020, Dell elected to retain the BSAFE product line. BSAFE was one of the most common encryption toolkits before the RSA patent expired in September 2000. It also contained implementations of the RCx ciphers, with the most common one being RC4. From 2004 to 2013 the default random number generator in the library was a NIST-approved RNG standard, widely known to be insecure from at least 2006, containing a kleptographic backdoor from the American National Security Agency (NSA), as part of its secret Bullrun program. In 2013 Reuters revealed that RSA had received a payment of $10 million to set the compromised algorithm as the default option. The RNG standard was subsequently withdrawn in 2014, and the RNG removed from BSAFE beginning in 2015.

<span class="mw-page-title-main">Matthew D. Green</span> American cryptographer and security technologist (born 1976)

Matthew Daniel Green is an American cryptographer and security technologist. Green is an Associate Professor of Computer Science at the Johns Hopkins Information Security Institute. He specializes in applied cryptography, privacy-enhanced information storage systems, anonymous cryptocurrencies, elliptic curve crypto-systems, and satellite television piracy. He is a member of the teams that developed the Zerocoin anonymous cryptocurrency and Zerocash. He has also been influential in the development of the Zcash system. He has been involved in the groups that exposed vulnerabilities in RSA BSAFE, Speedpass and E-ZPass. Green lives in Baltimore, MD with his wife, Melissa, 2 children and 2 miniature dachshunds.

<span class="mw-page-title-main">Crypto Wars</span> Attempts to limit access to strong cryptography

Attempts, unofficially dubbed the "Crypto Wars", have been made by the United States (US) and allied governments to limit the public's and foreign nations' access to cryptography strong enough to thwart decryption by national intelligence agencies, especially the National Security Agency (NSA).

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

<span class="mw-page-title-main">Commercial National Security Algorithm Suite</span> Set of cryptographic algorithms by the NSA

The Commercial National Security Algorithm Suite (CNSA) is a set of cryptographic algorithms promulgated by the National Security Agency as a replacement for NSA Suite B Cryptography algorithms. It serves as the cryptographic base to protect US National Security Systems information up to the top secret level, while the NSA plans for a transition to quantum-resistant cryptography.

References

  1. 1 2 3 4 Yost, Jeffrey (December 11, 2004), Oral Interview with James Bidzos (PDF), Charles Babbage Institute: Center for the History of Information Technology, University of Minnesota
  2. 1 2 3 Greene, Tim (February 3, 2011). "From cloud and mobile security to encryption, security concerns abound as RSA turns 20". Network World. Retrieved January 1, 2017.
  3. 1 2 3 4 Kaplan, Dan (March 24, 2008). "RSA 2008: All Grown Up". SC Magazine. Retrieved February 1, 2017.
  4. The 1997 RSA Data Security Conference Proceedings , retrieved April 22, 2017
  5. 1 2 violetblue (March 9, 2016). "RSA security conference: 25 years of discontent and pranks". Engadget. Retrieved January 1, 2017.
  6. "RSA Conference 2016: What's Old Security is New Again". eWeek.com. February 28, 2016. Retrieved February 2, 2017.
  7. 1 2 3 4 Greene, Tim; World, Network (February 29, 2016). "10 momentous moments from 25 years of RSA". Network World.
  8. Wood, Charles Cresson (1997). "Recent crypto-process developments: Highlights from the 1997 RSA conference". Computer Fraud & Security. 1997 (3). Elsevier BV: 10–11. doi:10.1016/s1361-3723(97)83577-4.
  9. "E-Security Leaders to Gather in Munich for First European RSA Conference". March 6, 2000.
  10. Moscaritolo, Angela (March 2, 2010). "RSA Conference: White House declassifies U.S. cybersecurity initiative details". SC Magazine.
  11. McMillan, Robert (February 16, 2011). "Hacked and Now Vandalized, HBGary Pulls out of RSA". PCWorld. Retrieved February 2, 2017.
  12. 1 2 Ackerman, Dan (January 8, 2014). "RSA Conference speakers begin to bail, thanks to NSA". CNET. Retrieved January 1, 2017.
  13. 1 2 Barnes, Robert (January 7, 2014). "At least eight security experts boycott prominent security conference over NSA ties". Washington Post. Retrieved January 1, 2017.
  14. Perlroth, Nicole (February 28, 2014). "At the RSA Security Conference, Things Get Testy and Then They Get Awkward". Bits Blog. Retrieved February 2, 2017.
  15. "Inaugural RSA Conference Asia Pacific Showcases The Best Of Asia's Security Innovations, Best Practices And Strategies". RSA Conference. June 7, 2013. Retrieved March 25, 2017.
  16. "World renowned cyber security experts set to gather at RSA Conference 2015 Abu Dhabi". RSA Conference. October 7, 2015. Retrieved March 25, 2017.
  17. 1 2 Lev-Ram, Michal (March 30, 2015). "Tech conference bans scantily-clad "booth babes"". Fortune. Retrieved January 1, 2017.
  18. Hennigan, W.J. (March 3, 2016). "Encryption debate dominates San Francisco tech conference". Los Angeles Times . Retrieved February 2, 2017.
  19. 1 2 3 Needle, David (February 12, 2017). "RSA Conference Adapts to Address Emerging Threats, Technologies". eWEEK. Retrieved March 25, 2017.
  20. 1 2 Team, RSAC Editorial (March 14, 2017). "Reflecting on RSA Conference 2017". VentureBeat. Retrieved March 25, 2017.
  21. "RSA Conference 2021 Goes Fully Virtual". RSA Conference. 2020-11-06. Retrieved 2020-12-20.
  22. 1 2 3 Uchill, Joe (March 15, 2022). "RSA sells conference to become standalone business". SC Media. Retrieved March 8, 2023.
  23. Vinn, Milana (January 18, 2023). "RSA Security explores $2 bln-plus sale of Archer -sources". Reuters. Retrieved March 8, 2023.
  24. "About – Information Security Conference". RSA Conference. January 1, 2017. Retrieved January 1, 2017.
  25. Brown, Bob (January 18, 2017). "10 Cool Security Startups Vying for Glory at RSA Conference". Network World. Retrieved January 1, 2017.
  26. Hackett, Robert (January 26, 2016). "'Cyber' Is Hot, 'Crypto' Is Not". Fortune. Retrieved January 1, 2017.
  27. "RSA Conference Awards". RSA Conference. Retrieved February 22, 2024.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.