RSA Conference

The RSA conference was founded by RSA Security, a security division of EMC Corporation , in November 1991, as a cryptographic forum where they have the opportunity to share the latest knowledge and achievements in the field of security on the Internet. The first conference, then called Cryptography, Standards, and Public Policy, was held at the Sofitel Hotel in Redwood City. 50 people took part in it, the conference started at 9:00 and ended at 15:00. Since 1993, the conference began to be held annually. Since 1995, the topic of the conference began to be selected annually on the basis of any significant contribution to information security or the events associated with it. Since 1998, every year individuals or organizations have been awarded the RSA Conference Award for outstanding contributions in the areas of mathematics (cryptography), public policy, and information security. Currently, the RSA Conference and its associated RSA Corporate Events Conference are still managed by RSA with industry support.

The circle of participants in the conference is a special group of "enthusiasts" of the conference, consisting of security professionals who participated in a total of five RSA conferences. Only delegates have the right to become a member of the circle. Previously, the circle of participants was called the circle of founders or the main circle in the United States and Europe, respectively. The RSA conference in accordance with a special loyalty program gives many advantages to the members of the circle:

• Separate front desk to speed up check-in
• Best Seating on Opening Day
• Special Lunch for Circle Members
• Discounts at the Conference Bookstore ^[1]

• 2018: Confronting Global Cyber ​​Threats
• 2017: The power of opportunity
• 2016: Connect to protect
• 2015: Change: Challenging Today's Security Views
• 2014: Share. To study. Protect.
• 2013: Knowledge Security
• 2012: The Great Cipher is Stronger than the Sword
• 2011: The Adventures of Alice and Bob
• 2010: Rosetta Stone
• 2009: Edgar Allan Poe
• 2008: Alan Matheson Turing
• 2007: Leon Battista Alberti
• 2006: Modern Codes in Ancient Sutras
• 2005: Prohibition Codes: Smugglers and Elizabeth Friedman
• 2004: Chinese remainder theorem
• 2003: Secrets of the Mayans
• 2002: Mary Queen of Scotland
• 2001: The Search for Extraterrestrial Intelligence ( SETI )
• 2000: Ancient Greece / Fall of Troy
• 1999: Viking runestones
• 1998: Monk of the 16th century Tritemius and his book of printing
• 1997: carrier pigeons
• 1996: Navajo Cryptographers of World War II
• 1995: Egyptian Scarab Seals ^[2]

RSA 2018 Conference: Confronting Global Cyber ​​Threats

Introduction

Held at the Moscone Center in San Francisco on April 15-20, 2018. As in previous years, the conference discussed the trends of cyberattacks for the next few years. Particular attention was paid to the threats posed by IoT - the “Internet of Things”, home appliances and “near-computer” devices that could be used by cybercriminals for various types of Internet attacks.

RSA 2017 Conference: The Power of Opportunity

Introduction

Held in 2017.

RSA 2016 Conference: Connect to Protect

Introduction

The RSA 2016 conference was the anniversary, 25th in a row. Performances took place in 30 streams, each of which was dedicated to its own topic. The largest number of reports accounted for the flow of sponsorship performances. The reports were held in various formats: from listening and doing laboratory work to exchanging opinions and dinner.

Report Content

At the RSA 2016 conference, the topics of mobile security and cloud security were traditionally actively discussed. The event was attended by representatives of US government. The Secretary of Defense attended a session that evaluated the ability of the United States to counter cyber attacks by potential adversaries, where he gave a brief speech on the importance of cybersecurity and public-private partnerships. Admiral Michael Rogers, head of the NSA, said that security services are in the first place for protecting the interests of the state, and then everything else. The NSA also offered patented technologies for user authentication by face, intrusion detection and SIM card removal from the phone, USB protection, etc. ^[3] .

RSA 2015 Conference: Change: Challenging Today's Security

Introduction

At the beginning of the RSA 2015 conference, a lot of attention was paid to the labor market, namely the lack of specialists. Nearly half of IT companies lack staff, and this is against the background of higher salaries. Then it came to the security of mobile applications, contactless payment systems, vulnerabilities of password managers.

Report Content

Marcus Murray, TrueSec penetration test specialist, made a presentation on the use by malicious users of malicious files, usually .jpg files, that can compromise servers based on current versions of Windows. Murray got access to a government agency, the name of which is not mentioned, right during his speech at the event. He compromised the web server by uploading a specific photo, which the target system tried to open after an incorrect download, as a result of which the .jpg extension was changed to the end of .jpg.aspx. This exploitation of the mechanism for integrating active content in image attributes is at the heart of Murray’s demo attack. After that, access to resources was obtained, and the domain controller was under the complete control of the tester. The specialist also noted that in mixed environments the effectiveness of this attack remains high. One of the keynote speeches was made by a Microsoft expert who addressed the topic of cloud security. He mentioned that the data that people store in the cloud are not completely under the control of their owner, but are entirely controlled by specialists. For lack of concern, this scheme lacks transparency ^[4] .

RSA 2014 Conference: Share. To study. Protect.

Introduction

The RSA 2014 conference could be frustrated due to the scandal surrounding the statements of Edward Snowden . Many companies refused to participate in the event, significant personalities in the field of information security spoke out about the need to disrupt the conference. However, the conference took place ^[5] .

Report Content

The main topic of reports was sandboxes . Cisco and other companies have offered solutions in this area. Alex Watson, director of threat research at Websense, made a presentation on the possibilities of using the data transmitted by the Windows error and error reporting system for hacking activities. According to him, ERS transfers huge amounts of data in the form of unencrypted packets. Packages contain all information about computer vulnerabilities, as well as software and connected peripherals. Obtaining this information allows hackers to more effectively intercept and replace correspondent messages ^[6] .

RSA 2013: Knowledge Security

Introduction

The RSA 2013 conference was attended by the founders of modern public-key cryptography, who shared their views on the current state of computer security, discussed recently published facts of massive hacker attacks on American companies and talked about their current research.

Report Content

A large part of the RSA 2013 conference was the selection of the best of modern mobile devices. Motorola Solutions showed a protected smartphone AME 2000, which was the winner. The smartphone will be used by US government organizations. A special feature of AME 2000 is the ability to switch to enhanced security mode, in which users can call and send messages over a channel protected by the 256-bit AES encryption algorithm. Also, the phone itself can connect to secure VPN networks ^[7] .

RSA 2012: The Great Code is Stronger than the Sword

Introduction

The RSA 2012 conference began with the choir singing the Rolling Stones song “You Can't Always Get What You Want.” The opening address was taken by Art Coviello, head of the RSA. Then, the event discussed 3 main trends that determine security risks: clouds, targeted threats, and mobility.

Report Content

A huge number of reports at the RSA 2012 conference was devoted to the problems of the GSM mobile communication standard. Information security experts pointed to the ease of compromising mobile networks, which was caused by a general increase in available computing power. This was also mentioned by Aaron Turner, the founder of N4struct, during his speech. Rob Malan, one of the founders of Arbor Networks, explained in his report how easy it is to hack into mobile devices, how to intercept data, and how to make a listening device from your phone. Malan linked the vulnerability of the GSM code with the lack of control over this standard. Experts also note that corruption in the field of mobile communications gives hackers freedom of action. For example, using a phone number using an attack using the exhaustive search method for GPRS protocols, you can access the device. Cisco has announced a new concept to counter today's IT threats. They proposed changing the protection paradigm, moving from network delimitation to data protection in the network itself using uniform approaches for both physical and virtual infrastructure segments ^[8] .

RSA 2011 Conference: Alice and Bob

Introduction

The RSA 2011 was the 20th anniversary event. Over 350 companies took part in it. As the topic of the conference, the names Alice and Bob were chosen, which are used in cryptography to indicate interacting agents.

Report Content

The main topic of reports at the conference was cloud computing and the tasks of increasing confidence in them. The keynote was a talk by Art Coviello, head of the RSA. He said that in order to achieve trust in the "clouds", it is necessary to abandon the security elements designed for physical infrastructures. He also noted that it is necessary to turn to virtualization technologies, this will be the only solution to ensure "cloud" security, and to achieve the same level of visibility and controllability of "cloud" environments, which is currently available in relation to physical environments. In this regard, RSA announced its own platform Clod Trust Authority, designed to build secure cloud services. Enrique Salem, chief executive of Symantec, has given a presentation on the concept of "contextual security" and introduced an updated version of Endpoint Protection 12. The new system uses reputation ratings to protect against malicious software. Based on data collected from 175 million end users, ratings are created and potentially dangerous resources identified. Also in his report, Enrique Salem touched on the problem of consumerization and the growing popularity of mobile platforms that require the introduction of completely new security tools that are used to access the network and are not dependent on the user's location. Microsoft's vice president, Scott Charney, gave a presentation on the development of the quarantine concept for infected personal computers. He said that Microsoft plans to implement network health certificates for PCs and network access restrictions for infected PCs. It should also be noted that at the RSA conference in 2011 there were many speakers representing US government. Michael Chertoff, who served as secretary of the Department of Home Affairs and Security until 2009, said that the most important US problems today are unpreparedness for cyberattacks, insufficient security of government networks, energy systems, and other government facilities. General Keith Alexander (Keith Alexander), the commander of the US Cyber ​​Command and director of the US National Security Agency , noted that the industry needs the help of the military to protect important infrastructures ^[9] .

Shortly before the RSA 2014 conference, Edward Snowden made a statement saying that RSA Security received a $ 10 million bribe from representatives of the US National Security Agency. According to him, RSA and the NSA concluded a deal, according to which the Dual EC DRBG pseudo-random number generator developed by the NSA was to be implemented in various software produced by RSA. Of particular concern was its use in the popular RSA BSAFE personal data encryption utility . In the secret information transmitted by Snowden, it was said about the possibility of decryption of personal data by agents of special services, since various vulnerabilities had previously been found in the algorithm. After that, experts in the field of information protection called for the abandonment of RSA products ^[10] .

Jerry Gamblin, an information security expert, proposed a way that anyone could attend the RSA 2016 conference for free. He found that towels from the hotel where he was staying were equipped with anti-theft RFID tags, which were also on the conference passes. Using the Proxmark3 tagging device, Gamblin ensured that towels and badges used the same tag ^{[11] [12]} .

• Ches

• RSA Conference Official Website