This article summaries the Chinese ATE activity: "New authentication technology and the introduction of AM 8.0". The original thread is https://community.emc.com/thread/181035.

Question 1: Could you introduce some use cases of RSA products and solutions?

Answer: RSA has many different products. For SecureID (the most common RSA product in China), it is often used for login process. For example, Windows/Linux logins, VPN logins and web applications logins.

RSA has a complete product line, here are some examples below:

·         Authentication:

RSA SecurID and RSA Authentication Manager (AM) are the major products. AM 8.0 now offers a risk engine to meet the challenges and needs of  organizations.

·         Anti-Fraud Products:

Adaptive Authentication on Premise/Hosted/for eCommerce, and eFraudNetwork, Cyber Crime Intelligence, Sliver Tail, etc. These products aim to prevent Internet frauds and phishing attacks, major customers are financial institutions.

·         Identity and Access Management (IAM):

Access Management, for SSO (Single Sign-On) and user authorization, session management and so on.

·         Encryption:

RSA Digital Certificate Solution, Key Manager, BSAFE, for data encryption.

·         Security Information and Event Management (SIEM):

The major product is enVision, it is common in China and focuses on log collection and analysis for various kinds of devices. You can create correlate rules with these logs, create reports or trigger real-time alerts.

·         Data Loss Prevention (DLP):

RSA DLP, to prevent companies from the data leakage of confidential information

·         Security Analytics:

The powerful Security Analytics can provide enterprise-wide visibility into network traffic and log every single packet data, to prevent intrusion and APT (advanced persistent threat) attack.

·         Governance, Risk and Compliance (GRC):

Archer is EMC’s eGRC product, which can help organizations on compliance and risk management projects. Users can use different modules to customize the management operations.

Other RSA products please refer to RSA’s official website:

http://www.emc.com/security/index.htm

If you are interested in the integration with 3rd-party products, please refer to the resources on EMC Solution Gallery:

https://gallery.emc.com/community/marketplace/rsa?view=overview

Question 2: Has the length of the RSA private key changed? Is it still based on the factorization of large numbers?

Answer: Currently, users should use the 1024-bit (or above) key. For CA (Certification Authority) servers, we should use 2048-bit (or above) keys. There is no change with the RSA algorithm, still based on the difficulty of factorizing large numbers. Until now, there is no public data to show that any real polynomial time attack to RSA exists.

Peter Shor has invented a a polynomial time algorithm for factoring integers but without a quantum computer to run this algorithm, RSA is safe for now. Building a quantum computer is still a long way to go.

Question 3: Several years ago, a Chinese professor Wang Xiaoyun cracked MD5, SHA-0 and other related hash functions. Does this relate to RSA’s key algorithm?

Answer: You’re talking about Prof. Wang Xiaoyun’s MD5 hash collision attack. A hash collision attack tries to find two different messages which have the same hash value. It works on hash algorithms, although MD5 was designed by Prof. Ron Rivest (The “R” in RSA), but it has no relationship with the algorithm “RSA”.  

Question 4: As I know there are quite a few local companies which also focus on security authentication, so compared with them what are RSA’s advantages?

Answer: At present the RSA Authentication Manager is the leading product in the OTP (one-time password) field. AM has the following advantages:

·         A safe dynamic password algorithm for generating OTP. As far as I know many local companies are still using RSA’s old OTP algorithm (before 2003). Now RSA is using its private hash algorithm to generate a dynamic tokencode. It is based on AES which is much safer than before.

·         Stable and powerful servers. Our servers support high availability, disaster recovery and high scalability during the peak hours. Our applications also provide API which can let users customize their own management systems.

·         RSA Agent supports all the major systems and 3rdparty products, such as Windows Server 2008 R2, 2012, AIX, HP-UX. Cisco ASA, Citrix Access Gateway and many other 3rd party products support RSA Authentication Manager as well.

·         Continuous improvement. RSA Authentication Manager now supports RBA (Risk-Based Authentication), which introduced risk assessment to authentication systems. RBA offers end user convenience by preserving the familiar username/password logon experience.

Question 5: Elliptic curve can also be used in an asymmetric key system, right? Is there any product now?

Answer: ECC (Elliptic Curve Cryptography) is an asymmetric cryptographic system,its standard is PKCS #13. It can completely be a module added to the current product lines. As far as I know Digital Certificate Solution, BSAFE and some other products now begin to use ECC.

Question 6: How many EMC products are using RSA technologies? What are they?

Answer: Many people should know the integration between PowerPath and RSA Key Manager (RKM), which can be used to encrypt the data from end-to-end as well as key management. Symmetrix controller’s dynamic password also belongs to RSA Key Manager. The purpose of RKM is to distribute and manage keys, which is used on many storage products.

The new release of VMware vCloud also integrates RSA DLP module, to enhance the vCloud environment, prevent data leakage.

Another one we may forget is, EMC software products will invoke some encryption algorithms to encrypt/decrypt data/files, the module they use is just RSA’s BSAFE libraries.

Some hosts will use SecurID to protect themselves, analyze and generate reports for EMC devices logs.

Storage systems have a high requirement on security. We can expect a closer relationship between EMC storages and RSA products.

Question 7: What’s the digest difference in the latest Authentication Manager release? For end-users, are there any improvements on the user experience and management? According to the release notes, AM 8.0 now is using Postgres SQL as the database, any concerns about stability?

Answer: There are two major differences:

·         Authentication Manager 8.0 is offered as a Virtual Appliance only. In prior releases, RSA provides both Software Based and Hardware Based editions. But there were many compatible issues on various operating systems. The Virtual Appliance edition can reduce compatibility problems and improve the stability.

Virtualization is an irreversible trend. With virtual appliance, customers can reduce the cost of implementation, time and people management. For system administrators, they don’t have to connect to the command line console, with only a web console is enough for information collection. For some specific customers, we’ll offer a hardware based edition in AM 8.1.

·         Authentication Manager 8.0 offers Risk Based Authentication (RBA).