RSA Conference 2010
19th RSA Conference, 1st - 5th March 2010 in San Francisco, USA
The world's largest IT security conference was held again at the Moscone Convention Center in San Francisco. The RSA Conference is still the world’s leading exhibition for IT Security, with strong international participation. With again about 10,000 conference participants and more than 300 exhibitors this event consolidated its status. "IT Security made in Germany" was represented for the 10th time in a row with a joint exhibition supported by the Federal Ministry of Economics and Technology (BMWi) and the Trade Fair Committee of German Industry (AUMA) and organized by TeleTrusT. For the first time there was a scheduling overlap with CeBIT, which resulted, compared to the previous year, in significant restrictions in the exhibition and the conference for the German participation. Nevertheless, a total of 13 German companies, organizations and academic institutions, two of which with their own exhibition space and the others in an information center conveyed a convincing picture of the competence and competitiveness of the German IT security industry.
The institutions involved were art of defense, atsec information security GmbH, the Federal Office for Information Security, CORISECIO GmbH, cv cryptovision Inc., University of Hagen, Fraunhofer Institute SIT, Infineon Technologies AG, KOBIL Systems GmbH, NCP engineering GmbH, Rohde & Schwarz SIT GmbH, secunet Security Networks AG, TÜV Informationstechnik GmbH. With almost 200 m² stand space in the main axis of the exhibition the visibility of the German presence was further improved and with the status as a gold sponsor "IT Security made in Germany" was present for the conference participants on many occasions (keynote sessions, conference brochure, overview of the German offers in the conference bags of all participants).
A supporting programme organized by TeleTrusT and the German partners also has a high priority. The scientific and technical dialogue between German and international colleagues was supported in a roundtable taking place on the opening day of the conference, this time on "Cloud Security". The high-quality contributions by Microsoft, RSA Security, Fraunhofer SIT, CORISECIO and art of defense can be downloaded from the TeleTrusT website. The "German Evening" reception at the German Consulate General, to which the Consul General, Peter Rothen, and TeleTrusT invited, traditionally also enjoys a good reputation. More than 80 international experts took advantage of this opportunity for intense networking.
The German presence at the RSA conference has been enhanced indirectly by a video during the keynote by (Microsoft), showing claim-based identity management in a university environment by means of a project by Fraunhofer FOKUS Berlin and Microsoft, involving the new German identity card.
Know-how from Germany was also offered in a panel session in the conference programme. The presentation "Network Access Technology in Progress – How to Manage Your IT Infrastructure" was followed by nearly 90 delegates and was discussed lively.
The following aspects dominated the conference:
- After in the last few years the keynotes of the major companies in the IT security industry covered virtually all the core issues of security solutions, applications and services, this year Cloud Computing Security was the focus of the conference. The tendency to forecast innovative challenges and large markets behind the synonym Cloud Computing was strongly emphasized.
- The topics Cyber Security and Cyber War were treated intensively by top representatives of the White House (Howard Schmidt, U.S. Cyber Security Coordinator), the Homeland Security Department (Janet Napolitano, U.S. DHS Secretary), the FBI (FBI Director Mueller III) and the NSA. The focus was on the adaptation of strategies to the new requirements of the Obama era and the need to intensify cooperation with industry and academia.
- The public discussion on dealing with cryptography and telecommunication monitoring in cyberspace was revived.
In the course of RSA 2010 the traditional achievement prizes were awarded. Noteworthy for the international IT security industry are the award to David Chaum for his achievements in the development of DigiCash and cryptographic anonymity concepts as well as the appreciation for Whitfield Diffie’s „lifetime achievement”.
The keynotes almost always dealt with Cloud Computing Security. Besides application scenarios substantive issues such as Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a (IaaS) and virtualization of operating environments were interpreted differently. In particular infrastructure services were predicted as promising new business areas. The confidence of users in the market has been repeatedly demanded. Since in the cloud computing applications in general several service providers are involved, a convincing concept for an economically and legally „stable” risk management is still not noticeable. A similar situation exists for the protection of privacy in Cloud Computing.
The traditional Crypto panel took again place with Withfield Diffie, Martin Hellman, Ronald Rivest, Adi Shamir and the newcomer Brian Snow (NSA IAD). It was moderated by Ari Juels, head of development at EMC-RSA Security.
Exciting was the intense debate between the scientists and the representative from the NSA. While the scientists complained that the NSA experts responded too hesitantly to current results, such as of cryptanalysis, Snow pointed out that the lack of quality in the implementation of cryptographic mechanisms is the main source for security vulnerabilities. According to him the selection process for new crypto and hash algorithms needs to be carried out more carefully in the latest phase - and over a longer time period. In his point of view this thesis is supported by the current experiences with vulnerabilities in AES. A proving ground could be the currently ongoing last phase of the selection of new hash algorithms.