Transcript RSA SecurID - University of Tulsa

Andrew Arvay
Dual-Factor Authentication

Three factors:
 Something the user knows
 Something the user has
 Something the user is

Federal Financial
Institutions
Examination Council
RSA
Cryptographic algorithm (1977)
 Security firm (1982)
 Ron Rivest, Adi Shamir and Leonard
Adleman
 Bought by EMC (2006)

SecurID
Authentication product based on RSA
algorithm
 Tokens
 Seed

SecurID




Hardware
Software
Time period
Compromise
Deployment
Client-server
 Token offline – credentials passed to
server
 Token import/assignment

Uses/Examples
Cisco ACS
 Windows
 Blizzard
 Google

References
http://tools.ietf.org/html/draft-mraihi-totptimebased-00
 http://www.rsa.com (web archive)
 http://intrepidusgroup.com/insight/2011/0
3/risk-posed-by-securid-hack/
