RSA Laboratories Unveils Innovative Countermeasure to Recent 'Denial of Service' Hacker Attacks
BEDFORD, Mass., Feb. 11 /PRNewswire/ -- In response to recent hacking attacks across a variety of Internet-based businesses, RSA Security Inc. (Nasdaq: RSAS) today announced that its research and development organization, RSA Laboratories, is developing a potential cryptographic countermeasure against "connection depletion" or "denial-of-service" attacks. RSA Laboratories includes some of the world's most renowned cryptographers and mathematicians and through its research programs, publications, seminars and standards development has helped shape security for the Internet.
The number of recent hacking incidents have illustrated that even if a Web server is effectively protected against intrusive security breaches, it may still be vulnerable to a range of denial-of-service attacks. These attacks are ones in which a malicious party makes a large number of connection requests to a server, exhausting its resources and rendering it incapable of servicing legitimate requests.
RSA Laboratories is currently working on a new approach, referred to as the "client puzzle" protocol, which is intended to defend Web servers against these types of attacks.
This sophisticated countermeasure is currently in development and undergoing rigorous laboratory testing to quickly bring an innovative product to market. RSA Security intends to provide additional details in the coming months and, in the interim, offers additional information on client puzzles and related cryptographic theory at
rsasecurity.com.
This new cryptographic countermeasure employed using client puzzles is designed to allow servers to accept connection requests normally when there is no evidence of an attack, but during an attack would only selectively accept requests. Specifically, the server would hand out to each client making a request a unique "client puzzle" -- a cryptographic problem formulated using the time and information unique to the server and client request.
In order to have resources allocated for a specific connection, the client must submit to the server a correct solution to an individual puzzle deployed with conventional time-outs on server resources. During an attack, legitimate clients would experience only a small degradation in connection time, while the attacking party would require vast computational resources to sustain an interruption of service. As a result, the subsequent burden of numerous requests placed back on the attacking party would severely limit its ability to continue the attack.
"While the recent attacks to leading Internet companies are not related to a deficiency in today's security solutions, they underscore a range of issues we need to address to make the Internet a secure and reliable environment," said Joe Uniejewski, senior vice president of engineering at RSA Security. "The work underway at RSA Labs is another example of how RSA Security has deployed its unmatched resources to combat these issues and bring a greater level of trust to the way we'll do business in the future."
About RSA Security Inc.
RSA Security Inc., The Most Trusted Name in e-Security(TM), helps organizations build secure, trusted foundations for e-business through its RSA SecurID(R) two-factor authentication, RSA BSAFE(R) encryption and RSA Keon(TM) public key management systems. With nearly a half billion RSA BSAFE-enabled applications in use worldwide, more than six million RSA SecurID users and almost 20 years of industry experience, RSA Security has the proven leadership and innovative technology to address the changing security needs of e-business and bring trust to the new, online economy. RSA Security can be reached at www.rsasecurity.com.
NOTE: BSAFE and SecurID are registered trademarks, and Keon, RSA, RSA Secured and The Most Trusted Name in e-Security are trademarks of RSA Security Inc. All other products and services mentioned are trademarks of their respective companies.
This press release contains forward-looking statements relating to the development and anticipated release of a new RSA Security product. Such statements involve a number of risks and uncertainties. Among the important factors that could cause actual results to differ materially from those indicated by such forward-looking statements are delays in product development, technical difficulties, software bugs and errors, competitive pressures, changes in customer requirements, market acceptance of new technologies, technological changes in the computer industry and the risk factors detailed from time to time in RSA Security's periodic reports and registration statements filed with the Securities and Exchange Commission, including without limitation RSA Security's Annual Report on Form 10-K filed on March 31, 1999 and its Quarterly Report on Form 10-Q filed on November 15, 1999.
SOURCE RSA Security, Inc.
CONTACT: Patrick Corman of Corman Communications, 650-326-9648, or patrick@cormancom.com, for RSA Security, Inc.; or Richard Mack of RSA Security Inc., 781-301-5344, or rhmack@rsasecurity.com/
United States: 1-877-RSA-4900 or 781 301 5000, Europe, Middle East, Africa: +44 118 936 2600,
Asia/Pacific: +65 733 5400, Japan: +81 3 3539 7511http://www.corporate-ir.net/ireye/ir_site.zhtml?ticker=rsas&... |
