Thales nShield Connect selected to enhance security of the Internet for RIPE NCC

With Thales Hardware Security Modules, RIPE NCC develops an easier and more secure way to help manage Internet routing and IP allocation

(PresseBox) ( Weston, FL and Cambridge UK, )
Thales, leader in information systems and communications security, announces that RIPE NCC, a Regional Internet Registry (RIR) for Internet number resources, is introducing a new process that leverages Thales nShield Connect hardware security modules (HSMs) for validation of Internet resource-related messages. The digital certificate-based process will allow Internet Service Providers (ISPs) and telecommunications companies to automatically authenticate the legitimacy of the source of Internet traffic. The new process is expected to make the routing of Internet traffic more secure, reliable, and efficient.

Tim Bruijnzeels, senior software developer with RIPE NCC says "Soon our members will be able to use digital certificates to verify that the entities sending resource-related messages, such as routing updates, are authorized to do so. Members can use this ability to make processes like traffic routing more reliable and automated, while reducing the potential for Internet fraud and disruption. Thales nShield Connect HSMs will protect the integrity of certificates issued by RIPE NCC, helping our members to efficiently identify trustworthy messages."

An independent, not-for-profit organization, RIPE NCC is one of five Regional Internet Registries (RIRs) that provide Internet resource allocations, registration services, and coordination activities that support the operation of the Internet globally. RIPE NCC facilitates the allocation and registration of IP address for the reliable routing of Internet traffic. The organization maintains a database of registered resources for all RIPE NCC members, most of whom are telecommunications companies, ISPs, and large corporations. Internet number resources make it possible to find websites and communicate online. Resource holders can send messages to other entities about their resources. These messages might indicate a number change or specify how traffic should be routed to reach the resources controlled by their numbers. These resources are often websites.

Today, unauthorized users with sufficient knowledge and malicious intent can attack websites by sending invalid resource-related messages. ISPs currently rely on inefficient and time-consuming processes to prevent attacks. That is why RIPE NCC and the world's other four RIRs are implementing a process that will allow the authentication of resource holders-and the messages they send-using digital certificates. Each RIR is responsible for developing and implementing a process for issuing secure digital certificates to resource holders. Certificates will be signed by keys generated and secured within Thales nShield Connect HSMs. Because of the security offered by Thales nShield Connect, the signing keys are protected, making it impossible for anyone to access the keys and issue forged certificates. RIPE NCC expects to launch its new IP routing and allocation verification system in early 2011.

Prior to selecting Thales nShield Connect, RIPE NCC evaluated HSMs from four leading makers of security technology. Thales nShield Connect stood out because of its superior scalability and easy-to-use application programming interface (API). Importantly for RIPE NCC, nShield Connect is also FIPS 140-2 Level 3 validated. FIPS is one of the most widely recognized and stringent security standards for HSMs.

"After we enable certificate-based resource verification, our members will be able to further automate processes and ensure the smooth operation of the Internet," continues Bruijnzeels. "It will be much easier to identify fraudulent messages that could potentially disrupt traffic. With the keys that sign the certificates secured by Thales HSMs, no one will be able to forge a certificate. Thales HSMs gave us everything we wanted, including FIPS validation, an easy-to-use API, and scalability."

"Digital certificates are an effective way to make processes more secure through the authentication of machines, messages, and identities," says Franck Greverie, Vice President, Thales in charge of information technology security activities. "The fact that RIPE NCC and other RIRs are using digital certificates for the addresses they register will help to make the Internet more secure and reliable for everyone. Thales is particularly pleased that RIPE NCC chose to secure its process using Thales HSMs."

Visit our digital media centre for industry issues and comment


Founded in 1992, RIPE NCC is an independent, not-for-profit membership organization that supports the infrastructure of the Internet. The most prominent activity of RIPE NCC is to act as a RIR, providing global Internet resources and related services to a current membership base of around 6,800 members in 75 countries. These members consist mainly of ISPs, telecommunication organizations, and large corporations located in Europe, the Middle East and parts of Central Asia. As one of the world's five RIRs, RIPE NCC performs a range of critical functions including:

- The reliable and stable allocation of Internet number resources (IPv4, IPv6 and AS Number resources)
- The responsible storage and maintenance of this registration data
- The provision of an open, publicly accessible database where this data can be accessed

RIPE NCC also provides a range of technical and coordination services for the Internet community. These services include the operation of K-root (one of the 13 root name server clusters), the Deployment of Internet Security Infrastructure (DISI) and DNS Monitoring (DNSMON). More information about RIPE NCC is available at:
The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material.
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to