71254 Ditzingen, de
+44 (1223) 723612
Thales nShield Connect selected to enhance security of the Internet for RIPE NCC
With Thales Hardware Security Modules, RIPE NCC develops an easier and more secure way to help manage Internet routing and IP allocation
Tim Bruijnzeels, senior software developer with RIPE NCC says "Soon our members will be able to use digital certificates to verify that the entities sending resource-related messages, such as routing updates, are authorized to do so. Members can use this ability to make processes like traffic routing more reliable and automated, while reducing the potential for Internet fraud and disruption. Thales nShield Connect HSMs will protect the integrity of certificates issued by RIPE NCC, helping our members to efficiently identify trustworthy messages."
An independent, not-for-profit organization, RIPE NCC is one of five Regional Internet Registries (RIRs) that provide Internet resource allocations, registration services, and coordination activities that support the operation of the Internet globally. RIPE NCC facilitates the allocation and registration of IP address for the reliable routing of Internet traffic. The organization maintains a database of registered resources for all RIPE NCC members, most of whom are telecommunications companies, ISPs, and large corporations. Internet number resources make it possible to find websites and communicate online. Resource holders can send messages to other entities about their resources. These messages might indicate a number change or specify how traffic should be routed to reach the resources controlled by their numbers. These resources are often websites.
Today, unauthorized users with sufficient knowledge and malicious intent can attack websites by sending invalid resource-related messages. ISPs currently rely on inefficient and time-consuming processes to prevent attacks. That is why RIPE NCC and the world's other four RIRs are implementing a process that will allow the authentication of resource holders-and the messages they send-using digital certificates. Each RIR is responsible for developing and implementing a process for issuing secure digital certificates to resource holders. Certificates will be signed by keys generated and secured within Thales nShield Connect HSMs. Because of the security offered by Thales nShield Connect, the signing keys are protected, making it impossible for anyone to access the keys and issue forged certificates. RIPE NCC expects to launch its new IP routing and allocation verification system in early 2011.
Prior to selecting Thales nShield Connect, RIPE NCC evaluated HSMs from four leading makers of security technology. Thales nShield Connect stood out because of its superior scalability and easy-to-use application programming interface (API). Importantly for RIPE NCC, nShield Connect is also FIPS 140-2 Level 3 validated. FIPS is one of the most widely recognized and stringent security standards for HSMs.
"After we enable certificate-based resource verification, our members will be able to further automate processes and ensure the smooth operation of the Internet," continues Bruijnzeels. "It will be much easier to identify fraudulent messages that could potentially disrupt traffic. With the keys that sign the certificates secured by Thales HSMs, no one will be able to forge a certificate. Thales HSMs gave us everything we wanted, including FIPS validation, an easy-to-use API, and scalability."
"Digital certificates are an effective way to make processes more secure through the authentication of machines, messages, and identities," says Franck Greverie, Vice President, Thales in charge of information technology security activities. "The fact that RIPE NCC and other RIRs are using digital certificates for the addresses they register will help to make the Internet more secure and reliable for everyone. Thales is particularly pleased that RIPE NCC chose to secure its process using Thales HSMs."
Visit our digital media centre www.keymanagementinsights.com for industry issues and comment
About RIPE NCC
Founded in 1992, RIPE NCC is an independent, not-for-profit membership organization that supports the infrastructure of the Internet. The most prominent activity of RIPE NCC is to act as a RIR, providing global Internet resources and related services to a current membership base of around 6,800 members in 75 countries. These members consist mainly of ISPs, telecommunication organizations, and large corporations located in Europe, the Middle East and parts of Central Asia. As one of the world's five RIRs, RIPE NCC performs a range of critical functions including:
- The reliable and stable allocation of Internet number resources (IPv4, IPv6 and AS Number resources)
- The responsible storage and maintenance of this registration data
- The provision of an open, publicly accessible database where this data can be accessed
RIPE NCC also provides a range of technical and coordination services for the Internet community. These services include the operation of K-root (one of the 13 root name server clusters), the Deployment of Internet Security Infrastructure (DISI) and DNS Monitoring (DNSMON). More information about RIPE NCC is available at: www.ripe.net.
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to email@example.com.