Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

HSM Equipment To Be Used In Internet Registry

Thales : 12 January, 2011  (Technical Article)
Increased security for the internet registration service used by ISPs to make use of the nShield Connect hardware security modules from Thales
Thales announces that RIPE NCC, a Regional Internet Registry (RIR) for Internet number resources, is introducing a new process that make use of Thales nShield Connect hardware security modules (HSMs) for validation of  Internet resource-related messages. The digital certificate-based process will allow Internet Service Providers (ISPs) and telecommunications companies to automatically authenticate the legitimacy of the source of Internet traffic. The new process is expected to make the routing of Internet traffic more secure, reliable, and efficient.

 

Tim Bruijnzeels, senior software developer with RIPE NCC says “Soon our members will be able to use digital certificates to verify that the entities sending resource-related messages, such as routing updates, are authorized to do so. Members can use this ability to make processes like traffic routing more reliable and automated, while reducing the potential for Internet fraud and disruption. Thales nShield Connect HSMs will protect the integrity of certificates issued by RIPE NCC, helping our members to efficiently identify trustworthy messages.”

 

An independent, not-for-profit organization, RIPE NCC is one of five Regional Internet Registries (RIRs) that provide Internet resource allocations, registration services, and coordination activities that support the operation of the Internet globally. RIPE NCC facilitates the allocation and registration of IP address for the reliable routing of Internet traffic. The organization maintains a database of registered resources for all RIPE NCC members, most of whom are telecommunications companies, ISPs, and large corporations. Internet number resources make it possible to find websites and communicate online. Resource holders can send messages to other entities about their resources. These messages might indicate a number change or specify how traffic should be routed to reach the resources controlled by their numbers. These resources are often websites.

 

Today, unauthorized users with sufficient knowledge and malicious intent can attack websites by sending invalid resource-related messages. ISPs currently rely on inefficient and time-consuming processes to prevent attacks. That is why RIPE NCC and the world’s other four RIRs are implementing a process that will allow the authentication of resource holders—and the messages they send—using digital certificates. Each RIR is responsible for developing and implementing a process for issuing secure digital certificates to resource holders. Certificates will be signed by keys generated and secured within Thales nShield Connect HSMs. Because of the security offered by Thales nShield Connect, the signing keys are protected, making it impossible for anyone to access the keys and issue forged certificates. RIPE NCC expects to launch its new IP routing and allocation verification system in early 2011.

 

Prior to selecting Thales nShield Connect, RIPE NCC evaluated HSMs from four leading makers of security technology. Thales nShield Connect stood out because of its superior scalability and easy-to-use application programming interface (API). Importantly for RIPE NCC, nShield Connect is also FIPS 140-2 Level 3 validated. FIPS is one of the most widely recognized and stringent security standards for HSMs.

 

“After we enable certificate-based resource verification, our members will be able to further automate processes and ensure the smooth operation of the Internet,” continues Bruijnzeels. “It will be much easier to identify fraudulent messages that could potentially disrupt traffic. With the keys that sign the certificates secured by Thales HSMs, no one will be able to forge a certificate. Thales HSMs gave us everything we wanted, including FIPS validation, an easy-to-use API, and scalability.”

 

“Digital certificates are an effective way to make processes more secure through the authentication of machines, messages, and identities,” says Franck Greverie, Vice President, Thales in charge of information technology security activities. “The fact that RIPE NCC and other RIRs are using digital certificates for the addresses they register will help to make the Internet more secure and reliable for everyone. Thales is particularly pleased that RIPE NCC chose to secure its process using Thales HSMs.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo