Thales nShield Connect Selected To Enhance Security Of The Internet For RIPE NCC
With Thales Hardware Security Modules, RIPE NCC Develops An Easier And More Secure Way To Help Manage Internet Routing And IP Allocation
Thales, leader in information systems and communications security, announces that RIPE NCC, a Regional Internet Registry (RIR) for Internet number resources, is introducing a new process that leverages Thales nShield Connect hardware security modules (HSMs) for validation of Internet resource-related messages. The digital certificate-based process will allow Internet Service Providers (ISPs) and telecommunications companies to automatically authenticate the legitimacy of the source of Internet traffic. The new process is expected to make the routing of Internet traffic more secure, reliable, and efficient.
Tim Bruijnzeels, senior software developer with RIPE NCC says “Soon our members will be able to use digital certificates to verify that the entities sending resource-related messages, such as routing updates, are authorized to do so. Members can use this ability to make processes like traffic routing more reliable and automated, while reducing the potential for Internet fraud and disruption. Thales nShield Connect HSMs will protect the integrity of certificates issued by RIPE NCC, helping our members to efficiently identify trustworthy messages.”
An independent, not-for-profit organization, RIPE NCC is one of five Regional Internet Registries (RIRs) that provide Internet resource allocations, registration services, and coordination activities that support the operation of the Internet globally. RIPE NCC facilitates the allocation and registration of IP address for the reliable routing of Internet traffic. The organization maintains a database of registered resources for all RIPE NCC members, most of whom are telecommunications companies, ISPs, and large corporations. Internet number resources make it possible to find websites and communicate online. Resource holders can send messages to other entities about their resources. These messages might indicate a number change or specify how traffic should be routed to reach the resources controlled by their numbers. These resources are often websites.
Today, unauthorized users with sufficient knowledge and malicious intent can attack websites by sending invalid resource-related messages. ISPs currently rely on inefficient and time-consuming processes to prevent attacks. That is why RIPE NCC and the world’s other four RIRs are implementing a process that will allow the authentication of resource holders—and the messages they send—using digital certificates. Each RIR is responsible for developing and implementing a process for issuing secure digital certificates to resource holders. Certificates will be signed by keys generated and secured within Thales nShield Connect HSMs. Because of the security offered by Thales nShield Connect, the signing keys are protected, making it impossible for anyone to access the keys and issue forged certificates. RIPE NCC expects to launch its new IP routing and allocation verification system in early 2011.
Prior to selecting Thales nShield Connect, RIPE NCC evaluated HSMs from four leading makers of security technology. Thales nShield Connect stood out because of its superior scalability and easy-to-use application programming interface (API). Importantly for RIPE NCC, nShield Connect is also FIPS 140-2 Level 3 validated. FIPS is one of the most widely recognized and stringent security standards for HSMs.
“After we enable certificate-based resource verification, our members will be able to further automate processes and ensure the smooth operation of the Internet,” continues Bruijnzeels. “It will be much easier to identify fraudulent messages that could potentially disrupt traffic. With the keys that sign the certificates secured by Thales HSMs, no one will be able to forge a certificate. Thales HSMs gave us everything we wanted, including FIPS validation, an easy-to-use API, and scalability.”
“Digital certificates are an effective way to make processes more secure through the authentication of machines, messages, and identities,” says Franck Greverie, Vice President, Thales in charge of information technology security activities. “The fact that RIPE NCC and other RIRs are using digital certificates for the addresses they register will help to make the Internet more secure and reliable for everyone. Thales is particularly pleased that RIPE NCC chose to secure its process using Thales HSMs.”
Visit our digital media centre www.keymanagementinsights.com for industry issues and comment
About RIPE NCC
Founded in 1992, RIPE NCC is an independent, not-for-profit membership organization that supports the infrastructure of the Internet. The most prominent activity of RIPE NCC is to act as a RIR, providing global Internet resources and related services to a current membership base of around 6,800 members in 75 countries. These members consist mainly of ISPs, telecommunication organizations, and large corporations located in Europe, the Middle East and parts of Central Asia. As one of the world's five RIRs, RIPE NCC performs a range of critical functions including:
- The reliable and stable allocation of Internet number resources (IPv4, IPv6 and AS Number resources)
- The responsible storage and maintenance of this registration data
- The provision of an open, publicly accessible database where this data can be accessed
RIPE NCC also provides a range of technical and coordination services for the Internet community. These services include the operation of K-root (one of the 13 root name server clusters), the Deployment of Internet Security Infrastructure (DISI) and DNS Monitoring (DNSMON). More information about RIPE NCC is available at: www.ripe.net.
Notes to editors
The Information Technology Security activities of Thales
Thales is a leading global provider of data encryption solutions to the financial services, high technology manufacturing, government and technology sectors. With a 40-year track record of protecting corporate and government information, Thales solutions are used by four of the five largest energy and aerospace companies, 22 NATO countries, and they secure more than 70 percent of worldwide payment transactions. Thales eSecurity has offices in France, Hong Kong, Norway, United States and the United Kingdom. For more information, visit www.thalesgroup.com/iss.
Thales is a global technology leader for the Defence & Security and the Aerospace & Transport markets. In 2009 the company generated revenues of €12.9 billion, with 68,000 employees in 50 countries. With its 22,500 engineers and researchers Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, with operations around the world working with customers as local partners. www.thalesgroup.com