SOURCE: AEP Networks

April 23, 2008 05:33 ET

ICANN Chooses AEP Keyper to Help Secure the Internet DNS System

Hardware Security Module From AEP Networks for DNSSEC Deployments

SOMERSET, NJ--(Marketwire - April 23, 2008) - High security levels and easy maintenance are among the key drivers which have prompted the Internet Corporation for Assigned Names and Numbers (ICANN) to include hardware security modules (HSMs) from AEP Networks in its first DNSSEC deployment.

"Security is a critical factor for our DNSSEC deployment, so Keyper and FIPS Level 4 was an easy choice," said Richard Lamb of ICANN.

ICANN is tasked with securing and stabilizing the Internet. The international not-for-profit organization coordinates the Domain Name System (DNS), which maps host names to IP addresses.

The Internet community recently developed a new technology called DNS Security Extensions (DNSSEC), which has become widely recognized as not only the solution to forms of attack such as DNS cache poisoning, but may also provide additional security-in-depth for the Internet as a whole in conjunction with other security measures.

DNSSEC uses public key cryptography to digitally sign DNS records. Digital signing guarantees the validity of DNS responses, protecting Internet users from the fraudulent DNS responses that could contribute to phishing techniques and other forms of fraud. Digital keys are generated and stored in an HSM. In addition to key generation and storage, HSMs provide fast cryptographic processing, which offloads computationally intensive calculations from servers.

"DNSSEC incorporates a chain of trust into the DNS hierarchy. Secure key generation and storage is a fundamental element in that chain," commented Lamb.

Before deciding on AEP Networks, the ICANN team evaluated various HSMs, but chose AEP Keyper because it provides the highest security level. Other factors influencing the decision were the exceptional support and 'hands-off' maintenance. Keyper is simple to deploy and manage, and can be used to completely automate the key generation and rollover process.

AEP Keyper is the only network-attached HSM on the market certified to FIPS 140-2 Level 4, the highest FIPS accreditation. Level 4 HSMs automatically destroy keys in response to a tamper attempt, significantly reducing the possibility of key compromise. Keyper is a sealed, designed-for-purpose unit with no moving parts. It runs an embedded operating system and delivers unmatched operational stability and reliability.

ICANN plans to deploy additional Keyper units in geographically different sites for failover and backup. Keyper's load balancing architecture scales to work with the most complex and demanding implementations. Plus, additional units can be easily added to provide linear scalability. Keyper units can be installed in any location for multi-site geographical load balancing with secure key distribution, even over unsecured networks. Keyper's unique combination of FIPS Level 4 certification with secure key distribution enables global fault tolerance without increasing the risk of key compromise.

Keyper is deployed in a variety of sensitive international projects and by financial institutions. Keyper customers include national authorities, revenue and taxation systems, treaty monitoring programs, space systems and defense authorities.

"Knowing AEP Networks has strong crypto expertise combined with customer credibility is very reassuring," said Lamb.

Additional information

To learn more about ICANN's use of AEP Keyper for DNSSEC, go to:

About AEP Networks

AEP Networks offers a comprehensive Policy Networking solution that provides complete security starting at the endpoints and working throughout a network -- from the edge to the core. AEP's integrated portfolio of security products includes identity-based network and resource access control, SSL VPNs, high assurance IPSec-based VPN encryptors, and hardware security modules for key management. Our products address the most demanding security requirements of public-sector organizations and commercial enterprises internationally. The company is headquartered in Somerset, New Jersey, with offices worldwide.

AEP Networks, the AEP Networks logo, IDpoint, and PacketTag are trademarks of AEP Networks, Inc., with registration pending in the United States. Netilla, SmartGate, SmartPass and SmartAdmin are registered trademarks of AEP Networks, Inc. All other trademarks or registered trademarks contained herein are the property of their respective owners.

Contact Information