Hardware Security Module from AEP networks for DNSSEC Deployments.

Internet Corporation for Assigned Names and Numbers, today announced that as high security levels and easy maintenance are among the key drivers, it has included hardware security modules from AEP Networks in its first DNSSEC deployment.

ICANN says that its task is to secure and stabilize the Internet. The international not-for-profit organization coordinates the Domain Name System, which maps host names to IP addresses.

It avers that the Internet community recently developed a new technology called DNS Security Extensions, which has become widely recognized as not only the solution to forms of attack such as DNS cache poisoning, but may also provide additional security-in-depth for the Internet as a whole in conjunction with other security measures.

In addition it explains that DNSSEC uses public key cryptography to digitally sign DNS records. Digital signing guarantees the validity of DNS responses, protecting Internet users from the fraudulent DNS responses that could contribute to phishing techniques and other forms of fraud. Digital keys are generated and stored in an HSM. In addition to key generation and storage, HSMs provide fast cryptographic processing, which offloads computationally intensive calculations from servers.

ICANN states that before deciding on AEP Networks, its team evaluated various HSMs, but chose AEP Keyper because it provides the highest security level. It adds that, other factors influencing the decision was there support and 'hands-off' maintenance. Keyper is simple to deploy and manage, and can be used to completely automate the key generation and rollover process.

It articulates that AEP Keyper is the only network-attached HSM on the market certified to FIPS 140-2 Level 4, the highest FIPS accreditation. It also states that its Level 4 HSMs automatically destroy keys in response to a tamper attempt, significantly reducing the possibility of key compromise. Keyper is a sealed, designed-for-purpose unit with no moving parts. It runs an embedded operating system and delivers unmatched operational stability and reliability.

ICANN also announced that it plans to deploy additional Keyper units in geographically different sites for failover and backup. Keyper's load balancing architecture scales to work with the most complex and demanding implementations. Plus, additional units can be easily added to provide linear scalability. Keyper units can be installed in any location for multi-site geographical load balancing with secure key distribution, even over unsecured networks. Keyper's unique combination of FIPS Level 4 certification with secure key distribution enables global fault tolerance without increasing the risk of key compromise.

"DNSSEC incorporates a chain of trust into the DNS hierarchy. Secure key generation and storage is a fundamental element in that chain," commented Lamb.

"Security is a critical factor for our DNSSEC deployment, so Keyper and FIPS Level 4 was an easy choice," said Richard Lamb of ICANN.

"Knowing AEP Networks has strong crypto expertise combined with customer credibility is very reassuring," said Lamb.