AfriNIC pilots public key infrastructure resource project


The Africa Network Information Center, the regional Internet registry also known as AfriNIC, is moving ahead on a pilot project designed to give ISPs security measures along with IP address allocations.

The pilot aims to provide increased value to ISPs by issuing certificates based on public key cryptography. Public keys are widely distributed but private keys are secret -- messages are encrypted with the public key and can only be decrypted with the private key to ensure confidentiality. AfricNIC officials discussed the project last week at the AfriNIC-12 Public Policy Meeting in Kigali, Rwanda,

"The RPKI process allows AfriNIC members to manage Route Origin Authorizations (ROAs) for their address space; (it) provides a public repository of certificates, where people can confirm validity and who owns what," said Alain Aina, special projects manager at AfriNIC, during the Kigali meeting.

Electronic commerce and credit card use online have failed to take off on the continent outside South Africa mainly because of a lack of national laws that govern electronic commerce and data protection. Most countries have no laws that address theft of electronic data or theft of credit card information.

Lack of security and authenticity of online resources has been blamed for the lack of trust. Spam and IP hijacking is increasingly becoming a reality as the region becomes more connected.

"The certificates will facilitate better routing security, guard against IP space hijacking, spam and address the need for trusted data for ISPs and eventually end users," added Aina.

The project will involve investment in infrastructure, servers and an RPKI engine. AfriNIC members have yet to decide whether the registry should offer the services as a free value-add, or whether ISPs should pay extra for them.

"AfriNIC can host the infrastructure for members, where they can connect and enjoy the benefits. If you ask people to invest, they may not be [attracted] to the idea; the more you do for members in the beginning the better," said Nii Quaynor, a member of Africa Network Operators Group (AfNOG).
There is no guarantee that member ISPs will seek certification, especially if there is no requirement that ISPs peer with each other.