Origin validation for increasing Internet security and stability
30/06/2015
With the support of the Internet Address Registry for Latin America and the Caribbean (LACNIC), Costa Rica has become one of the first countries to implement origin validation at their Internet Exchange Point (IXP).
This work allows strengthening local Internet traffic and avoiding route hijacking for capturing traffic containing sensitive information (bank account numbers, passwords, etc.), spamming and conducting DDoS attacks, among others.
By taking this important step, the Costa Rican Internet Exchange Point (CRIX) became the second IXP to create a national island of trust for local Internet infrastructure, preceded only by Ecuador.
Resource Public Key Infrastructure (RPKI) allows certifying information to digitally prove that an entity has the right to use IPv4 and IPv6 addresses. This information is validated through a router and is known as Origin Validation.
The organizations responsible for resource validation are Regional Registries (RIR) or National Registries, as appropriate. In the case of Costa Rica, the process was conducted with the support of the Internet Address Registry for Latin America and the Caribbean (LACNIC).
So far, the only IXP to implement origin validation had been Ecuador (NAP.EC), and organization that since September 2013 has become a successful case study that proves that technology can solve real operational problems in an already operational environment. Together with LACNIC, NAP.EC has been a strategic partner for implementing this system at CRIX.
Mauricio Oviedo, head of information technologies at NIC Costa Rica, noted that implementing Origin Validation at CRIX is an important step “towards greater Internet security and stability” and “a guarantee for Costa Rican users, which adds to NIC Costa Rica’s efforts to promote cutting-edge technologies that will strengthen the country’s national cybersecurity strategy and enhance technological development throughout the region.”