Building trust online remains a big hurdle to fully taking advantage of the Internet in Africa, and at the Africa Domain Name System Forum meeting in Nairobi earlier this month, experts called for more rapid implementation of security mechanisms on the central elements of the Internet infrastructure and recommended the use of DNS security (DNSSEC) extensions to counter the issue.
Kenya's country code Top Level Domain name registry (KENIC) has implemented DNSSEC. Kenya is also one of the few countries whose government has committed to a PKI implementation, which it began work on in March 2013, although the task remains unfinished.
A PKI is a complex undertaking in that it includes not only hardware and software, but also people and procedures to enable the use of digital certificates and public-key encryption. The payoff is a more secure environment where Internet users are able to securely verify that a website or online service is genuine and they have confidence that the online server they are communicating with can be trusted.
Kenya's delays are not for lack of awareness of the issues at stake when the identity of an online server can't be verified. Recently, the Kenyan government placed notices in local newspapers warning users away from a fraudulent site that aimed to swindle the public by masquerading as the legitimate Uwezo.go.ke, which offers micro-financing to qualified applicants. The copycat site was trying to take a fee from loan applicants.
At the meeting, co-organized by the Internet Society, ICANN and the AFTLD, Internet Society's Chief Internet Technology Officer Olaf Kolkman spoke of the need for deployment of DNSSEC, saying that trust in the Internet needs to be protected in order for adoption to increase. DNSSEC is a set of extensions to the Domain Name System which authenticate and verify certain data for DNS clients and can complement PKI, he said. For its part, "The PKI architecture has some vulnerabilities that the Internet Engineering community is trying to fix, one of those fixes involves having deployed DNSSEC. By combining DNSSEC and PKI you can increase your confidence that you are communicating with a genuine online service," he said, adding that it helps governments protect citizens' online communication.
Collins Oduor, IT Security Manager at iLabAfrica, Strathmore University Nairobi, concurs that implementing the PKI is crucial for Internet security.
"PKI is an effective mechanism that can be implemented to protect sensitive information from malicious attackers," he said. But other security initiatives need to be implemented alongside it. "We all know that it's impossible to achieve 100 percent security. Some of challenges with PKI implementation are not directly linked to the technologies used but to human errors or carelessness," he said.