Building trust online remains a big hurdle to fully taking advantage of the Internet in Africa, and at the Africa Domain Name System Forum meeting in Nairobi earlier this month, experts called for more rapid implementation of security mechanisms on the central elements of the Internet infrastructure and recommended the use of DNS security (DNSSEC) extensions to counter the issue.
Kenya's country code Top Level Domain name registry (KENIC) has implemented DNSSEC. Kenya is also one of the few countries whose government has committed to a PKI implementation, which it began work on in March 2013, although the task remains unfinished.
A PKI is a complex undertaking in that it includes not only hardware and software, but also people and procedures to enable the use of digital certificates and public-key encryption. The payoff is a more secure environment where Internet users are able to securely verify that a website or online service is genuine and they have confidence that the online server they are communicating with can be trusted.
Kenya's delays are not for lack of awareness of the issues at stake when the identity of an online server can't be verified. Recently, the Kenyan government placed notices in local newspapers warning users away from a fraudulent site that aimed to swindle the public by masquerading as the legitimate Uwezo.go.ke, which offers micro-financing to qualified applicants. The copycat site was trying to take a fee from loan applicants.
At the meeting, co-organized by the Internet Society, ICANN and the AFTLD, Internet Society's Chief Internet Technology Officer Olaf Kolkman spoke of the need for deployment of DNSSEC, saying that trust in the Internet needs to be protected in order for adoption to increase. DNSSEC is a set of extensions to the Domain Name System which authenticate and verify certain data for DNS clients and can complement PKI, he said. For its part, "The PKI architecture has some vulnerabilities that the Internet Engineering community is trying to fix, one of those fixes involves having deployed DNSSEC. By combining DNSSEC and PKI you can increase your confidence that you are communicating with a genuine online service," he said, adding that it helps governments protect citizens' online communication.
Collins Oduor, IT Security Manager at iLabAfrica, Strathmore University Nairobi, concurs that implementing the PKI is crucial for Internet security.
"PKI is an effective mechanism that can be implemented to protect sensitive information from malicious attackers," he said. But other security initiatives need to be implemented alongside it. "We all know that it's impossible to achieve 100 percent security. Some of challenges with PKI implementation are not directly linked to the technologies used but to human errors or carelessness," he said.
Speakers at the meeting urged governments in Africa to take online security much more seriously, as increasing use of the Internet is a catalyst for economic activity.
Kenya is looking to implement various e-government initiatives that will include citizen participation. One of the state sites, eCitizen.go.ke, is getting a great deal of activity, with over 400,000 Kenyans applying for and renewing various official documents online. The government also plans to add the ability to make more than 100 kinds of payments online, so security is crucial.
The Kenyan government should focus on raising citizens' awareness about online risk, Oduor said. "The more enlightened the people are, the less they are likely to become victims of attacks such as phishing," he added.