Seven Hold Keys To The Internet

By Clay Dillow Posted 07.27.2010 at 4:36 pm
The Keys to the Internet Each smart card contains a portions of the DNSSEC root key, which would be necessary to reboot the Internet as we know it if connections were severed to stem a cyber attack.

You may have heard the rumor that swirled briefly last month about an Internet “kill switch” that could power down the Web in the case of a critical cyber attack. Those rumors turned out to be largely overblown, but it turns out there are now seven individuals out there holding keys to the Internet. In the aftermath of a cataclysmic cyber attack, these members of a “chain of trust” will be responsible for rebooting the Web.

The seven members of this holy order of cyber security hail from around the world and recently received their keys while locked deep in a U.S. bunker. But the team isn’t military in nature. The Internet safety program is overseen by the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit watchdog group that has access to a security system designed to protect users from cyber fraud and cyber attacks.

Part of ICANN’s security scheme is the Domain Name System Security, a security protocol that ensures Web sites are registered and “signed” (this is the security measure built into the Web that ensures when you go to a URL you arrive at a real site and not an identical pirate site). Most major servers are a part of DNSSEC, as it’s known, and during a major international attack, the system might sever connections between important servers to contain the damage.

A minimum of five of the seven keyholders – one each from Britain, the U.S., Burkina Faso, Trinidad and Tobago, Canada, China, and the Czech Republic – would have to converge at a U.S. base with their keys to restart the system and connect eveything once again. We’re imagining a large medieval chamber filled with techno-religious imagery where these knights cyber must simultaneously turn hybrid thumb drive/skeleton keys in a massive router, filling the room with the blinking light of connectivity.

In reality, it’s not so dramatic. The keys are actually smartcards that each contain parts of the DNSSEC root key, which could be thought of as the master key to the whole scheme. But it is interesting to know that there is a group of individuals out there that hold actual, physical keys that would reboot the Internet as we know it. Find out more about these cryptographic keys and how/why they’re made here.

This video –  describes the process of generating the cryptographic keys used for signing the ROOT Zone which was filmed at the first DNSSEC Signing Ceremony which took place on the 16th June 2010 – ready for DNSSEC Signed Root on the 15th July 2010.



Not-so-secret seven hold keys to the internet

15:30 27 July 2010

Gareth Morgan, technology editor

It’s like something out of a Templar’s mystical ritual: seven key holders are each assigned to guard a part of a key, and in times of great crisis, five of them must come together for the key’s power to be unleashed and save the day. But this is no fantasy tale; it’s the latest attempt to safeguard the internet.

The plan was drawn up by the internet domain name watchdog ICANN as a means to protect the internet in the event of a major attack on its infrastructure. The complete key can be used to reboot the systems at the heart of the internet which direct users to the genuine websites.

The BBC reports that UK-based business man Paul Kane is one of the key holders. He was given a smartcard which contains part of the root key needed to initiate the reboot, and plans to store that in a tamper-proof bag in a secure deposit box.

Other key holders include US-based security researcher Dan Kaminsky, who has previously uncovered flaws in the internet directory Domain Name System (DNS).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: