Menu
Share
Share this story
Close X
 
Switch to Desktop Site

Seven internet 'key holders' could insure against cyber attack

Seven "keys" have been handed out to a trusted circle of people who might get called upon to "save" the Internet in the aftermath of a cyber attack.

View video

At least five key-holding members of this fellowship would have to meet at a secure data center in the United States to reboot this so-called Domain Name System Security Extensions (DNSSEC) in case of a very unlikely system collapse.

Newscom/File

View photo

In a move that seems inspired by "The Lord of the Rings," seven "keys" have been handed out to a trusted circle of people who might get called upon to "save" the Internet in the aftermath of a cyber attack.

But contrary to other news reports, the seven key holders have not been vested with the power to resurrect the entire Internet should it be sabotaged by hackers.

About these ads

Rather, they have been given encryption keys necessary for restoring a long-touted Internet security protocol that finally came into force earlier this month

At least five key-holding members of this fellowship would have to meet at a secure data center in the United States to reboot this so-called Domain Name System Security Extensions (DNSSEC) in case of a very unlikely system collapse.

"If you round up five of these guys, they can decrypt [the root key] should the West Coast fall in the water and the East Coast get hit by a nuclear bomb," Richard Lamb, program manager for DNSSEC at ICANN, told TechNewsDaily.

ICANN is short for the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit corporation dedicated to keeping the Internet operational and responsible for assigning domain names and IP addresses.

Each person's key contains encrypted parts of the root DNSSEC key, and these keys are actually two identical copies of a smartcard, sealed in a tamper-evident plastic bag.

DNSSEC establishes a chain of authentication when a computer looks up an IP address, which is a unique identifier for an Internet-connected device. DNSSEC will ensure that Web sites and emails from them are authentic and not malicious copies that hackers can set up to steal wired funds, for example.

Some governments and top-level domains such as .org have already initiated their own version of the DNSSEC, and eventually the whole Internet will be migrated to function under the official new security umbrella.

About these ads

The measure is being taken to shore up the network as international interdependence (read: world peace) comes to rely ever more on the flow of information and services over the Internet.

ICANN appointed the seven Trusted Community Representatives (TCRs) from different countries to represent regions. Paul Kane, a prominent British Internet industry head, represents Western Europe, for example. Canada, China, Burkina Faso, Trinidad and Tobago, and the Czech Republic also have representatives. The United States' "ring bearer" is Dan Kaminsky, chief scientist at Recursion Ventures.

Splitting up the encryption info amongst seven people makes it so that no one person or organization can switch the DNSSEC on or off.

Restarting the DNSSEC from scratch would be akin to rebuilding the Internet's trusted "Yellow Pages" of Web site connections and identities.

ICANN, which has two U.S. facilities in Washington, D.C. and Marina del Ray, Calif., oversees DNSSEC. The loss of both of its centers is an example of a very unlikely event that would make calling upon the key holders necessary to restore Internet security.

RELATED:


Follow Stories Like This
Get the Monitor stories you care about delivered to your inbox.