It sounds like the stuff of science fiction: seven actual physical keys, held by individuals from all over the world, that together control security at the core of the web.
Each of the 14 primary keyholders owns a traditional metal key to a safety deposit box, which in turn contains a smartcard, which in turn activates a machine that creates a new master key.
The keyholders have been meeting four times a year, twice on the east coast of the US and twice here on the west, since 2010. Gaining access to their inner sanctum isn't easy, but some people are invited along to watch the ceremony and meet some of the keyholders – a select group of security experts from around the world. All have long backgrounds in internet security and work for various international institutions. They were chosen for their geographical spread as well as their experience no one country is allowed to have too many keyholders. They travel to the ceremony at their own, or their employer's, expense.
The people who conducting the ceremony are part of an organization called the Internet Corporation for Assigned Names and Numbers (ICANN). (ICANN is responsible for assigning numerical Internet addresses to websites and computers and translating them into the normal web addresses that people type into their browsers)
What these men and women control is the system at the heart of the web: the domain name system, or DNS. This is the internet's version of a telephone directory – a series of registers linking web addresses to a series of numbers, called IP addresses. Without these addresses, you would need to know a long sequence of numbers for every site you wanted to visit. To get to the My Blog, for instance, you'd have to enter "173.194.36.44" instead of digantbhavsar.blogspot.in/
ICANN maps the numbers (easier for computers to use) with words (easier for humans to use).If someone were to gain control of ICANN's database that person would control the Internet. For instance, proliferation of fake web addresses which could lead people to malicious sites, used to hack computers or steal credit card details..
The east and west coast ceremonies each have seven keyholders, with a further seven people around the world who could access a last-resort measure to reconstruct the system if something calamitous were to happen. Each of the 14 primary volunteers known as Trusted Community Representatives (TCRs). Each TCR is a respected member of the technical Domain Name System (DNS) community in their home country. They are also unaffiliated to ICANN, VeriSign or the US Department of Commerce, and have been assigned a separate key management role within the ceremony. The involvement of these independent participants provides transparency of process.
keyholders owns a traditional metal key to a safety deposit box, which in turn contains a smartcard, which in turn activates a machine that creates a new master key. The backup keyholders have something a bit different: smartcards that contain a fragment of code needed to build a replacement key-generating machine. The physical keys unlock safety deposit boxes stashed around the world. Inside those boxes are smart keycards. Put the seven smartcards together and you have the "master key." The master key is really some computer code, a password of sorts, that can access the ICANN database.
Once a year, these shadow holders send the organisation that runs the system – the Internet Corporation for Assigned Names and Numbers (Icann) – a photograph of themselves with that day's newspaper and their key, to verify that all is well. -- a successful key ceremony is only possible if the TCRs involved are satisfied that all steps were executed accurately and correctly. The ceremony and its associated systems and processes will also be subject to a SysTrust audit.
The security to be admitted to the ceremony is intense, Ball reports, and involves passing through a series of locked doors using key codes and hand scanners, until entering a room so secure that no electronic communications can escape it.
- The global deployment of Domain Name System Security Extensions (DNSSEC) will achieve an important milestone on June 16, 2010 as ICANN hosts the first production DNSSEC key ceremony in a high security data centre in Culpeper, VA, outside of Washington, DC.
- Secure data center in Culpeper, VA - location of first DNSSEC key signing ceremony
Here's a video of the very first key ceremony conducted in 2010. Skip to 1:58 to see the ceremony.
- A second key ceremony take place in a second secure facility in Los Angeles on July 15, 2010. By having two complete and independent facilities available, ICANN is able to ensure that key ceremonies can continue to occur in the event of an unexpected disaster in one location.
-
Here's Ball's detailed account of the ceremony that most recently occurred on July 15, 2010.
