It sounds like something out of a Dan Brown book, but it isn’t: The whole internet is protected by seven highly protected keys, in the hands of 14 people.
And in a few days, they are going to hold a historic ritual known as the Root Key Signing Ceremony.
On Friday morning, the world got a good reminder as to how important the organisation that these people belong to is.
A good chunk of the internet went down for a while when hackers managed to throw so much traffic at a company called Dyn, that Dyn’s servers couldn’t take it, and Dyn went down for a while.
Dyn is a major provider of something called the Domain Name System (DNS), a system that translates web addresses, like “businessinsider.com” (easier for humans to remember) into the numerical IP addresses that computers use to identify web pages.
Dyn is just one DNS provider. And while hackers never gained control of its network, the success of hackers to bring it offline for even just a few hours via this so-called “denial of service” attack, shows just how much the internet relies on DNS. This attack briefly brought down sites like Business Insider, Amazon, Twitter, Github, Spotify, and many others.
Upshot: if you control all of DNS, you can control all of the internet.
If someone were to gain control of ICANN’s database, that person would pretty much control the internet. For instance, the person could send people to fake bank websites instead of real bank websites.
DNS at its highest levels is secured by handful of people around the world, known Crypto Officers.
Every three months since 2010 some, but typically not all, of these people gather to conduct a highly secure ritual known as a key ceremony, where the keys to the internet’s metaphorical master lock are verified and updated.
The people conducting the ceremony are part of an organisation called the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN is responsible for assigning numerical internet addresses to websites and computers
To protect DNS, ICANN came up with a way of securing it without entrusting too much control to any one person. It selected seven people as key holders and gave each one an actual key to internet. It selected seven more people to be backup key holders: 14 people in all. The ceremony requires at least three of them, and their keys, attend each time. Three keys are needed to unlock the actual equipment that protects DNS.
A highly scripted ritual
The physical keys unlock safe deposit boxes. Inside those boxes are smart key cards. It takes multiple keys to gain access to the device that generates the internet’s master key. That master key is really some computer code known as a root key-signing key. It is a password of sorts that can access the master ICANN database. This key generates more keys that trickle down to protect various bits and pieces of the internet, in various geographies and used by different internet security organisations.
The security surrounding the ceremonies, before and after, is intense and involves passing through a series of locked doors using key codes and hand scanners, until entering a room so secure that no electronic communications can escape it. Inside the room the Crypto Officers assemble along with other ICANN officials, and, typically, some guests and observers.
The whole event is heavily scripted, meticulously recorded, and audited. The exact steps of the ceremony are mapped out in advance and distributed to the participants, so if any strange deviation occurs, the whole room will know.
The group conducts the ceremony, as scripted, then each person files out of the room one by one. They have been known to go to a local restaurant and celebrate after that.
But as secure as all of this is, the internet is an open piece of technology, not owned by anyone single entity. Originally invented in the US, the US just relinquished its decades of stewardship of DNS earlier this month. ICANN is officially fully in charge.
Keenly aware of its international role and the worldwide trust placed on it, ICANN lets anyone monitor this ceremony, viewing it live streamed over the internet. It also publishes the scripts for each ceremony.
Next week, on October 27, ICANN will hold another ceremony, and this one will be historic, too. For the first time ever, they will changing out the master key itself. Technically speaking, they will be changing the “key pair” upon which all DNS security is build, known as the Root Zone Signing Key.
“If you had this key, and were able to, for example, generate your own version of the root zone, you would be in the position to redirect a tremendous amount of traffic,” Matt Larson, vice president of research at ICANN, recently told Motherboard’s Josphex Cox.
Here’s an in-depth description of the ceremony by CloudFlare’s Ólafur Guðmundsson.
Here’s a video of the very first key ceremony conducted in 2010. Skip to 1:58 to see the ceremony.