Seven security experts have been entrusted with the key to reboot the internet in case of a global catastrophe.
The security experts have been given a key that can help them rebuild the DNSSEC (Domain Name System Security Extensions) system of trust for the internet if a catastrophe takes it down. The experts would have to physically carry the root key to a secret data center in the U.S. in order to reboot the internet. They essentially carry the ability to recreate the internet’s Yellow Pages database of web addresses.
The experts include Paul Kane, head of CommunityDNS; Norm Ritchie of Canada, Jiankang Yao from China; Moussa Guebre of Burkina Faso; Bevil Wooding from Trinidad and Tobago; Ondrej Sury of the Czech Republic; and Dan Kaminsky, chief scientist at Recursion Ventures in the US. They have been dubbed the “Seven Horsemen of the Web Apocalypse” or the “Fellowship of the Ring.”
Kaminsky became famous in 2008 for pointing out a major security flaw in the Domain Name System, the protocol used to route traffic to the correct addresses across the internet. DNS had vulnerabilities that would allow hackers to hijack web traffic and redirect it to malware sites. The entire security industry got together to patch the flaw in DNS, before Kaminsky made the flaw public. But it was a temporary bandage, while DNSSEC was closer to the real solution.
DNSSEC is 15 years old but has had trouble getting adopted. ICANN, the internet’s governing body, threw its weight behind DNS earlier this year and now the world’s server operators are expected to migrate to the more secure protocol over time. In the meantime, if something catastrophic happens, these seven researchers hold the key. More trusted individuals will be given the key in the future.
“We’re in the midst of a security revolution that started 18 months ago,” said Kaminsky, speaking on a panel at the Black Hat security conference in Las Vegas. “The amount of resources necessary to get DNSSEC operational are enormous. It’s only going to get better.”
(See our roundup of all Black Hat and Defcon stories).
Rod Beckstrom, chief executive ICANN, said on the same panel that DNSSEC represents the kind of fundamental new technology that will help make the internet more trustworthy.
Within six months to a year, more corporations and governments will implement DNSSEC and thereby make the internet much more trustworthy.