The organization that keeps the internet running behind-the-scenes was forced to delay an important update to the global network because it was locked out of one of its own safes.
During routine administrative maintenance of our Key Management Facility on 11 February, we identified an equipment malfunction, explained Kim Davies, the head of the Internet Assigned Numbers Authority (IANA), in an email to the dozen or so people expected to attend a quarterly ceremony in southern California at lunchtime on Wednesday.
The malfunction will prevent us from successfully conducting the ceremony as originally scheduled" on February 12, Davis explained. The issue disables access to one of the secure safes that contains material for the ceremony. In other words, IANA locked itself out.
The ceremony sees several trusted internet engineers (a minimum of three and up to seven) from across the world descend on one of two secure locations one in El Segundo, California, just south of Los Angeles, and the other in Culpeper, Virginia both in America, every three months.
Once in place, they run through a lengthy series of steps and checks to cryptographically sign the digital key pairs used to secure the internets root zone. (Here's Cloudflare's in-depth explanation, and IANA's PDF step-by-step guide.)
At the heart of the matter, simply put, is the Key Signing Key (KSK): this is a public-private key pair, with the private portion kept locked away by IANA. This is because the KSK is used, every three months, to sign a set of Zone Signing Keys, which are used to secure official copies of the internet's root zone file. That file acts as a kind of directory for other parts of the internet, and these parts in turn, provide information on more of the internet. It is, in a way, the blueprint for how the internet as we know it is glued together: how domain names resolve to computers on the global network, so that when you visit, say, theregister.co.uk, you eventually reach one of our servers at network address 184.108.40.206.
Critical root DNS servers are spread out around the planet, each armed with a copy of the latest signed root zone file, and used, in a distributed, cascading manner, by other DNS servers to look up domain names for the internet's users. These servers can check the root zone file underpinning all of this is secured by a ZSK recently signed by the central IANA KSK, and thus can be treated and trusted as gospel. The KSK is thus the domain-name system's trust anchor. Everything relies on it to ensure the 'net's central directory is laid out the way it should be, according to IANA, anyway.
This is all necessary because it should be immediately obvious whether or not a root zone file is an unsigned forgery, or an authentic and clean copy secured by IANA's KSK. Otherwise, a well-resourced malicious organization could potentially fool networks into using a sabotaged root zone file that redirects vast quantities of traffic, i.e. billions of internet users, to different parts of the internet. Even worse, if someone were to get hold of the KSK, they could sign their own zone file and have the internet blindly trust it. The result would be a global loss of trust in the 'net's functioning.
For that reason, IANA takes its Root Key Signing Key Ceremony extremely seriously, and has a complex and somewhat convoluted DNSSEC-based process that briefly unlocks the private portion of the KSK to sign the ZSKs every three months. Only during this ceremony is the KSK used, and put away again when it is over, leaving IANA with a set of ZSKs to authoritatively secure its root zone.
Only specific named people are allowed to take part in the ceremony, and they have to pass through several layers of security including doors that can only be opened through fingerprint and retinal scans before getting in the room where the ceremony takes place.
Staff open up two safes, each roughly one-metre across. One contains a hardware security module that contains the private portion of the KSK. The module is activated, allowing the KSK private key to sign keys, using smart cards assigned to the ceremony participants. These credentials are stored in deposit boxes and tamper-proof bags in the second safe. Each step is checked by everyone else, and the event is livestreamed. Once the ceremony is complete which takes a few hours all the pieces are separated, sealed, and put back in the safes inside the secure facility, and everyone leaves.
But during what was apparently a check on the system on Tuesday night the day before the ceremony planned for 1300 PST (2100 UTC) Wednesday IANA staff discovered that they couldnt open one of the two safes. One of the locking mechanisms wouldnt retract and so the safe stayed stubbornly shut.
As soon as they discovered the problem, everyone involved, including those who had flown in for the occasion, were told that the ceremony was being postponed. Thanks to the complexity of the problem a jammed safe with critical and sensitive equipment inside they were told it wasnt going to be possible to hold the ceremony on the back-up date of Thursday, either.
We understand, however, that following an emergency meeting on Wednesday, the issue should be fixed by Friday, and the ceremony has now been moved to Saturday. In the meantime, some lucky locksmith in Los Angeles is going to have to drill out the safes locking mechanism and put in a new one.
Fortunately, apart from the inconvenience, there is no impact on the internet itself, particularly in this short term. The current arrangement will simply continue to do its job for three additional days. And IANA has been keen to point out that it has an identical set of equipment on the other coast of the US that can also be used if necessary.
We apologize for the inconvenience for the attendees who had already traveled to participate in the ceremony. This is the first time a ceremony has needed to be rescheduled in the 10-year history of KSK management, the email announcing the delay noted.
There is a certain irony, of course, that the security of the virtual internet has been held hostage by an old-school physical safe.
Sponsored: Detecting cyber attacks as a small to medium business
- GLOBAL INTERNET SECURITY FIREWALL MARKET LATEST DEVELOPMENTS, SHARES, AND STRATEGIES EMPLOYED BY THE MAJOR PLAYERS - The Fuel Fox - March 30th, 2020
- Meet the Museum Security Guard Whos Now an Internet Sensation - The Wall Street Journal - March 30th, 2020
- Coronavirus Proves We Need the Internet Now More than Ever Before - The National Interest - March 30th, 2020
- The story behind that little padlock in your browser - Horizon magazine - March 30th, 2020
- Finder helps secure the Internet in a time of crisis - CMO - March 30th, 2020
- Cowboy Museum security guard takes over the internet - KAMR - MyHighPlains.com - March 30th, 2020
- New Security Report from WatchGuard Shows Explosion in Evasive Malware - socPub - March 30th, 2020
- One senator wants vendors to ensure their internet connectivity devices are secure - fifthdomain.com - March 30th, 2020
- How a VPN works - The Upcoming - March 30th, 2020
- Cryptocurrency Wallets: Everything You Ever Wanted To Know - hackernoon.com - March 30th, 2020
- Sentrybay and Raqmiyat on delivering secure work from home solutions - Tahawul Tech - March 30th, 2020
- Dot-com price rises on their way over the next four years: ICANN approves Verisign contract, walks off with $20m - The Register - March 30th, 2020
- Global Internet Security Market Overview By Threats, Major Opportunities, Drivers, Risk Analysis and Trends - Sound On Sound Fest - March 30th, 2020
- These are the companies offering free software during the coronavirus crisis - IT PRO - March 30th, 2020
- The real insider threat is the use of security software - TechRadar - March 23rd, 2020
- EFF and COVID-19: Protecting Openness, Security, and Civil Liberties - EFF - March 23rd, 2020
- Preparing for November's election must be a national priority | TheHill - The Hill - March 23rd, 2020
- COVID-19 decoy doc, Cloudflare tools used to spread Blackwater malware - SC Magazine - March 23rd, 2020
- Technology saves the day as Kenyan firms send staff to work from home - The East African - March 23rd, 2020
- In Industrial Realm, Trustworthy Software Ensures - IoT World Today - March 23rd, 2020
- Security Software in Telecom Market is Growing Rapidly Due to Increasing Internet Penetration - Press Release - Digital Journal - March 23rd, 2020
- How safe is your brand in the hands of a remote workforce? - Bizcommunity.com - March 23rd, 2020
- Do Netflix And YouTube Really Need To Slash Video Quality To Save The Internet? - Forbes - March 23rd, 2020
- How Organizations Can Retain Talent Amidst the Infosec Skills Gap - tripwire.com - March 23rd, 2020
- Hackers are preying on fears of Covid-19, says cyber security experts - Hindustan Times - March 23rd, 2020
- These Jaw-Dropping Facts Will Change Your Mind About the Internet of Things - The Motley Fool - March 23rd, 2020
- Security Think Tank: Amid panic, how to find a sound level of security - ComputerWeekly.com - March 23rd, 2020
- As universities shut their doors, international students are left in limbo - The Verge - March 23rd, 2020
- Keeping content safe in the IP era | Industry Trends - IBC365 - March 23rd, 2020
- Students concerned with lack of internet access, job security in light of online transition - University of Virginia The Cavalier Daily - March 23rd, 2020
- How Safe is Your Brand in the Hands of a Remote Workforce? - Techfinancials.co.za - March 23rd, 2020
- US Bureau of Census : PRESS RELEASE | MARCH 20, 2020 Statement on 2020 Census Internet Response Security Precautions To protect the integrity of the... - March 23rd, 2020
- Fake coronavirus news is spreading faster than the virus - The Star Online - March 23rd, 2020
- Facebook didnt have to be this way - BusinessLine - March 23rd, 2020
- How Are Digital Natives Shaping the Future of Data Privacy? - Infosecurity Magazine - March 23rd, 2020
- Zero Trust Internet is the Answer - Infosecurity Magazine - March 23rd, 2020
- German government prepares for internet censorship and deployment of the armed forces - World Socialist Web Site - March 23rd, 2020
- Internet of Things (IoT) Security Technology Market Is Expected To Thrive At Impressive Cagr By 2027 Key Players:... - March 23rd, 2020
- Norton Secure VPN - The cocoon of cybersecurity - Blasting News United States - March 13th, 2020
- New rules proposed to boost security of home routers - The Straits Times - March 13th, 2020
- Leaders should act now to counter national security threat to US elections | TheHill - The Hill - March 13th, 2020
- Cybersecurity 2020: The Trends SMBs will Need to Prepare For - CISO MAG - March 13th, 2020
- Namecheap, EFF and the Dangerous Internet Wild West - CircleID - March 13th, 2020
- EARN IT Act threatens end-to-end encryption - Naked Security - March 13th, 2020
- Apples WWDC 2020 is on in a purely digital way - Pickr - March 13th, 2020
- The EARN IT Bill Is the Government's Plan to Scan Every Message Online - EFF - March 13th, 2020
- The pitfalls of being an influencer: What parents should know and do - We Live Security - March 13th, 2020
- 25 tips for navigating the internet today - Alton Telegraph - March 13th, 2020
- Interos Raises $17.5M from Venrock and Kleiner Perkins to Grow Third-Party Risk Management Platform - GlobeNewswire - March 13th, 2020
- Why Are Internet Security Standards Badly Deployed and What to Do About It? - CircleID - March 12th, 2020
- The Internet of Things is a security nightmare reveals latest real-world analysis: unencrypted traffic, network crossover, vulnerable OSes - The... - March 12th, 2020
- How The Internet Of Things Can Transform Workplace Safety | Baird Capital | Security News - SecurityInformed - March 12th, 2020
- The Internet Avoided a Minor Disaster Last Week - WIRED - March 12th, 2020
- Applying the 80/20 rule to cloud security - Help Net Security - March 12th, 2020
- Internet Security Audit Market Report 2020: Acute Analysis of Global Demand and Supply 2025 with Major Key Player: Symantec, Intel Security, IBM,... - March 12th, 2020
- The Hidden Dangers of China's Digital Silk Road - The National Interest - March 12th, 2020
- Students Showed Trend Micro a World Without the Internet - Business Wire - March 12th, 2020
- Android anti-virus products put to the test which are the best at stopping new malicious apps? - Graham Cluley Security News - March 12th, 2020
- Internet security Market 2020 | Applications, Challenges, Growth, Shares, Trends and Forecast To 2026 - Packaging News 24 - March 5th, 2020
- Eight ways to improve cyber-hygiene in the enterprise - Security Boulevard - March 5th, 2020
- The Top 8 Concerns for CISOs in 2020 - Security Boulevard - March 5th, 2020
- iboss Wins Customer Service Department of the Year - Computer Services Silver Award in the 2020 Stevie Awards for Sales and Customer Service - Yahoo... - March 5th, 2020
- 2020 Premium Ethical Hacking Certification Bundle Is Up For A Limited Time Discount Offer Avail Now - Wccftech - March 5th, 2020
- These are the first passwords hackers will try when attacking your device - ZDNet - March 5th, 2020
- US threatens to pull big techs immunities if child abuse isnt curbed - TechCrunch - March 5th, 2020
- Why SSL Encryption Will not Become a Victim of its Own Success - Infosecurity Magazine - March 5th, 2020
- Let's Encrypt: OK, maybe nuking three million HTTPS certs at once was a tad ambitious. Let's take time out - The Register - March 5th, 2020
- Modernizing Threat Management for the Evolving Attack Surfaces of OT, IoT and IoMT - Security Intelligence - March 5th, 2020
- Global Internet Security Audit Market Analysis, Key Insights, and Forecast 2025 By Application, Type, End User and Region - Feed Road - March 5th, 2020
- It has been 15 years, and we're still reporting homograph attacks web domains that stealthily use non-Latin characters to appear legit - The Register - March 5th, 2020
- WhatsApp Provides Information to Intelligence Services - What is the Safest Messenger? - Communal News - March 5th, 2020
- Dear passwords: Forget you. Here's what is going to protect us instead - USA TODAY - March 3rd, 2020
- Do these three things to protect your web security camera from hackers - ZDNet - March 3rd, 2020
- Internet security Market 2020 Analysis by Overview, Growth, Top Companies, Trends, Demand and Forecast to 2026 - Packaging News 24 - March 3rd, 2020
- Navigant Research Report Shows Global Annual Revenue for Home Automation and Security Is Expected to Reach $72 Billion in 2028 - Oklahoman.com - March 3rd, 2020
- NetAbstraction Announces Support for Private and Secure Access to the Dark Web - Yahoo Finance - March 3rd, 2020
- Chinese security firm says CIA hacked Chinese targets for the past 11 years - ZDNet - March 3rd, 2020
- What will be the Internet Security Market Profit Margin, Consumption, Cagr and Revenue in the Forecast Period 2020-2029 - Sound On Sound Fest - March 3rd, 2020
- Global Internet Security Software Market 2020 Growth Factors, Technological Innovation and Emerging Trends 2025 - Monroe Scoop - March 3rd, 2020
- A billion Wi-Fi devices suffer from a newly discovered security flaw - MIT Technology Review - March 3rd, 2020