The organization that keeps the internet running behind-the-scenes was forced to delay an important update to the global network because it was locked out of one of its own safes.
During routine administrative maintenance of our Key Management Facility on 11 February, we identified an equipment malfunction, explained Kim Davies, the head of the Internet Assigned Numbers Authority (IANA), in an email to the dozen or so people expected to attend a quarterly ceremony in southern California at lunchtime on Wednesday.
The malfunction will prevent us from successfully conducting the ceremony as originally scheduled" on February 12, Davis explained. The issue disables access to one of the secure safes that contains material for the ceremony. In other words, IANA locked itself out.
The ceremony sees several trusted internet engineers (a minimum of three and up to seven) from across the world descend on one of two secure locations one in El Segundo, California, just south of Los Angeles, and the other in Culpeper, Virginia both in America, every three months.
Once in place, they run through a lengthy series of steps and checks to cryptographically sign the digital key pairs used to secure the internets root zone. (Here's Cloudflare's in-depth explanation, and IANA's PDF step-by-step guide.)
At the heart of the matter, simply put, is the Key Signing Key (KSK): this is a public-private key pair, with the private portion kept locked away by IANA. This is because the KSK is used, every three months, to sign a set of Zone Signing Keys, which are used to secure official copies of the internet's root zone file. That file acts as a kind of directory for other parts of the internet, and these parts in turn, provide information on more of the internet. It is, in a way, the blueprint for how the internet as we know it is glued together: how domain names resolve to computers on the global network, so that when you visit, say, theregister.co.uk, you eventually reach one of our servers at network address 126.96.36.199.
Critical root DNS servers are spread out around the planet, each armed with a copy of the latest signed root zone file, and used, in a distributed, cascading manner, by other DNS servers to look up domain names for the internet's users. These servers can check the root zone file underpinning all of this is secured by a ZSK recently signed by the central IANA KSK, and thus can be treated and trusted as gospel. The KSK is thus the domain-name system's trust anchor. Everything relies on it to ensure the 'net's central directory is laid out the way it should be, according to IANA, anyway.
This is all necessary because it should be immediately obvious whether or not a root zone file is an unsigned forgery, or an authentic and clean copy secured by IANA's KSK. Otherwise, a well-resourced malicious organization could potentially fool networks into using a sabotaged root zone file that redirects vast quantities of traffic, i.e. billions of internet users, to different parts of the internet. Even worse, if someone were to get hold of the KSK, they could sign their own zone file and have the internet blindly trust it. The result would be a global loss of trust in the 'net's functioning.
For that reason, IANA takes its Root Key Signing Key Ceremony extremely seriously, and has a complex and somewhat convoluted DNSSEC-based process that briefly unlocks the private portion of the KSK to sign the ZSKs every three months. Only during this ceremony is the KSK used, and put away again when it is over, leaving IANA with a set of ZSKs to authoritatively secure its root zone.
Only specific named people are allowed to take part in the ceremony, and they have to pass through several layers of security including doors that can only be opened through fingerprint and retinal scans before getting in the room where the ceremony takes place.
Staff open up two safes, each roughly one-metre across. One contains a hardware security module that contains the private portion of the KSK. The module is activated, allowing the KSK private key to sign keys, using smart cards assigned to the ceremony participants. These credentials are stored in deposit boxes and tamper-proof bags in the second safe. Each step is checked by everyone else, and the event is livestreamed. Once the ceremony is complete which takes a few hours all the pieces are separated, sealed, and put back in the safes inside the secure facility, and everyone leaves.
But during what was apparently a check on the system on Tuesday night the day before the ceremony planned for 1300 PST (2100 UTC) Wednesday IANA staff discovered that they couldnt open one of the two safes. One of the locking mechanisms wouldnt retract and so the safe stayed stubbornly shut.
As soon as they discovered the problem, everyone involved, including those who had flown in for the occasion, were told that the ceremony was being postponed. Thanks to the complexity of the problem a jammed safe with critical and sensitive equipment inside they were told it wasnt going to be possible to hold the ceremony on the back-up date of Thursday, either.
We understand, however, that following an emergency meeting on Wednesday, the issue should be fixed by Friday, and the ceremony has now been moved to Saturday. In the meantime, some lucky locksmith in Los Angeles is going to have to drill out the safes locking mechanism and put in a new one.
Fortunately, apart from the inconvenience, there is no impact on the internet itself, particularly in this short term. The current arrangement will simply continue to do its job for three additional days. And IANA has been keen to point out that it has an identical set of equipment on the other coast of the US that can also be used if necessary.
We apologize for the inconvenience for the attendees who had already traveled to participate in the ceremony. This is the first time a ceremony has needed to be rescheduled in the 10-year history of KSK management, the email announcing the delay noted.
There is a certain irony, of course, that the security of the virtual internet has been held hostage by an old-school physical safe.
Sponsored: Detecting cyber attacks as a small to medium business
- Show me who bans TikTok and I'll show you your (future) allies | TheHill - The Hill - September 27th, 2020
- Lokibot keylogger infections are growing across the internet - Komando - September 27th, 2020
- Evasive Malware Threats on the Rise Despite Decline in Overall Attacks - Infosecurity Magazine - September 27th, 2020
- Internet of Things Security Market size, development, key opportunity, application and forecast to 2026 | Check Point Security Software Technologies,... - September 27th, 2020
- Fears mount over Russian and Chinese hackers targeting the 2020 U.S. presidential election - CNBC - September 27th, 2020
- Internet of Things (IoT) Security market to Witness Increase in Revenues by 2016-2028 - Crypto Daily - September 27th, 2020
- How to leave no trace on the internet when using a VPN? - Techiexpert.com - TechiExpert.com - September 27th, 2020
- 2020 Demand In Internet of Things (IoT) Security Market By Key Types, Regions, Countries, Top Companies Competition, Consumers, Import-Export Forecast... - September 27th, 2020
- How the Pandemic Pushed a Generation of Americans to Discover the Perks (and Risks) of Online Banking - NextAdvisor - September 27th, 2020
- IT Security-as-a-Service Market 2020 By Manufacturers, Regions, Type And Application, Forecast To 2025| Blue Coat, Cisco, IBM, Intel Security,... - September 27th, 2020
- APT groups actively target Linux-based workstations and servers - Backend News - September 27th, 2020
- Critical steps for securing cyberspace - Microsoft on the Issues - Microsoft - September 27th, 2020
- Proven ways to stay ahead of configuration drift - ITProPortal - September 27th, 2020
- Global Embedded Security For Internet Of Things Market 2020 Trends Analysis and (COVID-19) Effect Analysis | Key Players Market With COVID-19 Impact... - September 27th, 2020
- Internet of Things (IoT) Security Technology Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19... - September 27th, 2020
- REMOTE WORKING: PROGRESS AND PERILS - Forbes Africa - September 27th, 2020
- Avoid scam 'DMV' websites | Sedona.Biz - The Internet Voice of Sedona and The Verde Valley - Sedona.biz - September 27th, 2020
- Get In Depth Analysis Of How Covid-19 Is Impacting The Internet Security Software Market - The Daily Chronicle - September 12th, 2020
- Better late than never: Zoom boosts security with 2FA - Verdict - September 12th, 2020
- Show and Tell: The Gryphon Tower Mesh Wi-Fi Security Router - Grit Daily - September 12th, 2020
- Internet of Things (IoT) Security Market 2020 Trends, Market Share, Industry Size, Opportunities, Drivers, Outlook, Analysis And Forecast To 2028 -... - September 12th, 2020
- Ensuring cyber awareness in the healthcare sector - Help Net Security - September 12th, 2020
- Internet of Things (IoT) Security Market Size, Regional Outlook, Competitive Strategies and Forecast by 2026 - The Daily Chronicle - September 12th, 2020
- Internet of Things Security Market, Share, Growth, Trends And Forecast To 2027: Dataintelo - Scientect - September 12th, 2020
- Kaspersky: 37% of internet users in SEA think they won't be targeted by cybercriminals - SoyaCincau.com - September 12th, 2020
- TikTok and WeChat may raise security concerns, but Trump's knee-jerk reaction isn't the way to deal with them - NewsChannel 3-12 - KEYT - September 12th, 2020
- Helping companies prioritize their cybersecurity investments - MIT News - September 6th, 2020
- Rapid7 NICER - starting a conversation on internet security | Company Report - FinTech Magazine - The FinTech & InsurTech Platform - September 6th, 2020
- Kansans are getting letters saying they applied for unemployment. The problem? Some never did. - Pittsburg Morning Sun - September 6th, 2020
- Embedded Security For Internet Of Things Market 2025 Opportunities, Applications, Drivers, Limitations, Companies, Countries, & Forecast - Express... - September 6th, 2020
- Why should you use a VPN on your iPhone and Mac? - Cult of Mac - September 6th, 2020
- 'No longer safe in their classroom:' NHCS remote-learning session hacked, sexualized profanity used - Port City Daily - September 6th, 2020
- How Romania is Solving Technology and Poverty Disparities - Borgen Project - September 6th, 2020
- How government is delivering better election security - GCN.com - September 6th, 2020
- Internet of Things (IoT) Security Market Report: Regional Data Analysis By Production, Revenue, Price And Gross Margin - Kewaskum Statesman News... - September 6th, 2020
- What is the quantum internet? Everything you need to know about the weird future of quantum networks - ZDNet - September 6th, 2020
- How automation testing stays crucial to the future of Internet of Things (IoT) - Latest Digital Transformation Trends | Cloud News - Wire19 - September 6th, 2020
- One of the largest internet outages ever recorded occurred this weekend - TechRadar - September 6th, 2020
- A third of companies are exposing unsafe network services to the internet - BetaNews - September 6th, 2020
- Meet The New Anonymous100 Million BTS ARMY And K-Pop Stans, A Cyber Threat To Be Reckoned With - Forbes - September 6th, 2020
- Is Wall Street winning in China? - The Economist - September 6th, 2020
- 60 Seconds In Cybersecurity: Heres What Happens In Just One Malicious Internet Minute - Forbes - August 28th, 2020
- Research Report prospects the Internet Security Software Market - Owned - August 28th, 2020
- Cyber Security Market to Benefit from Increasing Application of AI and IoT Technologies - GlobeNewswire - August 28th, 2020
- Hackers are exploiting the 'Internet of Things' - ITProPortal - August 28th, 2020
- Distributed Denial of Service (DDoS) Protection Market Will Generate New Growth Opportunities in the next upcoming year - The Daily Chronicle - August 28th, 2020
- IT Security Market to Remain Competitive | Major Giants Continuously Expanding Market - The News Brok - August 28th, 2020
- Internet Of Things Iot Security Market : Global Industry Analysis And Opportunity Assessment 2026 Cisco Systems, Inc., Ibm Corporation, Intel... - August 28th, 2020
- Click Fraud Risk as Smartphone Is Discovered with Pre-Installed Malware - Infosecurity Magazine - August 28th, 2020
- The ability to hear, be heard and be understood is vital The importance of audio communication devices in security - IFSEC Global - August 28th, 2020
- Wrap your ears around Episode 451 of the Two Blokes Talking Tech podcast - Tech Guide - August 28th, 2020
- Taking stock of the Chinese factor in American elections - Arab News - August 28th, 2020
- How to choose and set up a business VPN - TechRadar - August 28th, 2020
- Internet Grows to 370.1 Million Domain Name Registrations at the End of the Second Quarter of 2020 - Social News XYZ - August 28th, 2020
- Internet of Things Security Market Analysis by Size, Share, Growth, Latest Innovation, Trends and Forecast 2019 2025 - Scientect - August 28th, 2020
- The TikTok Ban Should Worry Every Company - Harvard Business Review - August 28th, 2020
- TLS and VPN Flaws Offer Most Pen Tester Access - Infosecurity Magazine - August 28th, 2020
- The Center for Internet Security (CIS) Use Cases and Cost Justification - Security Boulevard - August 10th, 2020
- Peering into the Future of Sino-Russian Cyber Security Cooperation - War on the Rocks - August 10th, 2020
- Internet of Things Security Industry Market Sales, Price, Revenue, Gross Margin and Industry Share 2020-2025 - Express Journal - August 10th, 2020
- Insights on the Cyber Security Global Market to 2028 - Featuring Dell Technologies, Fireeye & Fortinet Among Others - GlobeNewswire - August 10th, 2020
- So What Does Trump Have Against TikTok? - The New York Times - August 10th, 2020
- Internet of Things (IoT) Security Market Size, Development, Key Opportunity, Application & Forecast to 2025 - Chelanpress - August 10th, 2020
- Someone just dumped 20GB of internal Intel data on the Internet - TechSpot - August 10th, 2020
- Malaysia Internet of Things (IoT) Security Market Size, Global Future Trend, Segmentation, Business Growth, Top Key Players, Opportunities and... - August 10th, 2020
- Global Internet of Things (IoT) Security Market 2020 Competitive Analysis Cisco Systems, Intel Corporation, IBM Corporation - Owned - August 10th, 2020
- Common Internet of Things security pitfalls Urgent Comms - Urgent Communications - July 29th, 2020
- US starts work on making virtually unhackable internet a reality; All you need to know about Quantum Internet - The Financial Express - July 29th, 2020
- Internet Of Everything (IoE) Market Growth Analysis By Manufacturers, Regions, Types and Application Forecast - Market Research Posts - July 29th, 2020
- What are you giving away on social media? | IT PRO - IT PRO - July 29th, 2020
- Explained: Why is spyware, stalkerware gaining traction during the pandemic? - The Indian Express - July 29th, 2020
- Are we seeing the beginnings of an Indian internet? - Deccan Herald - July 29th, 2020
- What the Tech? Check Your Internet Security When Working from Home - Alabama News Network - July 27th, 2020
- Security of the internet is improving, but there is work to be done - Security Magazine - July 27th, 2020
- Outlook on the Internet Security Software Market to 2025 by Application, End-user and Geography - CueReport - July 27th, 2020
- U.S. Government Says Its Building A Virtually Unhackable Quantum Internet - Forbes - July 27th, 2020
- Amid 'heightened tensions,' US government issues warning to critical infrastructure providers - Utility Dive - July 27th, 2020
- The global Internet of Things (IoT) security market size is expected to grow from USD 12.5 billion in 2020 to USD 36.6 billion by 2025, at a Compound... - July 27th, 2020
- WISeKey to Showcase its Cybersecurity Solutions for Artificial Intelligence Used in Drones and Robots at SIDO 2020 - GlobeNewswire - July 27th, 2020
- Various Politicians, Companies, And Activists Are Targeted By A Secretive Industry - See How India Has Become A Hire-for-hack Place For Other... - July 27th, 2020