Internet : A Magic Box that is secured by 14 highly protected people

It’s been a few days since majority of the Internet went down that causes the website down time for majority of the website like Twitter, GitHub, Spotify.

The core reason behind this down time is just an age old DOS(Denial Of Service) attack problem, where internet DNS are flooded with thousands of millions of requests at a particular point of time. So many requests won’t be handled by Internet servers, which will cause the down time and affects the traffic.

Main corporate entity that has a major part of DNS system, a system which translate server addresses in a human readable form, is a Dyn, which was attacked by group of hackers. Dyn has a secure network whose access can not be gained by hackers in any way, preferred to bring it offline, for few hours. All of these domains or I would say, DNS, is managed by ICANN (Internet Corporation for Assigned Names and Numbers), an authority organisation.

GOT Tip : If you know how to control domains/DNS, then you would be the lord commander of whole Internet, you can actually redirect massive traffic.

So, ICANN has all the domain names which are registered in whole world, even it has DNS records for world’s busiest websites like Facebook, Google, Twitter. Now Imagine, if some one got an access to these DNS records, what one can do with it? Small glimpse of it, You open a bank website to make a wire transfer and ended up to giving all confidential information to fake website on same domain.

So now, ICANN is responsible for making DNS secure, in most possible way. So it would be stupid to be dependent on one physical or logical entity. That is why It has chosen 7 Key holders and gave them a actual key to the Magic box, The Internet. To play on more safer side, It has chosen 7 more people as a Backup. So 14 people, in total, are the key masters for whole Internet.

This handful of people, known as Crypto Officers, gather to attend a Highly ritual ceremony, called Root Key Signing Ceremony, in which keys of Internet’s master lock are verified by the Ceremony Administrator(CA) and gets updated. At least 3 keys are needed in this ceremony to get an access of actual equipment that controls DNS.

This ritual ceremony is highly scripted and the script is given to all the participants, so if any strange deviation occurs, the whole room will know. Apart from this crypto officers, this ceremony is recorded for online streaming, audited by internal and external auditors in presence of outside and inside witnesses. All participants are needed to tell and/or confirm identifiers composed of numbers and letters. When spelling identifiers, the phonetic alphabet given to them should be used.

Example of Identifiers used in Aug, 2016 Ceremony

The physical keys unlock safe deposit boxes. Inside those boxes are smart key cards. It takes multiple keys to gain access to the device that generates the internet’s master key. That master key is really some computer code known as a root key-signing key. It is a password of sorts that can access the master ICANN database. This key generates more keys that trickle down to protect various bits and pieces of the internet, in various geographies and used by different internet security organizations.

The security surrounding the ceremonies, before and after, is intense and involves passing through a series of locked doors using key codes and hand scanners, until entering a room so secure that no electronic communications can escape it. Inside the room the Crypto Officers assemble along with other ICANN officials, and, typically, some guests and observers.

Once the ritual ceremony finished, the whole bunch of participants leave room one by one, and it’s believed that they go out, probably local restaurant, to celebrate the existence of most secured Internet.

Considering the recent attacks on Internet, ICANN will change the key pair that creates the first link, the master key, in a long chain of cryptographic mechanism that lies beneath the DNS, the “address book” of the internet. It is known as Root Zone Signing key Ceremony.
Such ceremony is held every three months and is recorded from start to end.