Cathal Kelly Staff Reporter
It’s housed in two high-security facilities separated by the North American landmass. The one authenticated map of the Internet.
Were it to be lost – either through a catastrophic physical or cyber attack – it could be recreated by seven individuals spread around the globe.
One of them is Ottawa’s Norm Ritchie.
Ritchie was recently chosen to hold one of seven smartcards that can rebuild the “root key” that underpins this system – called DNSSEC (Domain Name System Security Extensions). In essence, these seven can rebuild the architecture that allows users to know for certain where they are and where they are going when navigating the Web.
“In the event of a major disaster – if both facilities were destroyed – there has to be someone who can regenerate the (root) keys. That’s where we come in,” says Ritchie.
Ritchie, a DNS expert who works for the non-profit Internet Systems Consortium, received his smartcard two months ago at a ceremony at one of the secure sites, in Culpeper, Va.
The other is located in El Segundo, Calif. Both are overseen by the Web’s U.S.-based chief watchdog, ICANN (Internet Corporation for Assigned Names and Numbers).
Only a few dozen people on Earth are allowed access to the inner rooms or “harbour security module.” Ritchie and the other six cardholders – called “trusted community representatives” – are among them.
Inside, each facility contains one of two identical DNSSEC brains.
DNS provides the map that allows us to traverse the Internet – type in a domain name and DNS does the number crunching that sends you where you want to go.
“If DNS were to stop working, it would render the Internet effectively non-responsive,” said Byron Holland, CEO of CIRA (Canadian Internet Registration Authority).
DNS is vulnerable to so-called “man in the middle” attacks – wherein thieves, terrorists or other malfeasants interject themselves between you and, say, your bank’s website. Current Estimates indicate that up to 8 per cent of all Web traffic goes to fraudulent sites.
DNSSec will eliminate that possibility by assuring that no one can slip between the user and his/her website. The security protocol has only just begun rolling out, and will likely take years before it envelops the Web.
“(DNSSEC) is a cloak that drapes over DNS – the backbone of the Internet,” said Holland. “If both facilities were to disappear overnight, that’s not to say the Internet would turn off. You’d still type in Chapters.ca and get to Chapters. What would go away if those facilities were, say, blown up, is the ability to authenticate (your destination).”
The buildings are nondescript, “hardened” facilities. The walls are reinforced concrete. Armed guards line the halls leading into the centre. Each of the locked doors into the central vault must be opened by a separate keyholder.
At Ritchie’s ceremony, he estimates, 25 people were on hand: a dozen or so cryptology officers who man the pair of sites, the seven cardholders and a series of other witnesses there to monitor the handover.
Ritchie offers up that his smartcard – which resembles a silver credit card with a chip embedded at one end – is now in a safe.
At home?
“I don’t think I should say. But it is in a safe,” Ritchie said.
He has showed it around some to friends. He keeps it inside a tamper-proof evidence bag.
In the event of catastrophe, five of the seven cardholders – who also hail from the U.K., the U.S., China, Burkina Faso, Trinidad & Tobago and the Czech Republic – would be required to submit their keys in person and begin reconstruction of the system.
So how do they come and get you? Black helicopter? Air Force One?
“Well, the design of the system is pretty smart,” said Ritchie. “If something were to happen, there’d be time to round people up. There’s unlikely to be the sort of emergency where everything’s wiped out at one moment.”
And if there was such an emergency?
“Then we probably have bigger things to worry about than the Internet.”
No comments:
Post a Comment