Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
A group of seven people from around the world literally hold the keys to online security. Despite the rumors, these security experts don’t have the power to switch off the Internet. But they do control the domain name system, or DNS. They are part of an international effort to achieve true global online security. If this ICANN project succeeds, Internet users can be assured of online security through DNS verification and Internet security VPNs
The Keyholders and ICANN
There are 7 keyholders that meet on each coast of the US, and 7 backup keyholders. They all come from different countries around the world. This is to ensure that no single country holds too many keys. The 14 main keyholders meet every quarter at opposite ends of the US. They have been congregating this way since 2010. Together, each set of 7 keys make up a master key that controls DNS security. The backup keyholders are in place to rebuild the key-generation system in case something goes wrong and it crashes.
The main keyholders meet regularly to validate each web and IP address in existence. They do this as part of the international endeavour to promote better security for DNS. By verifying that each registered website and IP address is legitimate, they are reducing the number of malicious websites that spread viruses and malware. This protects Internet users from a variety of hacks aimed at stealing sensitive information.
Each of the 7 keyholders has to go through a strict series of security protocols. They hold keys to safety deposit boxes that contain the smartcard that make up the master key. Every day, they send to ICANN photos of themselves holding their box keys and a copy of the day’s newspaper. This is to verify that everything is alright. When they meet, they go through steps similar to those put in place for the highest security procedures. At ICANN, the keyholders have to go through biometric scans, insert a smartcard, and enter a PIN to get to a small room. Here, the security procedure is repeated with more PINs, handscans and smartcards. And this is just to get a snack. In the meeting room, the 7 keyholders are accompanied by 15 other individuals to act as witnesses, a further safeguard.
The ICANN security procedures may seem over the top to many. But much of the security upgrades have come as a result of the heat that ICANN has been feeling lately. There has been a lot of talk about ICANN’s failure to preserve Internet security. But it is working on this new way of securing the Internet through masterkey DNS verification. The existence of a single masterkey that controls DNS raises the question of what happens if the key is lost or falls into the wrong hands. For now, the effects are limited. But once the integration of the DNS verification system is complete, the result could be complete loss of connectivity. ICANN aims to complete the system in five years at most.
If the masterkey is stolen and ICANN loses control, the entire Internet would have to be rebuilt. If it is copied and used to control DNS pointing, it would mean a complete loss of trust. ICANN says that this probably won’t happen, but the question remains in the minds of many online security experts. The scrutiny of the US departments of Commerce and Homeland Security is one aspect that is unwelcome. NSA spying has made many foreign partners wary. Some do not have faith in the current procedures for online security and want an entirely new security system. They want US involvement minimized, and prefer that the UN oversee the system. The fact that the US Department of Commerce put ICANN in charge of Internet security is already a major concern for these countries.
Internet Security VPNs
The keyholders and security experts in the know seem to believe in the ICANN system. They say that it would be very difficult to corrupt it. Under the scrutiny of many foreign partners, it is not likely that an intruder could succeed. But the NSA surveillance revelations have caused a great deal of mistrust between the US and ICANN foreign partners. If the DNS security system can survive the NSA scandal, however, it is generally believed that it will work. If so, the world will have a secure system of protection against malicious websites used to infiltrate user devices. Combined with personal Internet security VPNs, every Internet user can truly be secure.
Internet security VPNs have one weakness. This is that they are not made to protect user computers or other Internet enabled devices from accessing malicious websites. And firewalls and antivirus software does not update fast enough to protect users completely from infections. Internet security VPNs secure users through data encryption and traffic anonymization. But true online security rests on the elimination of malicious websites that attack user computers. If the ICANN system proves truly secure, Internet users can be guaranteed online safety with DNS verification and Internet security VPNs.
ICANN 101: Who Will Oversee the Internet?