Monday, 24 November 2014
Advanced search

British entrepreneur holds internet security key

A British entrepreneur has been given a key to help restore the internet’s latest international security system.

Paul Kane, chief executive officer of web server firm Community DNS, has been included in back-up plans designed to protect the new DNSSEC system – which verifies secure websites – in case of an emergency.

The restart system is more reminiscent of something from a science-fiction film than the average contingency plan.

Seven experts from around the world, including Kane, have been given encrypted keys, each of which looks like a credit card and holds a piece of code.

If the DNSSEC main servers are damaged or destroyed, then five of the keyholders will have to travel to a secure location in the US to unlock the master key needed to reboot the security system.

However, Kane told The Engineer that it was very unlikely he would ever be needed to help restore the system and stressed that he did not have a key to restart the whole internet.

‘It is most unlikely that I, as a recovery-key shareholder, would be called upon to do anything,’ he said.

‘But mechanisms have been put in place for different sorts of scenarios that could occur so procedures are there to remedy the situation and restore the security and the chain of trust that is vital for this thing to work.’

DNSSEC is a new way of stopping cyber criminals from stealing internet users’ personal details by creating false websites that copy those of banks or shops.

‘DNSSEC gives the community the ability to verify that they’re talking to a genuine party,’ said Kane.

‘And in doing so you frustrate the bad guys’ – the pirate sites’ – ability to defraud the end user where the user has the technology to do this simple verification.’

The verification codes change every three or six months in order to prevent hackers from breaking into the system.

If an incident, such as a fire or terrorist attack, damaged both the DNSSEC parent servers (which are located at two different sites), the system would need to be restarted for the codes to keep changing.

However, this wouldn’t stop the internet or the DNSSEC security protocols from otherwise working normally. ‘You cannot turn off the internet,’ said Kane.

‘What this is really demonstrating is that the process and procedures for securing DNSSEC have been well thought through and are a multi-layered approach.’


Readers' comments (1)

  • This is really just a piece of "security theatre" that is not particularly relevant to how DNSSEC will be operated in practice. It's taken rather longer than most experts would have liked to have got around to signing the root (with 1024-bit RSA keys, which are too short), but it least it's done now.

    Unsuitable or offensive? Report this comment

Have your say

Mandatory
Mandatory
Mandatory
Mandatory

My saved stories (Empty)

You have no saved stories

Save this article