 Our speaker is Punky Duero, he's with ICANN and he's going to be talking about the key management facility of the root zone DNS key signing key. I got that right. So let's welcome him and thank you. Thank you. Hold on. Let me just set this up. All right. Thank you. You guys survived Las Vegas. It's Sunday. Thanks for coffee and Red Bull. So let me clarify the purpose of this talk. I'm not going to talk about DNSSEC in detail, but rather because there are prior talks from Richard Lamb and they're the expert on the DNSSEC along with Tomofumi Okubo, who's part of Verisign. They've been a major player led by David Conrad, our CTO. But rather, I'm going to show you something unique, basically the key management facility. I'm going to provide a show and tell, which is some of you may have seen a key management facility, but it's typically behind closed doors, you know, because activities are not public and stuff like that. And I'm going to show you how we protect the crypto, the private key, the root zone DNSSEC key signing key. Again, Punky Duero, one of the cryptographic key managers for ICANN. And I help, you know, implement or perform the IANA functions. So just very quickly, I'm going to talk about ICANN because there's a couple of misconceptions on what ICANN does. Let me get this cable. You know, we assign IP addresses for people, domain names. That's actually true, but we do it on a top level, meaning we assign chunks of IP addresses to five internet registries in the world. These are ARIN for America, LACNIC, APNIC for Asia, and stuff like that. So when we assign it to these internet registries, they're the ones who assign it to your ISP providers and ISP providers to everyone of us. Users. Same thing with the domain names. We don't deal with defconn.org, but rather we work with our root zone management partners for the top level, the .com, .net, .gov, .edu, and .org. And there's actually .xxx nowadays. I mean, God knows what are those in there. So ICANN is a multi-stakeholder in three groups just very quickly, just one minute. So the community on the right left side, it's, you know, folks that are part of the internet community, engineers, operators that want to make, that helps us to make the internet work. And they develop process policies, procedures that's submitted to or reviewed and approved by the ICANN board. These are representatives from the ICANN community. And once they approve the policies and procedures, it gets given to ICANN organization, which is where I'm part of. We implement it via the IANA functions, and there's three IANA functions. Protocol parameters, these are the ports, the QoS, the Kerberos. These are, we maintain a database of these unique registries that help communicate, the computers communicate via network. I'm not the expert on that. There's Michelle Cotton, Naila Saras on our team. Numbers, resources, I mentioned earlier, and domain names. Under domain names, we also perform DNSSEC, domain name security extension, system security extension. And basically the whole idea of ICANN is to help make, there's only one internet for the entire world or else. Basically if you want to connect to facebook.com, you have to connect to Time Warner and google.com, you have to connect to maybe AT&T, so that's not going to work. So before I move forward with my presentation, let me show real quickly a short clip because I have to warn you, this is a little bit cheesy, but anyway, I'll present it. Where is my mouse? It's one of the seven. We hold some of the keys to the internet. Seven keys control the internet? They can't be possible. No, they don't control what's on it. It's just how to secure it. Seven security experts randomly selected by ICANN. The internet corporation for sign names. The ceremony, walk me through how it works. They pull out all the stops, pin codes, smart cards, biometric hand scans. That is not an easy room to get yourself into. Steps are divided up amongst a bunch of people to prevent anyone from compromising the process. Return to you. The keyhole does mean to generate a master key. So yeah, I mean, that is, thank you. It's a long clip, but I just compressed it. The interesting part, it's Hollywood. Thank you for making it. Key ceremony is interesting. That's basically, first of all, we don't control nor secure the internet traffic. And there's no such thing as a master key just to clarify. It will be nice. I mean, just like having a unicorn. Agenda. My agenda for today, I have three topics. KSK Rollover, just what's going on. Reminder, KMF, the key management facility. Again, show and tell. I'll take you guys on a tour. That's why try to go closer if you want to see the pictures later on. And then the key ceremony is what is it? How is it related? So DNSSEC, KSK, for folks who are not aware of DNSSEC, I mean, it's basically an added security layer to the DNS by incorporating the public key cryptography to the DNS hierarchy, making it a global PKI for domain names. And for this topic, we're only going to talk about key management facility for the key signing key, which is the very top cryptographic key for the root zone DNSSEC, KSK. And since 2010, we have a functional and operational KSK. This basically has been used. And back in October, we've created a new key. We generated a new key pair, RSA 2048. You know, just basically part of a hygiene, security hygiene, you know, you guys change passwords every so often. And it's been seven years since we, you know, we haven't updated the very top key of the root zone DNSSEC. And basically it's not, you know, it took some time because there's careful planning and testing with the community that helped us. And it's not easy to swap the keys. It's just like, you know, put it in that. We try to maintain the chain of trust. So we're using the trust at KSK 2010 to introduce the KSK 2017. And again, there are talks from Ed Lewis, from Richard Lamb that details about that guy right there with the white shirt. So simple dig that, you know, to the root, DNSSEC will show the public key representation of the KSK 2017. And then it has been published on the DNS since July 11. If, you know, there are two ways to update your system. If you're running a DNSSEC-validating DNS resolver, one is automated. Basically RFC 5011, go to ITF website, which pulls that DNS key automatically and starts the trusting process of 30 days. The other one is manual, which is you download the trust anchor through the website, data.iana.org, slash root anchors. So if you're an operator, would like to play around, or somebody would like to play around with DNS, want to implement DNSSEC, want to know how to configure the DNS recursive server, it's different. I mean, there's different software, power DNS, bind, unbound. I would recommend to read the manual. You guys know what to do. Time. So this is the timeline. The KSK rollover have started, you know, ever since from planning. So the next milestone is September 19, 2017, because, you know, how DNSSEC works, every quarter we introduce, that's the zone sign key that kind of like signs the records on the DNS zone. We're introducing it, that's why there's a packet increase on September 19. But the main thing is October 11. If your DNS recursive server that's supporting DNSSEC validating, if you don't have the DNS, the KSK 2017 trusted by that time, your internet's not going to work, because, you know, most of the top level domains are signed and it's going to fail, basically. So October 11, we're using the Knew KSK 2017. So ICANN, we offer test beds, go.ican.org. You know, Paul Hoffman have implemented that and other folks on our CTO team, led by David Conrad, for those who wanted to try. So I mentioned about KSK rollover. You guys may wonder, where is this KSK stored? I just mentioned the public key resides on the DNSSEC resolvers, recursive servers. And the private key is stored on an HSM. The guy earlier that did the talk on cypher punks highlighted the HSM. This HSM that we use is certified with FIPS 140-2 level 4, meaning that it's just a certification for a cryptographic module that stores the digital keys. And we have two on a facility, both having the KSK 2010 and 2017, until we stop using the KSK 2010. This HSM has a lot of sensors. You shake it, you apply incorrect power, it blows up the keys, not the HSM. So basically, I mean, it's just too sensitive. The idea is to detect tamper and to try to avoid compromise of you gaining access, you know, unapproved access to the key. Okay, he's flagging me 10 minutes. So to access the HSM, basically, we need smart cards to enable it, at least three of the seven smart cards. And these smart cards are assigned to crypto officers. I hope you guys know this guy. I mean, if you guys use the internet, you're better. I mean, this is Vint Cerf along with Bob Kahn. They help invented the internet. So these crypto officers are well diversified. There came from across the world, internet community representatives or members of the internet community that were called trusted community representatives. We implemented rigorous background checks, vetting process. And by the way, just to make sure you guys understand, internet community representatives doesn't mean that they're like Kanye West, Miley Cyrus, or Jennifer Lopez. Those are different celebrities of the internet that are not part of this. These are operators, engineers that help make the internet work. I mean, like probably some of you guys as well. So those smart cards are placed inside safe deposit box. They deposit box inside the safe. And in return, the keys to the deposit box are given to the TCRs to keep while they're still active. And then to open the safe, it requires a different individual, which is our ICANN staff. Same thing, we did a rigorous process, background checks, to make sure they're, say, who they are. And this HSM have a lot of sensors as well. You know, defense in depth that we try to implement. It has seismic sensors. Let's say somebody wants to drill on it. And also the triple bias door contacts to avoid tamper. So let's say, because of some contacts, when you open it, you can actually place a magnet to fool the system. But this one, it's like it has some balancing that... I don't know. And also it's certified GSA Class 5. I don't know what that means. But basically, I mean, it's what the federal government uses for keeping their top secret documents. It's the same. So that's the smart cards. You may wonder what about the equipment. The equipment is on another safe, which is what we call hardware safe. We put the HSM, which is we have two, on a facility. And it's opened by a different individual. I mean, unlike the other one, which is the credential safe controller, this is a hardware safe controller person, which is they don't share the combination. And it has... That safe has the same protection mechanism. Laptop, HSM, and other equipment. You see that circle right there, the kids that don't recognize nowadays. That's basically a CD where the operating system, this circle, the CD where the operating system and the key management software is used. And this laptop that we use is basically bare. It doesn't have wireless connectivity. It doesn't have a hardware, because we boot it through the CD. And the software is published on the IANA website. You guys can download it. Rick developed the first version of it and then you can criticize it, sorry. So I just described... It's basically air-gap, the laptop. There's no internet connection. Regardless of there's vulnerability on the older CentOS operating system, it doesn't matter. It doesn't connect to the internet. So I just described two safes. Obviously, it's stored on a safe room. Because in the safe room, there's two safe. And that safe room is a cage and I think what is my time? This room requires two-factor authentication. Different individuals with different roles. Normally, I would say we use iris scanner because it's awesome just like Mission Impossible. It's pretty cool. But since I'm talking to a lot of technical people, it's BS. It's bullshit. I mean, honestly, it's just for show. I mean, when we speak with media, it is pretty cool and stuff like that. We try several times. Because the issue, it's an old... We're actually trying to improve it in the process of upgrading it. The issue is the credential swipes in between. It times out, which is rejecting us. I guess it's too much security, which is good. But we use the alternate card reader instead. We use card and pin. Still a dual occupancy requirement and dual access. So two people with different roles. And yeah, that. So this room is enclosed inside a larger room, a larger cage. So again, defense in depth. That larger cage is covered in wall to make it beautiful. It has surveillance cameras, a lot of them. Backup connection, backup monitoring, same thing. Dual occupancy, two-man rule. Two people access the room. And we have a lot of sensors. Actually in the past, speaking about the sensors, we have passive infrared sensors. And the issue with that is... Man, it's bad. Because I mean, change of temperature or a fly flying by, we get calls at night at 2 a.m. It's just horrible. And then my ringtone actually is... It's... So yeah, and my ringtone is like this. So waking me up at 2 a.m. the morning, it's just horrible. So we decided to upgrade it. And we've adopted dual technology, microwave sensors, and passive infrared to kind of like compensate with sensor detect heat and stuff like that. It rejects it. Less false alarms. So whenever we perform maintenance or key ceremonies, which I'll talk about in a little bit, there's another role that we have to notify, whether courtesy notification or ask them to contact our monitoring station, which is separate from us, other than... Because we receive notification to staff and the monitor... We receive alarms, staff, and the monitoring station. So basically we ask this another role, which is access control manager to either disable the monitoring station or just a courtesy note. So to get into that room, there's a small room, which is what we call the mantrap. Same thing. I mean, mantrap, basically if one door is open, the other cannot be opened. Actually it's the same thing with the entire facility. So that's the key management facility. What about the key ceremony? It's not tea ceremony. Pardon my Asian accent. I try to say key, not tea. So that's me two decades ago looking at a lady cooking green stuff. I mean, it's not pot. It's Japanese green tea. So just like a key ceremony, it's a ritual. And we observe the process. So we kind of look at the tea and turn the cup and stuff like that. It's interesting, I think. Japanese tea ceremony. Same thing with the key ceremony. It's a ritual. And then we gather around. I mean, you can see this is the ceremony room. You see that cages in there. These are the TCRs and the staff in combination. And we use a script. So it's a step-by-step process as well. It typically three acts. The first act comprised of several steps to open the ceremony, extract the equipment. The second one is to use the HSM for signature. Again, DNSSEC doesn't encrypt. We sign the key and then the key sciences zones. So, and then the third act is basically we return all materials, you know, all the... After we've assembled it, we perform the key ceremony. We return the materials and we... In the end, we generated a signed key response. This is what we give Verisign, our root zone partner, so that they can publish it to the DNS in the next quarter. So this ceremony is highly audited. Every trace, we try to maintain chain of custody. You can actually trace each ceremony on the Ayana website from back in 2010, that you can see each temper evident bags that we used and how we opened it and stuff like that. It is lengthy, three hours. It takes three hours and then... Oh, shoot, what time is it? And so it's actually boring. People compare it with... It's just the blacklist redemption earlier just showed it pretty interesting, but it's not. Because it's three hours. It's like people compared it to watching a paint dry. And I think it's actually an insult to the paint, to be honest with you. So all in all, I don't know if you guys were counting, there are at least 12 people required to perform a key ceremony, a typical key ceremony, minimum of 12, plus the one that we need to notify to disable the notifications on the wandering side. Again, segregation of duties. This is to minimize collusion. So where is this key management facility? Anyone know? I mean, Raise of the Hands? No? Okay, it's in US, yes, that is correct. And it is not a secret. We have two locations, one in Virginia, the other one's in El Segundo. Every quarter, we alternate both facilities to perform it every key ceremony. And so, you know, that right there, I just clicked it. So what happens if... five minutes, okay. So what happens if both facilities aren't operable? Then this is where, you know, another set of TCRs comes along. Who doesn't know Dan Kamianski, basically? He's one of our TCRs, Recovery Key Shareholders. Unlike other crypto officers, you know, they gather around as well, along with critical materials, to help reconstruct the KSK, the new key, the private key, and, you know, be able to use it. So all in all, we have 21 TCRs. I'm trying to rush, pardon me. And then, they are experts in the DNS industry and highly critical. And actually we want that, because we want to be criticized. We show, I mean, we do what we say we do, and then they point out our mistakes and stuff like that. We accept it, we try to improve, we discuss with them, and how can we improve the process. And on top of that, we also hired external auditors to help us review our internal controls, security for availability and integrity. So you guys may wonder why such a high security, so public, right? Why am I doing this? I mean, why am I showing these pictures to you guys? It's because mostly it's behind closed doors. Again, this is not a paid service, unlike the CAs and other folks that perform this. And trust involves, trust, like most things on the Internet, adoption involves trust. And so we try to set a high standard because KSK is very top crypto on DNSSEC, and part of ICANN's mandate is to promote transparency and accountability. Make sure we do what we say we do. So can it survive a tank or a mission impossible attack by Tom Cruise? No, definitely not. Because, I mean, that's why we implemented defense in-depth to delay the attacker and us allowing us to detect the compromise. And we activate certain protocols to respond to it. This is also why we're doing the KSK Rollover, to check, you know, if we can handle it in the process. So, yeah, pictures. That's Richard Lam looking at the KeyMatch software. This is at the end of the key ceremony. And this one, he's holding a tamper-event bag, one of our TCRs, Olaf Colkman. I mean, this is one of them. We've used a different model in the past that we did replace because, I mean, the tamper village, right? I mean, did tamper it, so it was like, oh, shit, we got to change it already. Yeah, and then led by, yeah, those folks right there. So, yeah, so, I mean, with that, I thank you everyone's attention for, you know, for staying. I'm glad you guys are here. And please feel free to reach out, LinkedIn, my LinkedIn, iCANN's LinkedIn, my Twitter. I just created my Twitter. And those are the links that should be helpful. And by the way, I mean, if you guys are interested and then known in your community, I would suggest to apply because we're replacing, not replacing. I mean, we're looking for successors for the TCRs. You know, they've been in there, they're probably bored. I mean, sitting there for like three, four hours a day or every quarter. So, thank you very much.