ICANN, Swiss Registry, Others Improve Security For Internet Users

A collaboration between ICANN, the Swiss domain name registry SWITCH, Packet Clearing House, Infocomm Development Authority of Singapore (IDA) and the National University of Singapore (NUS) joined together last week at the ICANN meeting in Singapore to inaugurate the first of three hardened facilities to bring about extra security for global internet users.The new facility will provide secure digital signatures for the country-code top level domains of dozens of countries. The first three new facilities are located in Singapore; Zurich (still under construction) and San Jose, California. The facilities provide cryptographic security using the recently deployed Domain Name System Security (DNSSEC) protocol.”One of ICANN’s core missions is to enhance the security and stability of the Internet’s Domain Name System. This new DNSSEC facility in Singapore helps us do just that,” said Rod Beckstrom, President and Chief Executive Officer of ICANN.”The bottom line is that this centre and the two others like it will give billions of internet users the confidence to know that they have ended up at the web site they intended to reach, reducing the risk that they have been misdirected to a different site by cyber criminals.”The implementation of a more secure internet will bring about more than just giving internet users more trust. It will see, for example, web browsers and email gain an additional level of security. On trust, it will mean much more confidence for internet users when they interact online.”Businesspeople, governments, and regular Internet users have been demanding secure domain names for more than ten years, and I’m really happy to have finally built a system that delivers that, and delivers it globally, to any country that wants it, at no cost,” said Packet Clearing House’s research director, Bill Woodcock. “DNSSEC was an obvious next step for our global anycast DNS service network, since we already provide service to more than eighty countries.”The Swiss registry, like the other three locations, was selected because Switzerland is viewed as a stable and secure country. Additionally, Switzerland Singapore benefited from their history of neutrality.Simon Leinen, network engineer at SWITCH is delighted that PCH has selected Zurich as a server location. “The decision in favour of Zurich is based on the excellent, longstanding cooperation between PCH and SWITCH. PCH has been running a number of the name servers responsible for .ch and .li throughout the world.”The locations are spread out geographically in case of a disaster. A diverse selection of countries was chosen in case of one country not necessarily trusting one of those chosen.Mr Leong Keng Thai, Deputy Chief-Executive and Director-General of Telecoms & Post, IDA, said, “We are honoured that PCH, with the support of ICANN, has decided to host the Asia node of the DNSSEC platform here in Singapore. The facility will assist other countries to secure their DNS, and its location here further affirms Singapore as a secure and trusted hub.”Since its standardisation by the Internet Engineering Task Force (IETF), the DNSSEC protocol has been adopted by many top-level domains (TLDs) to form a secure chain of trust within the domain name system.So far this year, several major TLDs, including the German ccTLD .DE, as well as .COM and .NET have already secured their own domains by generating cryptographic keys, which are used in the DNSSEC system to electronically “sign” the domains, authenticating them to the internet users who access the web sites, email, and other internet resources the signed domains contain.Although people browsing the internet often take it for granted that the sites they visit are created and operated by their purported owners, it is possible for criminals with knowledge of the internet’s addressing system to create counterfeit websites that look like the real thing but capture users’ private information. DNSSEC guards against this cyber threat.PCH’s DNSSEC facilities will allow many additional countries to immediately gain the benefits of DNSSEC protection for their country code TLDs without needing to build and maintain their own million-dollar security facilities. During an elaborate “key-signing” ceremony on the opening day of the ICANN meeting (Monday 20 June), cryptographic master keys were created for Tanzania, Uganda, Afghanistan, and ten other countries that have already chosen to use the system.For more information see a New York Times article that interviews, in part, internet security researcher Dan Kaminsky at www.nytimes.com/2011/06/25/science/25trust.html.An ICANN news release of the announcement is available at www.icann.org/en/news/releases/release-22jun11-en.pdf.