The Internet has grown so rapidly over the past decade that it’s structural and security foundations have struggled to keep up.
But the Commerce Department’s National Telecommunications and Information Administration (NTIA) recently announced the completion of an initiative it says will enhance Internet security and stability by authenticating core operating components of the Web.
“The Internet plays an increasingly vital role in daily life, from helping businesses expand to improving education and health care,” says Lawrence Strickling, assistant secretary for Communications and Information and NTIA Administrator in a release.
“The growth of the Internet is due in part to the trust of its users – trust, for example, that when they type a website address, they will be directed to their intended website. Today’s action will help preserve that trust.”
The Domain Name System Security Extensions (DNSSEC) will add data origin authentication and data integrity to the Domain Name System (DNS) at the Internet’s authoritative root zone. The root zone is essentially the Internet’s address book.
The DNS is a hierarchical naming system for any data resource connected to the Internet. It links domain names that are recognizable to users, such as www.federalnewsradio.com to numerical identifiers associated with networking equipment. This lets systems locate and address these devices worldwide.
DNS was not designed with strong security mechanisms, and technological advances have made it easier to exploit certain vulnerabilities in the DNS protocol that put the integrity of DNS data at risk, Commerce states.
“The DNS has become a utility that people depend on when moving about on the Internet. It is a core part of the Internet infrastructure and trust in the DNS is necessary, albeit not sufficient, for trust in the Internet,” said Olaf Kolkman, director of NLnet Labs, the organization that developed DNSSE.
Kolkman said DNSSE will help seal vulnerabilities as well as guard against future cyber attacks. It is expected to provide the ability to validate the authenticity of DNS data and facilitate detection of information tampering anywhere in the system.
“The deployment of DNSSEC at the root zone is the linchpin to facilitating its deployment throughout the world and enabling the current domain-name system to evolve into a significant new trust infrastructure for the Internet,” says Patrick Gallagher, National Institute of Standards and Technology (NIST) director.
The initiative is a result of years of collaboration among NTIA, NIST, the Internet Corporation for Assigned Names and Numbers (ICANN) and VeriSign, an Internet infrastructure provider.