In June 2010, Domain Name System Security Extensions (DNSSEC) for the Root Zone was implemented by adding public key cryptography to the Root Zone. Root Key Signing Key (KSK) Ceremonies are held four times a year by the Public Technical Identifiers to sign a set of Zone Signing Keys for the Root Zone. The term "ceremony" is used to describe a scripted operation.
The private portion of the cryptographic key material (Key Signing Key) used to "sign" the Zone Signing Keys is stored in Hardware Security Modules (HSM). The HSMs, AEPNetworks Keyper Pro 0405, have been validated to comply with (United States) Federal Information Processing Standard Publication 140-2 at Security Level 4. A requirement for that security level is that there is "a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access. Penetration of the cryptographic module enclosure from any direction has a very high probability of being detected, resulting in the immediate zeroization of all plaintext CSPs".
A ceremony was scheduled on 7 February to destroy the two HSMs which were taken out of service in 2015. Prior to the HSM destruction ceremony the seven Crypto Officers for the West Coast agreed to a proposal by one of the Crypto Officers to destroy one of the AEP Keyper Pro HSMs instead of the two HSMs.
The AEP Keyper Pro HSM contains a secure module with a tamper resistant casing. The outer chasis of the HSM unit has to be dismantled to gain access to the secure module.
During the HSM destruction process, it became apparent that the 12,000 lbs of crushing force of the physical hard disk destroyer was not enough to punch through the secure module. The physical state of one of the (hardware) chips was as follows:
According to the DNSSEC Practice Statement for the Root Zone KSK Operator, "the RZ KSK Operator destroys RZ KSK private keys in a manner that reasonably ensures that there are no residual remains of the keys that could lead to the reconstruction of the keys. The RZ KSK Operator utilizes the zeroization function of its hardware security modules and other appropriate means to ensure the complete destruction of RZ KSK private keys. Is it it reasonable to conclude the that the RZ KSK private keys have been completed destroyed given that the zeroization function of the AEP Keyper Plus was performed previously? Does the level of destruction provide the assurance that the RZ KSK private keys are in an unrecoverable state?