Split-Key Disaster Recovery

Antimatter provides a convenient and reliable way to encrypt sensitive data with an externally held Root Encryption Key (REK). One benefit of this, is that it protects against a variety of data breach threats, as the encrypted data cannot be read without the REK. An important consequence of this architecture, however, is that the loss of the REK renders all copies of the encrypted data unreadable. Traditional backup mechanisms such as volume snapshots, database backups, etc, only serve to preserve older versions of the ciphertext, but Antimatter is deliberately designed with a Key Encryption Key (KEK) layer to ensure that despite older versions of a ciphertext existing, the KEKs for those older ciphertexts will get rotated to the latest Root Encryption Key. Thus, by design, backups do not offer a way to recover data if the REK is lost.

The likelihood of a Root Encryption Key being lost is quite low, as GCP and AWS make it quite hard to accidentally delete a key, but nevertheless, it is not impossible. Thus, Antimatter gives you a way to plan for this in the form of split-key Disaster Recovery headers. We have also designed this feature to allow for data recovery in even more drastic scenarios, such as if Antimatter infrastructure suffers a catastrophic and unrecoverable failure, or if Antimatter as a company ceases to exist. We believe our disaster recovery system is the most complete and secure out of any product we have surveyed on the market (and we would love your feedback if you have ideas on how it could be improved further).

The gist of this technique is that a private key is securely generated and split into several shards (using Shamir secret sharing). These shards are held by different people, so that if you ever need to recover encrypted files, you need a quorum of people (say 2 out of 3, or 3 out of 5) to come together, reconstruct the key, and then decrypt the file.

We have improved on the traditional Shamir secret sharing in three main ways:

1. The keys are generated and stored on one of the most secure smart cards available on the market (certified Common Criteria EAL6+). The benefits of this are discussed more below, but the principal benefit is that you know that keys or shards can never be duplicated. If you have physical possession of the card, you know the shard is secure.
2. All communication between key cards is encrypted with keys that never leave the cards, so the system is not vulnerable even if there are eavesdroppers or malware on the machines the cards are plugged into.
3. The system allows to you initiate a disaster recovery event for a limited number of uses (files) without revealing the secret key. This permits testing the DR system or using it for a small-scale recovery without compromising on the security of every other file encrypted with the DR key.

How DR works with Antimatter Capsules

When you encapsulate some data, a new Data Encryption Key (DEK) is generated, and used to encrypt that capsule. For normal operation, the DEK is encrypted using the active Key Encryption Key (KEK) and that encrypted DEK is stored in the capsule object. When you open a capsule, the Antimatter library contacts the Antimatter backend, giving it the encrypted DEK, and if policy allows it, the backend decrypts that DEK and sends back the plaintext DEK allowing the library to decrypt the file.

When disaster recovery is enabled, the DEK is additionally encrypted with the disaster recovery public key using a variant of ECIES and this additional encrypted version of the DEK is placed in the capsule next to the ciphertext that holds the DEK encrypted using the KEK. Under normal circumstances, this DR-DEK is never read or used, as the library and Antimatter servers do not have the DR private key so cannot decrypt it, but during a DR event, this is how the capsule is decrypted without requiring the REK or any KEKs.

Card security

The benefit of handling disaster recovery keys on a secure smart card, such as the Common Criteria EAL6+ certified card that Antimatter uses, is that you have a high assurance that your key can not be exfiltrated from a card. This high assurance comes from two mechanisms. Firstly, the cards only store part of the key, using Shamir Secret Sharing, which has information-theoretic security. This is the highest possible assurance of security possible, meaning it is guaranteed to not be vulnerable to any present or future attacks (including quantum attacks).

The second mechanism applies once a DR event has been opened. As the entire key is present on the coordinator card, it is no longer information-theoretic secure, but you have the firmware and physical security guarantees of the card that assure that it is incredibly difficult to extract this key (unless the event is of type Export), and even with physical access to the card, it is beyond the capabilities of almost all attackers. It is this set of assurances that the Common Criteria certification covers. These cards are of the same family as used for credit cards and military IDs.