Location

Locations refer to physical points in space which are used for storing cryptographic material or performing actions related to the DRK lifecycle and adhere to a set of criteria which focus on achieving a high level of security - specifically with respect to:

  • Protecting access to devices which store cryptographic material

  • Mitigating the risk stemming from natural disaster and other black swan events such as civil unrest or war.

  • Reducing the risk of exposing cryptographic material, for example via side-channel attacks

There are three sub-types of Locations, one which is used for performing any actions related to the management of the cryptographic material life-cycle and is referred to as the Management Location, one for long term secure storage of cryptographic material such as Smart Cards which are used to decrypt Shards, referred to as a Storage Location, and a location for Ceremonies, known as the Ceremony Location.

The Storage Location has a shorter list of requirements while the Management and Ceremony locations have a number of additional requirements. The Management and Ceremony Location may be one and the same.

All Locations

  • MUST have physical access restrictions which require identification

  • MUST have the ability to require more than 1 person to gain access

    • This control can be both physical, for example in vaults which require 2 keys for access AND/OR process level, where the personnel of the facility may verify the identity of one or more individuals

  • SHOULD have anti-fire systems

  • SHOULD have anti-flood systems

Management & Ceremony Locations

  • MUST not have cameras installed

  • MUST not have windows with direct line of sight to monitors

  • MUST have all walls protected with EM shielding which adheres to the TEMPEST standard NATO SDIP-27 Level A

  • SHOULD be organizations which are ideally immune to being legally subpoenaed

  • SHOULD NOT be susceptible to being subpoenaed

Storage Location

  • MUST have anti-fire systems

  • MUST have anti-flood systems

  • MUST have 24/7 security monitoring

  • MUST be in different geographic locations

    • This ensures that natural disasters are not likely to impact multiple locations simultaneously

  • SHOULD be facilities owned by different organizations to reduce the risk of collusion unless the organization who owns the DRK has their own facility such as a SCIF (Secure Compartmentalized Information Facility)

  • SHOULD have seismic detectors