Phase 4 Sprint 4.1 - Cryptographic Architecture
Summary
Evidence blobs are now stored as encrypted envelopes, using per-record data keys wrapped by tenant-derived keys anchored in HSM root material.
Threat Model
- Assume datastore compromise; ciphertext confidentiality must remain intact without HSM root key access.
Attack Vectors Considered
- Offline ciphertext analysis from DB dump.
- Decryption under incorrect tenant context.
- Key reuse across tenants.
Mitigations Implemented
- Envelope format with explicit key metadata and tenant binding.
- Per-tenant KEK derivation from HSM root key.
- AES-GCM authenticated encryption for both payload and wrapped DEK.
- Decrypt path enforces tenant equality before unwrap/decrypt.
Residual Risk
- Root key management discipline is operationally critical.
Future Improvements
- Remote HSM attestation + key usage audit trail.
- Per-tenant dedicated root-key domains for high-sensitivity tenants.
Architecture Diagram
flowchart LR
APP[Evidence Engine]
HSM[HSM Root Key Provider]
DERIVE[HKDF Tenant KEK]
ENV[Envelope Crypto\nDEK + AES-GCM]
DB[(compliance_events.payload_json)]
APP --> HSM
HSM --> DERIVE
APP --> ENV
DERIVE --> ENV
ENV --> DB