Administrator Guide

Table Of Contents
When AutoSED generates a backup set, this set consists of three shares with a threshold of two, which adds security and reliability
to a sensitive process.
To destroy a set of shares, you could erase every share. However, if you erase only two shares from a backup set, the remaining
share cannot recover the key and is useless.
Example: AutoSED Key Sharing
Consider an enclosure with 22 active drives and 2 spares:
1. When the array is rst set up, AutoSED generates shares for all the active drives, which are in Set A. Because spares are
excluded, Set A has 22 shares with a threshold of 11 (11-of-22). The array then generates and displays a backup, Set B, which is
2-of-3.
2. Remove a drive. Immediately, AutoSED destroys Set A, which means erasing the rest of Set A (the remaining 21 shares).
AutoSED generates a new Set C containing the 21 active drives and having a threshold of 11-of-21. If another drive is removed,
then AutoSED destroys Set C, and replaces it with Set D and a threshold of 10-of-20.
3. If both drives are removed by the same adversary, it now possesses one share from Set A and one share from Set C. However,
each of those shares is useless by itself and also cannot be combined with each other. The adversary must simultaneously
remove at least 11 drives to obtain enough shares from the same set.
Set B has remained usable. However, the same process applies:
1. Suppose one of the shares from Set B is compromised. Immediately, the administrator should destroy Set B, which means
erasing the rest of Set B (the remaining 2 shares).
2. Then, the administrator should generate a new backup set, resulting in Set E. If a share from Set E is compromised, destroy Set
E by erasing the remaining 2 shares, and generate Set F. The stolen share from Set B and the stolen share from Set E are
useless individually and also cannot be combined. Also, they cannot be combined with the shares stolen from Set A and Set C.
Further reading:
Shamir, Adi, How to Share a Secret, Communications of the ACM, 22(11):612-613, 1979
McGrew, David, Threshold Secret Sharing, Network Working Group Internet Draft (draft-mcgrew-tss-03)
Trusted Computing Group, Enterprise SSC v1.0 Specication
About Self-Encrypting Drives (SEDs) and AutoSED
317