How Meta Is Strengthening End-to-End Encrypted Backups
How Meta Is Strengthening End-to-End Encrypted Backups
Meta 如何加强端到端加密备份
By Evan Smoot, Guy Lewin, Antonio Martin, Kevin Koh 作者:Evan Smoot, Guy Lewin, Antonio Martin, Kevin Koh
The HSM-based Backup Key Vault Meta’s HSM-based Backup Key Vault provides the foundation for end-to-end encrypted backups for WhatsApp and Messenger. The system allows people to protect their backed-up message history with a recovery code, ensuring that the recovery code is stored in tamper-resistant hardware security modules (HSMs) and is inaccessible to Meta, cloud storage providers, or any third party. The vault is deployed as a geographically distributed fleet across multiple datacenters, providing resilience through majority-consensus replication. 基于 HSM 的备份密钥库(Backup Key Vault)为 WhatsApp 和 Messenger 的端到端加密备份提供了基础。该系统允许用户使用恢复代码来保护其备份的聊天记录,并确保这些恢复代码存储在防篡改的硬件安全模块(HSM)中,即使是 Meta、云存储提供商或任何第三方也无法访问。该密钥库以地理分布式集群的形式部署在多个数据中心,通过多数共识复制机制提供高可用性。
Late last year, we made it easier to end-to-end encrypt your backups using passkeys, and now we continue to strengthen the underlying infrastructure that protects password-based end-to-end encrypted backups with two updates: over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments. 去年年底,我们简化了使用通行密钥(passkeys)进行端到端加密备份的流程。现在,我们通过两项更新继续加强保护基于密码的端到端加密备份的底层基础设施:为 Messenger 提供无线(OTA)集群密钥分发,并承诺发布安全集群部署的证明。
Over-the-Air Fleet Key Distribution To verify the authenticity of the HSM fleet, clients validate the fleet’s public keys before establishing a session. In WhatsApp, these keys are hardcoded into the application. To support Messenger — where new HSM fleets need to be deployed without requiring an app update — we built a mechanism to distribute fleet public keys over the air as part of the HSM response. Fleet keys are delivered in a validation bundle that is signed by Cloudflare and counter-signed by Meta, providing independent cryptographic proof of their authenticity. Cloudflare also maintains an audit log of every validation bundle. The full validation protocol is described in our whitepaper, “Security of End-To-End Encrypted Backups.” 无线(OTA)集群密钥分发:为了验证 HSM 集群的真实性,客户端在建立会话前会先验证集群的公钥。在 WhatsApp 中,这些密钥被硬编码在应用程序中。为了支持 Messenger(因为需要部署新的 HSM 集群且不能要求用户更新应用),我们构建了一种机制,将集群公钥作为 HSM 响应的一部分进行无线分发。集群密钥通过一个验证包进行传输,该包由 Cloudflare 签名并由 Meta 附带签名,从而提供了其真实性的独立加密证明。Cloudflare 还会维护每个验证包的审计日志。完整的验证协议详见我们的白皮书《端到端加密备份的安全性》(Security of End-To-End Encrypted Backups)。
More Transparent Fleet Deployment Transparency in the deployment of our HSM fleet is essential to demonstrating that the system operates as designed and that Meta cannot access users’ encrypted backups. We will now publish evidence of the secure deployment of each new HSM fleet on this blog page, further cementing our leadership in the space of secure encrypted backups. New fleet deployments are infrequent — typically no more than every few years — and we are committed to demonstrating to our users that each new fleet is deployed securely, which any user can verify by following the steps in the Audit section of our whitepaper. 更透明的集群部署:HSM 集群部署的透明度对于证明系统按设计运行以及 Meta 无法访问用户加密备份至关重要。我们现在将在此博客页面上发布每个新 HSM 集群的安全部署证明,进一步巩固我们在安全加密备份领域的领先地位。新集群的部署并不频繁(通常几年才会有一次),我们致力于向用户证明每个新集群都是安全部署的,任何用户都可以按照我们白皮书中“审计”部分的步骤进行验证。
Read the Whitepaper For the complete technical specification of the HSM-based Backup Key Vault, read the full whitepaper, “Security of End-To-End Encrypted Backups.” 阅读白皮书:如需了解基于 HSM 的备份密钥库的完整技术规范,请阅读完整白皮书《端到端加密备份的安全性》。