But how do you protect the shared secrets? Do you see my point? I wish there was some sort of industry best practice tool or book for modelling your threats and suggesting an architecture.
I gave you the overarching theory and one specific method in my comment to which you replied. PS The shared secrets I mentioned were not in that context symmetric keys but split keys.
A tool will never solve a security problem by creating an optimal design. That requires someone with security knowledge. There are threat modeling tools that can help but only when the tools are used as designed.
A tool will never solve a security problem by creating an optimal design. That requires someone with security knowledge. There are threat modeling tools that can help but only when the tools are used as designed.