Attributed to: Phil Rodrigues, Head of Security Solutions Architecture in Australia and New Zealand, Amazon Web Services
Encryption is a critical component of a defense-in-depth strategy for information security. Defense in depth is a security approach involving a series of defensive mechanisms that reinforce each other. If one security mechanism fails, there’s at least one more—and hopefully more than one—still operating to keep systems and data safe. As more organisations look to operate faster and at scale, they need ways to meet critical compliance requirements and improve data security. Encryption, when used correctly, can provide an additional layer of protection above basic access control.
How and why does encryption work?
Encryption works by using an algorithm with a key to convert data into unreadable data (ciphertext) that can only become readable again with application of the right key. For example, a simple phrase like “Hello World!” may look like “1c28df2b595b4e30b7b07500963dc7c” when encrypted. There are many different types of encryption algorithms, all using different types of keys. A strong encryption algorithm relies on mathematical properties to produce ciphertext that can’t be decrypted using any practically available amount of computing power without also having the necessary key. Therefore, protecting and managing the keys becomes a critical part of any encryption solution.
Encryption as part of your security strategy
An effective security strategy begins with stringent access control and continuous work to define the least privilege necessary for persons or systems accessing data. Organisations should manage their own access control policies, and also develop defense in depth to achieve the best possible data protection.
Encryption is a critical component of a defense-in-depth strategy because it can mitigate weaknesses in primary access control mechanisms, as well as other risks. If data is encrypted using a strong key, as long as the decryption key is not on the same system as your data, it is computationally infeasible for an attacker to decrypt your data. To show how infeasible it is, let’s consider the Advanced Encryption Standard (AES) with 256-bit keys (AES-256). This is the strongest mainstream industry-adopted and government-approved algorithm for encrypting data with symmetric keys. Symmetric key encryption simply means the same key us used to encrypt and to decrypt the data. AES-256 is the technology we use for symmetric encryption of data in AWS. It would take at least a trillion years to break using current best-of-breed computing technology. Current research suggests that even the future availability of quantum-based computing won’t materially reduce the time it would take to break AES-256 encryption.
But what if you mistakenly create overly permissive access policies on your data? A well-designed encryption and key management system can also prevent this from becoming an issue, because it separates access to the decryption key from access to your data.
Requirements for any encryption solution
To get the most from an encryption solution, organisations need to think about three things:
- Protecting keys at rest: Are the systems using encryption keys secured so the keys can never be used outside the system? Are those systems using modern cryptographic techniques to create strong ciphertexts that can’t be brute-force attacked?
- Independent key management: Is the authorisation to use the keys necessary for encryption and decryption independent from how access to the underlying data is controlled?
Protecting keys at rest
When you use third-party key management solutions, it can be difficult to gauge the risk of your plaintext keys leaking and being used outside the solution. The keys have to be stored somewhere, and you can’t always know or audit all the ways those storage systems are secured from unauthorised access. The combination of technical complexity and the necessity of making the encryption usable without degrading performance or availability means that choosing and operating a key management solution can present difficult tradeoffs. The best practice to maximise key security is using a hardware security module (HSM). This is a specialised computing device that has several security controls built into it to prevent encryption keys from leaving the device in a way that could allow an adversary to access and use those keys.
One such control in modern HSMs is tamper resistance, in which the device detects physical or logical attempts to access plaintext keys without authorisation, and destroys the keys before the attack succeeds. Organisations should look for cloud service providers who manage a fleet of HSMs on their behalf or who provide the ability for organisations to manage their own HSMs to ensure that they can import keys from on-premises systems to the cloud.
A very important modern technique for key management is called “envelope encryption.” That allows the keys that encrypt your data with another key encrypting key and stored only in encrypted fashion. It enables data encryption and decryption to happen on the computer where the plaintext customer data exists, rather than sending all the data to the HSM, while still providing many of the benefits of a centralised scheme. For very large data sets (e.g., a database), it is not practical to move gigabytes of data between the database and the HSM for every read/write operation. Instead, envelope encryption allows a unique data encryption key distributed to the memory of the database application when it is needed to read and write data securely. The key encrypting keys in the HSM are used to encrypt a copy of the data key so the database can store the encrypted data key alongside the data encrypted under that data key. Once the database uses the data key to encrypt the data, the plaintext copy of the data key can be deleted from its memory. The only way for the data decryption is if the encrypted data key, which is only a few hundred bytes in size, is sent back to the HSM, decrypted, and returned to the database to decrypt the actual data. The requirement to decrypt the data key in the central key management system using an HSM provides central auditing and control without requiring a massive load on the network.
Independent key management
Even when sensitive plaintext keys are protected in an HSM, they still need to be used to be of any use. Organisations are responsible for managing access controls to determine whom or what can cause which encryption keys to be used under which conditions. A best practice here is to have a mechanism for managing access to keys that is independent from the one used for managing access to data. This means that someone with permissions to access the encrypted data does not automatically have the ability to decrypt it, they must also have permissions to cause the keys in the HSM to be used. These permissions to use keys should be managed by a different set of administrators in your organisation who can verify that both sets of permissions are appropriate. Organisations should still employ automated mechanisms to verify that any changes to the permissions on keys are reviewed for accuracy. Configuring your key management system in this way helps provide separation of duties you need to avoid accidentally escalating privilege to unauthorised users to decrypt data.
Any cloud service provider (CSP) that handles an organisation’s plaintext data should offer functionality to encrypt data in motion and at rest. The CSP needs to protect plaintext keys in HSMs and provide the ability to manage permissions on keys independently from permissions on data. Organisations should look for providers who offer the audit tools to detect when changes to permissions on keys are made that might allow for escalation of privilege.
Simplifying Encryption Protocols
In addition to protecting and managing access to keys, the protocol and algorithms used during encryption must be as efficient as possible to minimise errors and maximise performance. When encrypting data in motion, the de facto protocol used is the Transport Layer Security (TLS) protocol. Many vendors of networking devices and CSPs have historically used the open source project OpenSSL, which contains a TLS implementation that has been used for decades. The OpenSSL code base is large, complex, and difficult to understand or audit. When OpenSSL has bugs, the global developer community is challenged to not only fix and test the changes, but also to ensure that the resulting fixes themselves do not introduce new flaws or affect performance.
AWS’s response to these challenges was to develop and release and open source s2n (“signal to noise”) in June 2015. We designed s2n to be much smaller and simpler, with many seldom-used features removed. Extensive static code analysis is run each time the library is built. Key elements of the code undergo formal verification upon each change using mathematical tools developed by the AWS Automated Reasoning Group. We released and licensed s2n under the Apache 2.0 license and you can find it, along with a complete build environment and extensive automated test suite, hosted it on GitHub. The test suite is extremely rich and complete; in fact, it has more than 10 times the lines of code compared to the s2n code it is designed to test!
s2n is used in AWS services on the API endpoints that terminate TLS connections. TLS uses asymmetric cryptography and keys that include digital certificates that prove ownership of those keys. This allows end users to trust that the endpoint they’re sending encrypted data to is under the control of the correct identity. Digital certificate management is yet another example of key management that demands strong protection of plaintext keys and independent permissions controls. Customers should look to CSPs that offer services to simplify the issuance and rotation of digital certificates to ensure they can be trusted by end users that need to rely on them.
At AWS, security is our top priority and we aim to make it as easy as possible for you to use encryption to protect your data. By building and supporting encryption tools that work both on and off the cloud, we help you secure your data and ensure compliance across your entire environment. We put security at the center of everything we do to make sure that you can protect your data using best-of-breed security technology in a cost-effective way.