Profile picture
Colm MacCárthaigh
@colmmacc
, 21 tweets, 4 min read Read on Twitter
Tuesday Tweet Thread: Today, AWS CISO @StephenSchmidt unveiled VPC Encryption and our "Lever" link encryption initiative. They work in-concert to make pervasive network encryption the default, and to deliver new protections against traffic analysis and post-quantum risks. 1/n
Let's start with VPC Encryption. We're encrypting all of the VPC traffic between supported instance types. This blurb with the details has been in our public documentation for a months now, but we held off saying much about it until now: docs.aws.amazon.com/AWSEC2/latest/…
We encrypt traffic between instances in the same VPC, or if their VPCs are peered in the same region. We encrypt the entire customer packet, nothing is visible. We also encrypt our own network virtualization header.
This provides powerful anonymity on the wire; there is no customer ID or VPC ID there in plaintext. This has the effect of making traffic correlation and traffic analysis attacks many many orders of magnitude harder.
The traffic is encrypted using AES-256. Many protocols, such as TLS, do not have strong post-quantum security in their handshakes. This new layer means that those handshakes are protected on the wire by AES, which is safe against post-quantum risks.
If you're worried about someone collecting data today, and decrypting it later when Quantum Computing is practical, this is nice defense in depth.
To avoid Post-Quantum problems itself, VPC Encryption uses symmetric keys that are shared between senders. They are frequently rotated and revoked to provide forward secrecy.
To avoid having any sensitive system that knows all of the keys; there are two independent, very different, key distribution mechanisms. Each distributes "pre-key material" which is then only combined in our Nitro security system to derive the real key.
The effect of that is that if one of the distribution systems were some how compromised, this would not disclose the actual encryption keys. Very nice pattern to have!
VPC Encryption compliments VPC Inter-Region Peering, which we've been similarly encrypting (with similar key derivation) from the day it launched.

Underneath, and in addition to, all of this is the Lever Link Encryption Project.
The Lever Link Encryption Project has been a truly massive endeavor to strongly encrypt, for now and all time, every network link that is in any way out of AWS physical control.
Physical control means inside a facility we own and operate; and sometimes it means secure ducting over short distances with cool lasers that can detect any interference.
If a link is outside our premises, or crossing an ocean, we encrypt it. For encryption, we use AES-256 again, with MACsec or Optical Layer encryption, with some more clever key agreement schemes that we had to invent! But don't worry, they are reassuringly boring.
Incidentally "Lever" is named for en.wikipedia.org/wiki/Mavis_Bat…
Lever encryption and VPC Encryption or Inter-Region Peering often happen at the same time, e.g. packets crossing between AZs or regions. That's two layers of no-configuration required pervasive cryptography.
h/t to my colleague and Lever lead David Sinn for all that info!
Now, none of this means that you should not use TLS or other encryption protocols in your own applications. Network Encryption is awesome, but does not provide anti-replay, or application-to-application authentication. These new protocols are designed to fill gaps.
Of course it's great too to have a built-in mechanism to protect legacy traffic that is not encrypted at all.
These are first features I've ever worked on where is no API, nothing for you to do. This is all under the hood. There is no change to your experience running on AWS. Customers never see the encrypted traffic, we do the encryption and decryption for you.
All of the encryption and decryption happens in hardware; and for VPC Encryption, it's custom silicon designed and built by Annapurna labs as part of our Nitro security system. That means we can all of this with no impact on performance. We've been in production for months!
O.k. there you have it. VPC Encryption, Lever Link Encryption, Multi-Party key distribution, AES-256, no API or settings, just "on". AMA.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Colm MacCárthaigh
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @colmmacc see all

Profile picture
Colm MacCárthaigh
@colmmacc
At re:Inforce we revealed two previously unannounced AWS network encryption features. One is embedded in our Nitro hardware security system, the other is for network links. But I want to take a second to zoom in just on multi-party key distribution ...
The root of trust in any cryptographic or authentication system is usually based on one or two things: key distribution, and high-quality randomness. With Nitro we also have our own high-quality hardware secure random number generators. Key distribution is a harder problem.
If your system depends on asymmetric keys; RSA, ECDSA, Ed25519, etc. then best practice is to generate public-private keys on a secure system and then only export the private key. This is a good practice but it comes with some challenges.
Read 14 tweets
Profile picture
Colm MacCárthaigh
@colmmacc
@copyconstruct I work for a competitor and have my own biases, but reading this I feel a sad sense that hubris in Google's engineering culture has come to this and continues to blind. The proposed fixes read as dangerously wrong to me. 1/n
@copyconstruct "we will harden Google's cluster management software such that it rejects such requests regardless of origin, providing an additional layer of defense in depth and eliminating other similar classes of failure." ... this feels like more layering, more complexity. 2/n
@copyconstruct Why does automation even have access to multiple regions? Why add more logic, which could have its own bugs and problems, instead of enforcing more robust separation; compartmentalization with their own local fail-safes. 3/n
Read 5 tweets
Profile picture
Colm MacCárthaigh
@colmmacc
Tuesday Tweet thread time! Warning, because this one is *shameless* promotion and a very minor, but still crass, personal victory lap 🤣. I'm going to compare the work it took at my former startup jobs that would now take ... oh, seconds, with EC2.
At my last job, I built 6 multi-rack installations of servers. Most were SUN (RIP) boxes in Level3 (RIP) colos. Our biggest was in our own datacenter, which we converted from office space. Job before that I built out two room-sized installations.
Anyway, at my last job (Joost), we were streaming video using p2p (until we abandoned p2p). We needed to build our own "Long Tail Sites" CDN. We couldn't use commercial CDNs, because we used our own protocol. That was very dumb, but there you go.
Read 26 tweets

Related threads

Profile picture
Oloye Akin Alabi
@akinalabi
What Does A Mafia Boss Know About Marketing?

Lots. Read on to find out…

Do you remember in the movie “The Godfather” when Don Corleone says, “I’m gonna make him an offer he can’t refuse”?

Marketing #THREAD of life.
And it’s this simple concept that’s the backbone of any successful sales proposition you make. (However if I were you, I’d probably leave out the threats of violence in your sales piece.)
From now on, your job is to create such powerful offers that anyone reading it would say to themselves, “My goodness, I’d have to be a complete idiot not to take them up on this deal!”

And creating a powerful offer like this is easier than you think.
Read 23 tweets
Profile picture
AltFDA
@alt_fda
The state of America's drugs and what we have done to keep you safe #thread.

Over this weekend, this opinion piece dropped: nyti.ms/2Jihy9P

It is equal parts truth, industry knowledge,and a shill to sell the book.
All in all its a great piece and exposed a lot of truth and what really happens in foreign plants. This article also bought the CAR way off guard such is showing in their frantic tweet sessions today.
Now on to what we have done. We have had a discussion with Scott G. About the largest manufacturer of ibuprofen in the world, such also happens to be based in the US. The CoA data that has been compiled for years shows a blatant attempt st Dry Labbing.
Read 10 tweets
Profile picture
Leon Lidigu
@LeonLidigu
Dear parents , when you send your kids ABROAD to study , please check up on them and find out EXACTLY what they are doing , who they are relating with , demand to see transcripts , fee receipts e.t.c and be in constant contact with the institution / teachers . Here is why #Thread
Today , a mother to one of my Ugandan friends who studies around here called me . She was in so much pain , she cried on the phone for hours , she told me she hasn't eaten for days because she has not been in contact with her son.
Her son came here to do Political Science 3 years ago and is supposed to graduate this month . She almost fainted when I revealed to her that her son hasn't been seen anywhere near class for the last 2 years . He ONLY did 1st year of campus . She cried so bitterly , she wept .
Read 22 tweets
Profile picture
TheFliteCast
@TheFliteCast
THREAD: Today I had a case of "real world MCU bias" on my way to work and I thought I would share it here for the people who think it only happens on social media. I'm not telling this story out of anger, it's just to give people an idea of how this happens in the real world.
The Spider-Man Legacy Collection Steelbook(non-4K version) is on sale right now for $24.99 at Best Buy. I pounced on it. If you don't know what it is, it's all 5 of the pre-Homecoming movies in one set. Awesome and a steal at $35 off.

Usually I get rung up and that's that...
...but in this case, the young cashier that rung me up had a co-worker next to her who said "I didn't think anyone would ever buy that." I said I already had Homecoming so it made sense for me.

That's when the cashier tells him that she saw Aquaman and was "disappointed."
Read 21 tweets
Profile picture
GreatGameIndia
@GreatGameIndia
#THREAD
Today Pink Legacy diamond from platinum necklace donated by Maharaja of Mysore to Tirumala Tirupati Temples known as 'Leonardo da Vinci of Diamonds' was auctioned by Christie's at Geneva despite our letter to PMO & temple mahant's warnings. But how did it reach there?
In its 251 years in business, Christie's sold only 4 such diamonds weighing more than 10 carats, this #TTD diamond was almost 20 carats and sold for a record $70 million to Harry Winston. But no one has bothered to ask still how did this diamond get there? abc.net.au/news/2018-11-1…
According to British auction house Christie's this Tirumala Tirupati temples diamond once belonged to the Oppenheimer diamond family. But how did this diamond reach there from #TTD? And what is this Oppenheimer family? We warned about this in detail to our PMO early this year.
Read 14 tweets
Profile picture
Yorick de Mombynes
@ydemombynes
Here are my favorite quotes from this amazing book. #THREAD
1. "Bitcoin can be best understood as distributed software that allows for transfer of value using a currency protected from unexpected inflation without relying on trusted third parties"
2. "While Bitcoin is a new invention of the digital age, the problems it purports to solve - namely, providing a form of money that is under the full command of its owner and likely to hold its value in the long run - are as old as human society itself"
Read 137 tweets

Trending hashtags

#TTD #CE #ResistAndWin #nanowrimo #Flow #AWSConfig #VPC #IO #TrumpRussia #MSDyn365FO #census #PAYtriots #wisdom #Oct18ReleaseNotes #TrumpIsUnfit #Nucléaire #Resist #TLDR #EIC2MNC #Buddha #Twitter #KinesisFirehose #RSO #MOONSIGHTING #phew
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!