At re:Inforce we revealed two previously unannounced AWS network encryption features. One is embedded in our Nitro hardware security system, the other is for network links. But I want to take a second to zoom in just on multi-party key distribution ...https://twitter.com/colmmacc/status/1143572552180277248 …
-
-
Secondly, RSA, ECDSA, Ed25519, etc, aren't great with respect to Post-Quantum Security, which people are worrying about. There are fixes; they can supplemented with hybrid algorithms, and static pre-shared keys, but those need a way to share those keys.
Show this thread -
Thirdly, and most mundanely, sometimes you just need the same key on multiple hosts. That means we need a key distribution system! But key distribution systems make for very rich targets. That's not something to do lightly.
Show this thread -
The best answer here is to use a secure Key Management Service. We have https://aws.amazon.com/kms/ . KMS uses envelope encryption and support for bootstrapped mechanisms such as instance role accounts to get around all of this.
Show this thread -
With envelope encryption, there's a hierarchy of keys that encrypt other keys, ultimately protected by a hardware root of trust, which mean that KMS can distribute keys without ever having plaintext access to the keys themselves. Very cool. O.k. but ...
Show this thread -
VPC Encryption and our Lever Link Encryption project sit at the very bottom of the AWS networking stacks. And KMS runs on top of this! We'd have a circular dependency if we "just" used KMS, so how do we achieve the same security properties?
Show this thread -
We distribute multiple "pre-secrets". One is distributed in a dedicated key distribution system. The other is distributed using existing configuration distribution systems. These "pre-secrets" are then mixed, using the HKDF key derivation function to make the actual key.
Show this thread -
This is incredibly simple; but it has the effect that if the pre-secrets in the key distribution systems become known somehow, that's not fatal to the system security, it doesn't disclose the actual keys we use.
Show this thread -
This technique works trivially for symmetric keys, but can also be used with a deterministic key generation algorithm to generate the same asymmetric keys on multiple hosts, without central knowledge.
Show this thread -
Boring, simple, patterns are re-assuring in cryptography and I really love this one, because for very little cost, it gives a very meaningful security property. It really surprises me that it isn't more common pattern.
Show this thread -
O.k. when I wrote "only export the private key" I *cough* meant "only export the PUBLIC key"! /end-of-thread
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.