AWS Moves to its Own Simplified Cryptography
Amazon Web Services Inc. (AWS), which is currently using Transport Layer Security (TLS encryption) to address security flaws, and has a bloated codebase, will move to its own implementation. It has just opened sourced.
TLS is a cryptographic protocol which has overtaken Secure Sockets Layers (SSL) as the most widely accepted method of protecting data across networks such the Internet.
TLS algorithmic problems and other issues have been made public recently, and require upgrades and fixes. AWS stated that this process is complicated by the unwieldy code base and optional extensions for the protocol. AWS stated that OpenSSL, the “defacto reference implementation”, has more than 500,000 lines, of which 70,000 are required for TLS processing.
AWS will use s2n, which stands for “signal-to-noise” to simplify matters.
Stephen Schmidt, an executive, stated that s2n was a library that was designed to be small and fast with simplicity as a priority in a blog post. “S2n avoids implementing seldom used options and extensions. Today, it has just over 6,000 lines of code. We have found it easier to review s2n. We have already completed three external security assessments and penetration tests on the system, which we will continue.
AWS services will be moved over to the new protocol but the process should be transparent for developers and users.
Schmidt stated that “s2n doesn’t intend to be a replacement for OpenSSL” and that it is still supported by the Linux Foundation’s Core Infrastructure Initiative. “OpenSSL has two main libraries: libssl which implements TLS and libcrypto which is a general-purpose encryption library. Think of s2n like an analogue to ‘libssl’, but not ‘libcrypto.