ACM for Nitro Enclaves - It's a Big Deal

ACM for Nitro Enclaves - It's a Big Deal

The new AWS Nitro Enclaves allow EC2 instances to spin up an isolated child VM for cryptographic operations. This unlocks new security features, the first and maybe most important of which is ACM on EC2.

In this post we will explore why Nitro Enclaves are important. Specifically, we’ll discuss why Amazon Certificate Manager (ACM) on EC2 matters. This is part 1 in a two-part article. In the second part - ACM for Nitro Enclaves - How Secure Are They? - we will do a deep dive on the internal mechanisms that make Nitro Enclaves tick.

A brief introduction to HTTPS

HTTPS, or HTTP over SSL, encrypts web traffic in transit. This prevents eavesdropping on sensitive information and guarantees that your browser is talking to the right server. To understand ACM, we need a quick overview of the basics of HTTPS. Please note that the details of this process might vary for different versions of SSL, TLS and cypher suites.

SSL Handshake

When a browser connects to a server over HTTPS, it first requests the server’s public certificate (1). It then verifies if the certificate was signed by a trusted certificate authority (3). This validates that the server is allowed to use this domain name.

Next, the browser generates a new, random key, called the session key. It encrypts this session key with the public key stored in the server’s certificate. Then it sends the session key back to the server (4).

The server uses the private key it has locally (and privately, hence the name) stored to decrypt the session key (5). It is essential to understand that only this private key can decrypt the session key. If the private key would leak or be stolen, anyone would be able to decrypt traffic destined for this server, or they would be able to impersonate this server.

The server and client use the session key to encrypt all traffic from that moment on, and the communication between browser and server is secured.

For additional context, check out my YouTube session on SSL and Scaling.

Introducing ACM

From the introduction to HTTPS it should be clear that the private key is an extremely sensitive piece of data and should be protected at all costs. However, the web server needs access to the private key to decrypt traffic. Classically, this meant that any user or administrator with access to the server might also gain access to the private key and use it to nefarious ends.

This is where Amazon Certificate Manager comes in. ACM allows you to generate and store certificates in a highly secure Amazon environment. Specific trusted services, like Elastic Load Balancers and CloudFront, integrate with ACM and are allowed to retrieve the private keys stored in ACM. They then use these private keys to decrypt your traffic and forward the unencrypted traffic to your EC2 instances. The core feature of ACM is that it will never expose your private keys.

ACM Intro

With the traffic to EC2 decrypted, there is no reason to store private keys on the EC2 instances anymore. This reduces the impact of users gaining access to your servers, regardless whether they are malicious or not.

End-to-end encryption

The attentive reader will have noticed that this solution does not result in end-to-end encryption. The unencrypted traffic stays within Amazon’s boundaries, but strict industries like finance or healthcare will not appreciate their data being plainly transmitted - inside or outside of Amazon’s virtual walls.

This means that if end-to-end encryption is a requirement, we need to go back to the drawing board. Amazon offers CloudHSM, which can do SSL offloading for EC2 instances in a very secure way, but CloudHSM is very expensive. The cost for a single CloudHSM instance in Ireland is $1.47 per hour. In a highly available setup you need to, at $2.94 per hour, or over $2000,- per month. Strict security requirements obviously come at a cost.

Additionally, CloudHSM does not integrate with ACM, which often means you’re managing your certificates in more than one place.

The new Nitro Enclaves

The new Nitro Enclaves change this landscape significantly. You can now have end-to-end encryption without CloudHSM, while keeping your private keys secure.

With Nitro Enclaves, you separate part of your virtual machine’s hardware - for example 1 CPU and 512MB of its memory - to run as an independent virtual machine. This VM runs in full isolation. You can’t access its disk or network, you can’t login to it, you can do hardly anything with it. The only interaction you can have is over a vsock interface that is mounted on your parent instance.

In the second part of this article (ACM for Nitro Enclaves - How Secure Are They?) we will go into the inner workings of this process. The important details for now are that the Nitro Enclave can access the KMS service through a KMS proxy running on the parent host, and that the Nitro Enclave is cryptographically signed. This means that when the enclave connects to KMS, KMS can verify that the request is coming from a trusted enclave. Because the enclave is isolated, KMS can securely transfer data to the enclave, without any risk of that data being intercepted or retrieved.

The result for ACM on EC2

Let’s look at how the Nitro Enclaves enable end-to-end encryption. As discussed before, the essence of ACM is that it will never expose your private keys. Nitro Enclaves, on the other hand, run in full isolation but can securely communicate with KMS. ACM for Nitro Enclaves combines these properties by sending encrypted traffic to the parent EC2 instance, which requests its child Nitro Enclave to decrypt the traffic. The Nitro Enclave securely communicates with ACM to fetch the private key, and all requirements are met.

ACM, KMS, Enclave

Technological marvel

AWS are flexing their technological prowess here - big time. The ACM and KMS part is impressive, but mostly an elaboration on existing technologies. The Nitro Enclaves themselves, however, are taking virtualization to a whole new level. Taking a virtual machine and carving out CPU cores and memory to run another virtual machine in isolation, while the machine is running? Consider my mind blown.

This is the point where we see Amazon’s lead versus their competitors. While other public cloud providers are still building multi-AZ designs and getting their networking backbone in order, AWS has built a foundation that allows them to capitalize on completely new technologies and solutions.

I believe the Nitro architecture is still in its early days, and many more futuristic virtualization features await.

Caveats

No solution is perfect, and there are a few things you should know before rushing to implement Nitro Enclaves. First, there is instance sizing. Currently, the smallest supported instance for Nitro Enclaves is an m5a.xlarge with four vCPUs. You will likely split this into two vCPUs for the parent instance and two vCPUs for the enclave. Technically, you’re reserving an m5a.large's worth of CPU for your enclave. In Ireland, this will cost $0.096 per hour, or about $70,- per instance per month. This is significantly cheaper than CloudHSM, but it’s not free either.

Second, only Linux and NginX currently support ACM for Nitro Enclaves. This means that if you’re running Apache, Tomcat, IIS or another solution for your web servers, you will need to wait for future support.

Conclusion

The new Nitro Enclaves unlock new ways to securely process sensitive data. ACM is a first example, but I’m sure many other implementations will soon be released. This article has explored why being able to process private data on an EC2 instance is a big deal. If you want to learn more about the technical implementation, check out part 2 of this article.

I share posts like these and smaller news articles on Twitter, follow me there for regular updates! If you have questions or remarks, or would just like to get in touch, you can also find me on LinkedIn.

Luc van Donkersgoed
Luc van Donkersgoed