Amazon Web Services has relesed an open source encryption tool called ’Signal to Noise’ (s2n) that improves on the popular TLS protocol, formerly known as SSL.
Stephen Schmidt, Chief Information Security Officer at AWS, said that over the past 18 months TLS has proved itself as unreliable and overly complex.
s2n was designed to be simple: it contains arouind 6,000 lines of code, as opposed to 70,000 lines needed to process TLS.
“Over the coming months, we will begin integrating s2n into several AWS services. TLS is a standardized protocol and s2n already implements the functionality that we use, so this won’t require any changes in your own applications and everything will remain interoperable,” Schmidt wrote in a blog post.
Small is beautiful
AWS uses encryption as part of services like Amazon S3, Cloud Front and Elastic Load Balancing. The company has long championed the causes of privacy and security, and voiced strong opposition to the mass surveliance programs run by the US intelligence agencies. Encryption is an integral part of these efforts.
s2n was designed to be small, fast and simple. It was written with a focus on reviewability, to avoid situations where critical flaws in the code base would remain undiscovered for years - like with the notorious Heartbleed and FREAK vulnerabilities.
s2n serves as an analogue of the ’libsssl’ librry in OpenSSL, but avoids implementing rarely used options and extensions. Best of all, it is available under the terms of the Apache Software License 2.0, which means interested parties can integrate s2n encryption in their own products.
”We’ve found that it is easier to review s2n; we have already completed three external security evaluations and penetration tests on s2n, a practice we will be continuing,” wrote Schmidt.
The GitHub page of the project states that at least two penetration tests were carried out by commercial vendors, suggesting AWS is serious about supporting s2n for years to come.