β οΈ WORK IN PROGRESS: This repository is under active development. The architecture, configurations, and documentation are subject to change. Use with caution in production environments. See TODO list in this readme.
π¨ Did you know? While managed database services (RDS, CloudSQL, Aurora) offer encryption at rest, this only protects your data when it's stored on disk. Your data is still exposed in memory and decrypted at the database layer. This means your sensitive data could be vulnerable to memory dumps, compromised database users, or privileged access misuse. This is where Acra comes in: true end-to-end encryption for your sensitive data, ensuring it remains encrypted until it reaches your application. By running Acra inside AWS Nitro Enclaves (that is the point of this repo) and integrating with AWS KMS, we create an unprecedented security fortress. Your encryption keys are protected by hardware-level isolation, your data is encrypted at the application layer, and the entire process is attested and auditable. It's one of the most secure ways to protect sensitive data today.
The primary goal of this architecture is to prevent sensitive data leakage (PII, financial data, health records, etc.) while maintaining practical usability in production environments. While emerging technologies like Multi-Party Computation (MPC) and Fully Homomorphic Encryption (FHE) show promise, they aren't yet production-ready or scalable for most real-world applications. This architecture provides a pragmatic alternative that's:
- Production-Ready: Built on battle-tested technologies (AWS Nitro, Acra, KMS/HSM)
- Scalable: Capable of handling production workloads with minimal performance overhead
- Cost-Effective: Significantly lower computational overhead compared to FHE
- Immediately Deployable: No need to wait for emerging technologies to mature
- Hardware-Level Security: Acra's master key is protected by both AWS KMS and Nitro Enclave's hardware isolation
- Memory Encryption: All encryption operations occur in encrypted memory that's inaccessible to the host EC2 instance
- Zero Key Exposure: Cryptographic keys never leave the secure enclave boundary in plaintext form
- Ready Alternative: While MPC and FHE evolve toward production readiness, this solution offers immediate privacy protection
- Balanced Approach: Combines strong security guarantees with practical performance requirements
- Real-World Tested: Successfully deployed in regulated industries handling sensitive data
- Future-Proof: Architecture can integrate emerging technologies as they mature
- Minimal Trust Boundary: Even if the host EC2 instance is compromised, the attacker cannot access the encryption keys or the data processing operations
- Isolated Execution: The Acra Server operates in complete isolation from other processes and the host OS
- No Persistent Storage: Enclaves are stateless and leave no data trail on the host system
- Secure Search Operations: Enables searching encrypted data without decryption
- High Performance: Direct hardware access ensures minimal performance overhead for cryptographic operations (dedicated CPU and memory resources, No hypervisor overhead for cryptographic operations)
- Production-Grade: Proven in high-throughput, low-latency environments
- Attestation Proof: Provides cryptographic evidence of the exact code running in the enclave
- Audit Trail: All key operations are logged in AWS CloudTrail
- Compliance Ready: Helps meet GDPR, HIPAA, SOC2 type2, and other regulatory requirements for data protection
Isolated compute environments providing enhanced security beyond standard EC2 instances.
Key Benefits:
- π Hardware-level isolation from parent EC2 instance
- π‘οΈ Minimal attack surface with no persistent storage or interactive access
- π Encrypted memory with inaccessible encryption keys
- β Cryptographic attestation capabilities
Enclaver is a tool for streamlined application deployment in AWS Nitro Enclaves.
Features:
- π¦ Simplified application packaging and deployment
- π Fine-grained communication control
- π Reduced operational complexity
AWS KMS handles Acra's master key encryption for enhanced key management security.
Advantages:
- ποΈ Centralized key management system
- π Automatic key rotation capabilities
- π₯ Fine-grained access control
- π Comprehensive CloudTrail audit logging
As a POC, we will use this basic demo python + postgres app
- EC2 instance initiates Nitro Enclave via Enclaver
- Enclave boots and executes Acra server setup
- Authentication with KMS using EC2 instance's IAM role
- Secure master key decryption and passage to Acra server
- Acra server initialization with decrypted master key
- Client applications connect to Acra (that acts as a database proxy) for encrypted data operations
- KMS authorization via IAM roles
- Enclave attestation for identity verification
- Acra's built-in client authentication mechanisms
- β‘ Transparent encryption/decryption
- π Searchable encryption capabilities
β οΈ Poison record detection
- Hardened instance configuration
- Restricted IAM roles
- Minimal required permissions
- Configured security groups and ACLs
- AWS Account with EC2 and KMS access
- IAM roles and policies configuration
- Enclaver installation
- Acra server source / package / Dockerfile / Docker image
- A basic python + postgres app
Remote attestation is only meaningful when combined with reproducible builds. Here's why:
- Attestation Reality: Remote attestations verify the binary artifacts (EIF files) running in secure enclaves, not the source code
- Human Verification: While humans can review source code, they cannot directly review binaries
- Build Process Critical: The build process is the crucial link between source code and binaries
- Verification Chain: Without reproducible builds, it's impossible to independently verify which source code produced a given binary
Build process should ensures byte-for-byte identical artifacts across different builds, and Verifiable build outputs (EIF hash).
AWS Nitro Attestations provide signed messages containing:
- PCR0: Enclave Image File (EIF) hash
- PCR1: Linux kernel and initial RAM data hash
- PCR2: User applications hash
- PCR3: IAM role hash of parent EC2 instance
- Certificate chain validating the enclave's identity
Classic Infra/IT secruity best practices should be but in place for a comprehensive setup.
-
EC2 Instance Compromise
- Risk: While the enclave protects data and keys, a compromised EC2 host could:
- Interfere with enclave I/O communication
- Attempt resource-based denial of service
- Monitor communication patterns
- Mitigation:
- End-to-end encrypted communication channels
- EC2 host hardening (security groups, NACLs, IMDSv2)
- Host-based IDS/IPS
- Regular security patching
- AWS GuardDuty enabled
- Risk: While the enclave protects data and keys, a compromised EC2 host could:
-
KMS Key Exposure
- Risk: Compromise of keys used to encrypt Acra master key
- Mitigation:
- Strict IAM policies with least privilege
- Mandatory key rotation schedule
- CloudTrail logging and monitoring
- Multi-Region KMS for resilience
- AWS CloudWatch alerts on key usage
-
Side-Channel Attacks
- Risk: Memory timing attacks and resource usage analysis
- Mitigation:
- Regular security patches for known vulnerabilities
- Resource usage monitoring and anomaly detection
- Implementing constant-time operations where possible
- Physical hardware isolation (dedicated hosts)
-
Application-Level Vulnerabilities
- Risk: Security gaps in application integration
- Mitigation:
- Secure coding practices (OWASP guidelines)
- Regular penetration testing
- Automated security scanning
- Proper Acra configuration validation
- Input/output validation at enclave boundaries
-
Network-Level Attacks
- Risk: Network-based threats and MitM attempts
- Mitigation:
- VPC isolation
- TLS 1.3 enforcement
- Network flow logs
- AWS Network Firewall
- Regular network security assessments
TODO
Should be put in place:
- Regular security updates
- Continuous monitoring of:
- EC2 instance health
- Enclave operations
- KMS key usage
- Acra server logs
- Application metrics
Should be put in place:
- Follow the principle of least privilege for IAM roles
- Implement comprehensive logging and monitoring
- Regularly rotate encryption keys
- Maintain up-to-date security patches
- Conduct regular security audits
- Document all configuration changes
- Ensure Reproducible flow, and example of verifiable remote attestation.
- Copnsider enveloppe encryption?
- Implement MPC (or some sort of decentrilzed KMS) for acra's master key?
- High availability setup fo the acra server; multi regional etc.
- Move the postgres instance elsewhere (e.g, managed instance on AWS or GCP)
- Deploy all of the setup using IaC (Ansible or Terra)
- Ensure TLS everywhere
- Achitecture Diagram
- Feel free to open PRs and GH Issues.
Note: This implementation focuses on security through reproducible builds and verifiable remote attestation. For questions or concerns about the build process, please open an issue in the repository.