TalksAWS re:Invent 2025 - Fortifying encryption in transit: speed, security and AWS Nitro Power (NET313)

AWS re:Invent 2025 - Fortifying encryption in transit: speed, security and AWS Nitro Power (NET313)

Fortifying Encryption in Transit: Speed, Security, and AWS Nitro Power

Encryption Fundamentals

  • Encryption is the process of scrambling data to protect it from unauthorized access
  • Encryption has evolved from simple substitution ciphers to advanced standards like AES and post-quantum cryptography
  • Encryption involves a sender encrypting data with a key, transmitting the encrypted data, and the receiver decrypting it with a complementary key
  • Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses different keys

AWS Native Encryption

  • AWS encrypts all traffic between its data centers using AES-256 encryption
  • AWS Nitro Encryption provides transparent, hardware-accelerated encryption between modern EC2 instances within AWS facilities
  • This encryption is seamless and does not impact compute performance

VPC Encryption Controls

  • VPC Encryption Controls allow monitoring and enforcement of encryption across VPC resources
  • Monitor mode identifies resources not enforcing encryption, with options to exclude certain resources
  • Enforce mode ensures all existing and future resources enforce encryption in transit
  • Supports encryption enforcement across VPC peering and Transit Gateway connections

Encryption Layering

  • Encryption can be applied at different OSI model layers:
    • Physical/data link layer: MACSec, optical encryption
    • Network layer: IPsec, AWS VPN
    • Transport layer: TLS
    • Application layer: SSH, client-side encryption
  • Layering multiple encryption protocols provides comprehensive protection

Emerging Encryption Frontiers

  • Post-quantum cryptography protects against potential future quantum computing attacks
    • AWS supports post-quantum key exchange mechanisms in services like KMS, Secrets Manager
  • Quantum key distribution uses quantum physics to detect eavesdropping on key exchanges
    • AWS is researching quantum key distribution networks

Key Takeaways

  • AWS provides comprehensive native encryption across its network and services
  • VPC Encryption Controls enable monitoring and enforcement of encryption across VPC resources
  • Layering encryption at multiple OSI layers provides defense-in-depth
  • AWS is investing in emerging encryption technologies like post-quantum cryptography and quantum key distribution

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.