BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Amazon Introduces Encrypted Communication Service AWS Wickr

Amazon Introduces Encrypted Communication Service AWS Wickr

A year after the acquisition of the company Wickr, Amazon recently announced the preview of the collaboration suite AWS Wickr. Built on a proprietary encryption protocol, the new managed service provides enterprises and government agencies with security and administrative controls to meet security and compliance requirements.

Wikcr uses a multilayered AES-256 end-to-end encryption and key handling protocols to allow users securely sharing mission-critical information. Every call, message, and file in AWS Wickr is encrypted with a new random encryption key and messages. According to the cloud provider, encryption keys are accessible only within Wickr applications and not disclosed to Wickr servers.

Among the suggested use cases, the new service can help secure sensitive communications and enable out-of-band communications for disaster recovery and incident response, facilitate data governance and enable internal and external collaboration through federation. After the acquisition of the company that builds end-to-end encryption-based collaboration solutions for public sector and enterprise customers, Amazon integrated Wickr as an AWS service and developed new features including a new SDK and updated crypto protocols.

Even if AWS claims they cannot access the communications, the choice of a proprietary protocol raised some concerns in the community. Christophe Tafani-Dereeper, cloud security researcher & advocate at Datadog, comments:

"AWS Wickr encrypts every message, call, and file with a proprietary, 256-bit end-to-end encryption protocol" This awfully reads "we're rolling our own encryption".

Source: https://aws.amazon.com/wickr

EJ Campbell, VP of engineering at Yahoo Sports, tweets:

Is a proprietary protocol a good thing?

With the ability to function in low-bandwidth environments, Wickr shifted in the last years from being an application used by privacy advocates to becoming the encrypted chat platform for the U.S. military and government agencies. The new business model raised doubts in some users with @AL_Capone_MMA writing in a long thread on Twitter the different reasons not to use Wickr for private communications:

It would seem the majority of Wickr’s income comes from government contracts (...) The air-force spent millions on the encrypted app. Do these types of contracts make Wickr more likely to cooperate with authorities?

The cloud provider recently released the AWS Wickr ATAK plugin that allows users to monitor the location of other users and potential hazards. Designed for use in combat zones, the Android Team Awareness Kit provides mapping, messaging, and geofencing capabilities. In an article on the AWS Public Sector Blog, the cloud provider announced the availability to the U.S. Department of Defense of Wickr RAM, an end-to-end encrypted full suite collaboration application built for the warfighter. Scott Piper, cloud security consultant, comments:

Interesting. Seems like AWS's Wickr acquisition was for military use cases.

The preview of AWS Wickr requires registration and the service is available at no cost during the preview period.

About the Author

Rate this Article

Adoption
Style

BT