Business Productivity

Understanding Security in the Amazon Chime Application and SDK

Workers and teachers around the world increasingly rely on Amazon Chime and other services that enable remote working and distance education. As their usage has increased, so has scrutiny of security practices. Customers want to be sure that the content of their meetings and classes is accessible only to those intended to have access. This blog provides an overview of the security of Amazon Chime, how your data is protected, and the features we provide you to help secure your meetings. After reading, you will have answers to questions like ‘What steps does Amazon Chime take to protect my meetings?,’ ‘What type of encryption is used, and where?’, ‘How can I prevent unwanted attendees in my Amazon Chime meetings?’, and ‘How can I make sure attendees aren’t able to disrupt my meetings?’

While this blog is primarily focused on the Amazon Chime application, the processes and architecture described in this document apply to the Amazon Chime Software Development Kit (SDK) as well. If you are a developer, and want to build audio calling, video calling, and screen sharing capabilities into your own application, you can use the Amazon Chime SDK. With the Amazon Chime SDK, you get the performance and security of Amazon Chime, but you can build your own controls for when and how attendees access the meetings you create.

Security Architecture

This section gives an overview of how we have designed Amazon Chime to meet the information security requirements of large enterprises and government agencies. Chime is designed and built to minimize the risk of inappropriate access to your data. The content of this section gets a bit technical, so if you are more interested in steps you can take to secure and manage your meetings, you can skip to the Managing your Amazon Chime Meetings section. The takeaway here is that modern industry-standard security is in place for all Amazon Chime meetings to help keep them secure, but if you want to maximize the level of protection, use downloadable clients, make sure no one has dialed in by phone, and lock your meeting after everyone joins.

Amazon Web Services Security and Compliance Practices
At the foundation of Amazon Chime security is Amazon Web Services (AWS) Security. AWS regions and networks are built and operated to meet the requirements of some of the world’s most security-sensitive organizations. AWS constantly undergoes third-party audits by a variety of public sector and private sector auditing organizations in order to maintain its status under multiple compliance offerings, such as the credit card industry’s PCI DSS Level 1, the U.S. Government’s FedRAMP program, C5 Certification in Germany, and IRAP assessment by the Australia Government. For more information, see the AWS Security and AWS Compliance websites. Amazon Chime is designed and operated according to the same AWS standards, has undergone the compliance process required to be a HIPAA-eligible service, and is currently in the process of being added to other relevant compliance programs.

As an AWS Service, Amazon Chime has controls in place to help ensure that any improvements we make to the service maintain our high bar for security. These processes and controls help ensure that we can make Amazon Chime easy to use while helping to keep your data safe. Our security processes and controls include, but are not limited to security architecture reviews and threat modeling, periodic application security reviews, penetration testing, implementation of least privileged access, use of multi-factor authentication, detailed security logging and regular audits, automated operating system patching, automated verification of patching, and many other processes and controls required for an AWS service. Beyond best practices to help ensure the security of the service itself, as you will read, Amazon Chime has been architected to help keep your data secure.

Access Controls
In order to join a meeting on Amazon Chime you are required to have an authorization token. In the Amazon Chime app, you can obtain a token by entering a meeting ID or by being added to a meeting by another attendee. If an unauthorized attendee is removed from a locked meeting, a topic covered in more detail under Managing your Amazon Chime Meetings, they will not have access to encryption keys that would allow them to subsequently rejoin or somehow eavesdrop on the meeting. In the Amazon Chime SDK, an authorization token is required, but you can build your own rules for when and how attendees access meetings, and when meetings are deleted and no longer accessible. Because the Amazon Chime SDK integrates with Amazon EventBridge, you can build your own application logic to detect suspicious activity and take proactive action like ending a call.

Modern Industry Standard Encryption
When connected to an Amazon Chime meeting, your audio, messages, video, and content shared through screen sharing is encrypted while in transit using industry standard cryptographic protocols: Transport Layer Security (TLS), Datagram Transport Layer Security (DTLS), and Datagram Transport Layer Security-Secure Real-Time Transport Protocol (DTLS-SRTP). We rely on standard protocols because their design and implementations are well understood and undergo continuous security review and development by security researchers around the world. These protocols help maintain the privacy and data integrity of your content as it traverses the Internet or any other network. For the purposes of mixing audio and video, traffic is temporarily decrypted on the Amazon Elastic Compute Cloud (Amazon EC2) instance that has been assigned by the service to host your meeting. Once mixed, your data is re-encrypted and sent to each meeting attendee. No meeting content is stored through this process. Amazon EC2 instances used to host meetings are within a secure Amazon Virtual Private Cloud (VPC) and subject to audited controls which restrict access.

When you connect to an Amazon Chime meeting from your computer, we use modern cryptographic cipher suites that utilize Advanced Encryption Standard (AES) encryption. The precise encryption technique depends on the particular capabilities of the client or browser that is used to connect to the meeting. For our desktop and mobile clients, audio data is secured using the ECDHE-RSA-AES256-GCM-SHA384 suite. The secure key exchange is accomplished using the Elliptic-curve Diffie–Hellman Ephemeral protocol (ECDHE). This key exchange offers forward secrecy, so that previously recorded TLS sessions cannot be inspected even if, at a future date, a key or password is compromised. The key size used for the AES encryption is 256-bits. Data is encrypted block-by-block using Galois/Counter Mode. This mode of operation is designed to protect the confidentiality and integrity of the data. The Secure Hash Algorithm with a size of 384 bits is used as part of a cryptographically secure pseudorandom function to derive the actual key used for AES encryption. Video data and browser WebRTC connections for our web application utilize DTLS-SRTP with an AES key size of 128-bits. Screen sharing is over a TLS 1.2 connection, which uses TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 in desktop and mobile clients.

If you use your phone to connect to Amazon Chime with a dial-in number, you will be connected to your meetings through the Public Switched Telephone Network (PSTN), which may use legacy telecom circuits that do not support encryption. We provide the option to dial-in with your phone because many customers consider the ability to dial-in to meetings necessary for convenience. You can decide whether to use the dial-in feature to connect to Amazon Chime through the PSTN, or to connect to meetings only with the encryption provided using your computer for audio from the Amazon Chime application.

Minimizing and Protecting Sensitive Data
Amazon Chime uses identity federation for authentication of all users. What this means is that Chime relies on proven identity systems to help manage users, passwords, and multi-factor authentication (MFA). Supported identity providers include Login with Amazon, Microsoft Active Directory, and Okta SSO. By relying on existing, proven identity systems, Chime does not need to create, store, and manage user passwords or MFA tokens.

The Amazon Chime application by default does not store meeting audio and video data. If a customer initiates a recording, all participants are notified via the application user interface (UI) or by an audio announcement. Recording data is streamed to Amazon Simple Storage Service (Amazon S3) and is encrypted both in transit and at rest. These Amazon S3 buckets are within a secure Amazon VPC and are subject to audit controls which restrict access. Only authenticated and authorized users have access to the recordings, and only via the Chime interface and/or APIs. If you use the Amazon Chime SDK, you can choose how recordings are started, and where recordings are stored.

To make joining Amazon Chime meetings as easy as possible, we have an auto-call feature that proactively notifies all registered Amazon Chime users when their meetings start, and allows them to join in one click. This feature is enabled by adding meet@chime.aws to your calendar invites. When meet@chime.aws is invited, an automated process receives the meeting invitation email, discards the body, discards attachments, and encrypts the iCal invitation file (.ics) so that we know who to include in your Amazon Chime meeting. These files are stored encrypted in a secure S3 bucket in the US-East (N. Virginia) region, and are accessible only to the Chime service itself.

Managing Your Amazon Chime Meetings

Amazon Chime offers features to prevent anyone from unexpectedly joining your meetings, or causing disruptions by making noise or taking over screen share. As an organizer, you can decide the configuration that is best for your meetings.

Keeping Your Meetings Secure
Amazon Chime meetings are all based on 10-digit meeting IDs. Securing your meetings starts with making sure that only those that have been invited have the meeting ID. If this ID becomes public, you should change the meeting ID. If you don’t want to change the meeting ID, you can lock your meeting to keep unwanted attendees out, then remove anyone that has already joined, but the first step is always making the meeting ID known only to those that need it.

Features for securing your meetings:

  • Different meeting ID options – Meeting hosts have the option of using one of three different types of meeting IDs: (1) New meeting IDs, and (2) New Meeting IDs that require a moderator to start, and (3) Personal IDs. When you generate a new meeting ID, you can use it to schedule a single meeting or meeting series. Generating new IDs is the default behavior, and recommended for most meetings because only intended meeting attendees have access to the ID. New meeting IDs that require a moderator are also unique to a meeting or meeting series, but meetings scheduled with this option only start when a moderator joins. Personal IDs are provided to users as a convenient reusable ID. Users can link their Personal ID to a custom alphanumeric Personalized ID that the host and attendees can easily remember. While convenient, Personal IDs and associated Personalized IDs are recommended for use with casual meetings with those you work with regularly.
  • Moderated Meetings – When you generate a new meeting ID, you can opt to require moderation for extra security. Moderated meetings do not start until you or a delegate have joined the meeting.
  • Remove Attendees – The Amazon Chime visual roster lets you see everyone that has been invited, everyone that is currently connected, those that are running late, and those that have left. If you see anyone that should not be in your meeting, you can remove them.
  • Lock Meeting – You can lock your meeting to prevent anyone from joining that wasn’t on the original invite or that isn’t added from within the meeting.

Additional Administrative Controls:

  • Disable Shared Control in Screen Sharing – Amazon Chime account administrators can choose to disable the ability for members of their account to grant control over their screen to anyone else in the meeting.
  • Meeting Region Settings – As an Amazon Chime account administrator, you have the ability to select which of the available 14 AWS regions can be used for meetings hosted by your users. Chime will automatically select where to host the meeting from your chosen AWS regions based on participant proximity and AWS network telemetry. In addition to improving meeting quality, the ability to select where your meetings are hosted is beneficial if you are subject to restrictions on where data can be sent and processed.

Keeping Your Meetings Focused
After meetings start, having them run smoothly requires controlling the flow and reducing distractions, and in some cases preventing bad behavior by meeting attendees. This can be more difficult in larger meetings. To mitigate this challenge, Amazon Chime has features for organizers to keep meetings on track by restricting features for attendees.

  • Mute Attendee Actions – Automatically mute all other attendees to eliminate any background noise and bring focus back to you as the speaker. You can also disable unmute to keep control until input is required from other attendees.
  • Large Meetings Experience – To maintain focus in meetings, Amazon Chime automatically turns on a large meeting experience for any meeting with 25 attendees or more. When enabled, new attendees are muted automatically when they join, join and leave tones are muted, and notifications about roster events like when someone declines the meeting are also muted.
  • Event Mode – Event mode is designed for presentations where only a few presenters should be speaking or sharing content. When turned on, the organizer and their delegates are assigned as presenters. Others can be given the role as needed. To keep focus on the content of the meeting, only the attendees that are presenters can mute other presenters, share their screen, or turn on their webcam. All attendees are also muted by default when they join, and notifications when users join or leave the meeting are muted.

Conclusion
Amazon Chime meetings are designed to be secure by means of modern security processes and controls, as well as our use of modern industry-standard encryption, but there are steps you can take as a meeting host to maximize the security and safety of your meetings. For most meetings, generating a new meeting ID and locking the meeting once everyone has joined are good default actions to take to add an additional level of security. Other controls can be used when appropriate.

Finally, if you like the security of the Amazon Chime, but want to integrate its capabilities into your own applications, or build custom logic for access to your meetings, you can use the Amazon Chime SDK.

More information on Amazon Chime and the topics covered in this blog post are available here:

TAGS: , , ,
Ryan McHarg

Ryan McHarg

Ryan is a Senior Product Manager for the Amazon Chime SDK, a set of real-time communications components that developers can use to quickly add messaging, audio, video, and screen sharing capabilities to their web or mobile applications. Ryan has worked for Amazon Web Services since 2016.