Confidential computing offers revolutionary data encryption, says UC Berkeley professor

Confidential computing focuses on potentially revolutionary technology, in terms of its impact on data security. Confidential computing keeps data encrypted, not only at rest and in transit, but also in use, allowing analytics and machine learning (ML) to be performed on the data while preserving its confidentiality. The ability to encrypt data in use opens up a huge range of possible real-world scenarios, and it has major implications and potential benefits for the future of data security.

VentureBeat spoke to Raluca Ada Popa about her research and work developing practical solutions for confidential computing. Popa is a Colleague Professor at the University of California, Berkeley, and she is also the co-founder and president of Opaque systems.

Opaque Systems offers a software offering for the: MC² open-source confidential computer project, to help companies that are interested in using this technology, but may not have the technical expertise to operate at the hardware level.

The Journey of Confidential Computing

Popa went through the history of confidential computing, the mechanics and the usage scenarios. The problems confidential computing must address have been around for decades, with several people working to solve them. She explained that as early as 1978, Rivest et al. acknowledged the privacy, confidentiality, and functionality benefits that would come from being able to rely on encrypted data, although they were not developing a practical solution at the time.

In 2009, Craig Gentry developed the first practical construct, a fully cryptographic solution called fully homomorphic encryption (FHE). In FHE, the data remains encrypted and the calculation is performed on the encrypted data.

However, Popa explained that the FHE was “orders of magnitude too slow” to allow for analytics and machine learning, and while the technology has been refined since then, the speed is still not optimal.

An approach to the best of both worlds

Popa’s research combines recent advances in hardware that have emerged in recent years, called hardware enclaves, with cryptography into a practical solution. Hardware enclaves provide a trusted execution environment (TEE) that isolates data from software and from the operating system. Popa described the hybrid approach of combining hardware enclaves with cryptography as the best of both worlds. Within the TEE, the data is decoded and a calculation is performed on this data.

“Once it leaves the hardware box, it’s encrypted with a key fused into the hardware…” Popa said.

“It looks like it’s always encrypted from an operating system’s or administrator’s or hacker’s point of view…[and] any software running on the machine… only sees encrypted data,” she added. “So it actually achieves the same effect as the cryptographic mechanisms, but it has processor speeds.”

Combining hardware enclaves with cryptographic computation enables faster analytics and machine learning, and Popa said that for the “first time,” we have a truly hands-on solution for analytics and machine learning on confidential data.”

Hardware Enclaves Vendors Compete

To develop and implement this technology, Popa explained that she and her team at UC Berkeley’s RISELab “got early access from Intel to his SGX hardware enclave, the pioneer enclave’, and in their research determined that ‘the right use case’ for this technology is confidential computing. Today, in addition to Intel, there are several other vendors, including: AMD and Amazon Web Services (AWS), have released their own processors with hardware enclave technology.

However, there are some differences between the vendors’ products, in terms of speed and integrity, as well as user experience. According to Popa, the Intel SGX typically has stronger integrity guarantees, while the AMD SEV enclave is faster.

She added that AWS’s Nitro enclaves are mostly software-based and don’t have the same level of hardware protection as Intel’s SGX. Intel SGX requires code refactoring to run legacy software, while AMD SEV and Amazon Nitro enclaves are more suited to legacy applications. Each of the three cloud providers, Microsoft, google and Amazonalso has enclave offers.

Because hardware enclave technology is “very raw, they provide a very low-level interface,” she explained — Opaque Systems provides an “analysis platform built specifically for confidential computing,” designed to optimize the open-source MC.² confidential computer project for companies that want to use this technology to “facilitate collaboration and analysis” on confidential data. The platform includes multi-layered security, policy management, governance, and assistance with setting up and scaling enclave clusters.

Further implications

Confidential computing has the potential to change the game for access control as well. Popa explained that “the next step that enables encryption is not to give access to just the data, but to some function result on it.” For example, not giving access “to” [the] full data, but only for a model trained on [the] data. Or maybe to a query result, to a statistic, to an analysis query based on [the] data.”

In other words, instead of granting access to specific rows and columns of data, access would be granted to an aggregate, a specific type of output or by-product of the data.

“This is where confidential computing and encryption really come into play… I encrypt the data and you do confidential computing and calculate the correct function while you [the data] encrypted… and only the end result is revealed,” Popa said.

Function-based access control also has implications for ethics, as machine learning models can be trained on encrypted data without compromising personal or private data or revealing information that could lead to bias.

Real World Scenarios of confidential computer use

Enabling companies to take advantage of analytics and machine learning on confidential data, and enabling access to data functions, creates a broad range of possible use cases. Chief among these are situations where collaboration is possible between organizations that were previously unable to work together due to the mutually confidential nature of their data.

For example, Popa explained that “traditionally, banks cannot share their confidential data with each other;” However, with its platform to help businesses take advantage of confidential computing, Opaque Systems allows banks to pool their data confidentially, while analyzing patterns and training models to more effectively detect fraud.

In addition, she said, “healthcare facilities” [can] pool their patient data to find better diagnoses and treatments for diseases”, without compromising data protection. Confidential computing also helps break down walls between departments or teams with confidential data within the same company, allowing them to collaborate where they couldn’t before.

Charting a course

The potential of confidential computing with hardware enclaves to revolutionize the computing world was recognized this summer when Popa won the award ACM Grace Murray Hopper Award 2021.

“The fact that the ACM community is recognizing the technology of computing on encrypted data… as an outstanding achievement that is revolutionizing computing… gives a lot of credibility to the fact that this is a very important issue, which we should be confronted with.” work,” Popa said — and for which her research and work have provided a practical solution.

“It will help because of this confirmation for the problem and for the contribution,” she said.