Confidential Computing Provides Breakthrough Data Encryption, Says UC Berkeley Professor

To further reinforce our commitment to providing cutting-edge data technology coverage, VentureBeat is delighted to welcome Andrew Brust and Tony Baer as regular contributors. Monitor their posts in the data pipeline.

Confidential Computing focuses on potentially revolutionary technology, in terms of impact on data security. In confidential computing, data remains encrypted, not only at rest and in transit, but also in use, allowing analytics and machine learning (ML) to be performed on the data, while maintaining their confidentiality. The ability to encrypt data in use opens up a wide range of possible real-world scenarios, and it has major implications and potential benefits for the future of data security.

VentureBeat spoke with Raluca Ada Popa about his research and work in developing practical solutions for confidential computing. Popa is an associate professor at the University of California, Berkeley, and she is also the co-founder and president of Opaque Systems.

Opaque Systems offers a software offer for the MC2 confidential open source computing project, to help companies that want to use this technology, but may not have the technical expertise to work at the hardware level.

The Journey to Confidential Computing

Popa has gone through the history of confidential computing, its mechanisms and its use cases. The problems that confidential computing is supposed to solve have been around for decades, and different people are working to solve them. She explains that as early as 1978, Rivest et al. recognized the privacy, confidentiality, and functionality benefits that would come from being able to compute on encrypted data, although they did not develop a practical solution at the time.


Low-Code/No-Code Summit

Join today’s top leaders at the Low-Code/No-Code Summit virtually on November 9. Sign up for your free pass today.

register here

In 2009, Craig Gentry developed the first practical construct, a fully cryptographic solution, called Fully Homomorphic Encryption (FHE). In FHE, the data remains encrypted and the computation is performed on the encrypted data.

However, Popa explained that the FHE is “orders of magnitude too slow” to enable analytics and machine learning, and while the technology has since been refined, its speed is still suboptimal.

A best of both worlds approach

Popa’s research combines a recent advance in hardware that has emerged over the past few years, called hardware enclaves, with cryptography, into a practical solution. Hardware enclaves provide a Trusted Execution Environment (TEE) where data is isolated from software and the operating system. Popa described the hybrid approach of combining hardware enclaves with cryptography as the best of both worlds. Inside the TEE, the data is decrypted and a calculation is performed on this data.

“As soon as it leaves the hardware box, it’s encrypted with a fused key in hardware…” Popa said.

“Looks like it’s always encrypted from the perspective of any operating system, admin or hacker…[and] any software running on the machine… only sees the encrypted data,” she added. “So it essentially achieves the same effect as crypto mechanisms, but it has processor speeds.”

Combining hardware enclaves with cryptographic computing allows for faster analysis and machine learning, and Popa said that, for the “first time, we really have a practical solution for analysis and machine learning on data confidential”.

Hardware enclave vendors compete

To develop and implement this technology, Popa explained that she and her team at UC Berkeley’s RISELab “received early access from Intel to its SGX hardware enclave, the Pioneer Enclave,” and during their research determined that “the right use case” for this technology is confidential computing. Today, in addition to Intel, several other vendors, including AMD and Amazon Web Services (AWS), have released their own processors with hardware enclave technology.

However, there are some differences between the vendors’ products, in terms of speed and integrity, as well as user experience. According to Popa, the Intel SGX tends to have stronger integrity guarantees, while the AMD SEV enclave tends to be faster.

She added that AWS Nitro enclaves are mostly software-based and don’t have the same level of hardware protection as Intel SGX. Intel SGX requires code refactoring to run legacy software, while AMD SEV and Amazon Nitro enclaves are better suited for legacy applications. Each of the three cloud providers, Microsoft, Google and Amazon, also offers landlocked offerings.

Since the hardware enclave technology is “very crude, it offers a very low-level interface,” she explained. Opaque Systems provides a “purpose-built analytics platform for confidential computing” designed to optimize the open-source MC.2 confidential computing project for companies looking to use this technology to “facilitate collaboration and analysis” on confidential data. The platform includes multi-layered security, policy management, governance, and support for configuring and scaling enclave clusters.

Additional consequences

Confidential computing also has the potential to be a game-changer for access controls. Popa explained that “the next step that encryption allows, is not to provide access only to the data, but to a function result on it”. For example, do not provide access “to [the] integer data, but only to a model trained on [the] The data. Or maybe a query result, a statistic, an analysis query based on [the] The data.”

In other words, instead of giving access to specific rows and columns of data, access would be given to an aggregate, a specific type of output or by-product of the data.

“This is where confidential computing and encryption really comes in…I encrypt the data and you do confidential computing, and calculate the right function while keeping [the data] encrypted… and only the end result is revealed,” Popa said.

Function-based access control also has ethical implications, as machine learning models could be trained on encrypted data without compromising personal or private data or revealing information that could lead to bias.

Real world scenarios confidential computing

Enabling businesses to leverage analytics and machine learning on confidential data, and enabling access to data functions, together opens up a wide range of possible use cases. The most important of these include situations where collaboration is permitted between organizations that previously could not work together, due to the mutually confidential nature of their data.

For example, Popa explained that “traditionally, banks cannot share their confidential data with each other”; However, with its platform to help businesses leverage confidential computing, Opaque Systems enables banks to pool their data confidentially while analyzing patterns and training patterns to more effectively detect fraud. .

In addition, she said, “health facilities [can] pool their patient data to find better diagnoses and treatments for diseases,” without compromising data protection. Confidential computing also breaks down barriers between departments or teams holding confidential data within the same company, allowing them to collaborate where they previously couldn’t.

Trace a route

The potential of confidential computing with hardware enclaves to revolutionize the computing world was recognized this summer when Popa won the 2021 ACM Grace Murray Hopper Award.

“The fact that the ACM community recognizes the technology of computing on encrypted data…as an exceptional result that is revolutionizing computing…gives a lot of credence to the fact that this is a very important, which we should work on,” Popa said. — and to which his research and work have brought a practical solution.

“It will help because of this confirmation of the issue and the contribution,” she said.

VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Discover our Briefings.

Sherry J. Basler