Cloud and edge networks are establishing a new line of defense called privacy computing to protect the growing amount of data that users process in these environments.

A confidential calculation is defined

Confidential computing it is a way to protect data used, for example, in memory or during calculations, and prevent anyone from viewing or changing the work.

Using cryptographic keys associated with processors, confidential computing creates a trusted execution environment or secure enclave. This secure digital space supports cryptographic proof, called attestation, that hardware and firmware are properly configured to prevent their data or application code from being viewed or altered.

In security parlance, confidential computing provides guarantees of data and code confidentiality, as well as data and code integrity.

What makes confidential computing unique?

Privacy computing is a relatively new option for protecting the data in use.

For years, computers have used encryption to protect data in transit over a network and data at rest stored on a flash drive or non-volatile memory chip. But without a practical way to perform computations on encrypted data, users faced the risk of having their data seen, encrypted, or stolen while in use inside the CPU or main memory.

With privacy computing, systems can now span all three parts of the data lifecycle, so data is never exposed.

Confidential computing protects the data in use
Confidential computing adds a new level of computer security — protecting data that is used while working on the processor.

In the past, computer security focused primarily on protecting data on systems owned by users, such as their corporate servers. In this scenario, it is perfectly normal for system software to see user data and code.

With the advent of cloud and edge computing, users now routinely run their workloads on computers they don’t own. Hence, privacy computing shifts the focus to protecting user data from whoever owns the machine.

With privacy computing, software running in the cloud or on the edge, such as an operating system or hypervisor, is still in control. For example, it allocates memory to a user program, but can never read or modify data in the user-allocated memory.

How confidential computing got its name

A 2015 research paper was one of several using the new Security Guard Extensions (Intel SGX) on x86 CPUs to show what’s possible. He called his approach VC3, for Proven confidential cloud computingand the name—or at least part of it—stuck.

“We started calling it privacy cloud computing,” said Felix Schuster, lead author of the 2015 paper.

Four years later, Schuster co-founded Edgeless Systems, a company in Bochum, Germany that develops tools that allow users to build their own privacy computing programs to improve data protection.

Privacy computing is “like attaching a contract to your data that only allows you to do certain things with it,” he said.

How does confidential computing work?

Looking deeper, confidential computing is based on a foundation called a root of trust, which is based on a secure key unique to each processor.

The processor checks if it has the appropriate firmware to start a so-called secure metered boot. This process generates reference data, verifying that the chip is in a known safe state to begin operation.

Next, the processor creates a secure enclave or trusted execution environment (TEE) separate from the rest of the system where the user program runs. The program sends the encrypted data to the TEE, decrypts it, runs the user program, encrypts the result and sends it.

The machine owner was never able to view the code or user data.

Another important element: it proves to the user that no one could tamper with the data or software.

How attestation works in confidential computing
Attestation uses a private key to generate security certificates that are stored in public logs. Users can access them using Internet Transport Layer Security (TLS) to ensure that privacy protections are not compromised, protecting their workloads.

Acknowledgment is granted through a multi-step process called attestation (see diagram above).

The good news is that researchers and commercially available services have demonstrated computational privacy, often providing data security without significantly impacting performance.

Scheme of operation of confidential calculations
A high-level view of how confidential computing works.

Narrowing of security perimeters

As a result, users no longer need to trust all the software and system administrators of individual cloud and edge companies in remote locations.

Confidential computing closes many doors that hackers like to use. It isolates applications and their data from attacks that can come from firmware, operating systems, hypervisors, virtual machines—even physical interfaces such as a USB port or PCI Express slot on a computer.

The new level of security promises to reduce data breaches, which have risen from 662 in 2010 to more than 1,000 by 2021 in the US alone, according to a report Identity Theft Resource Center.

However, no security measure is a panacea, but confidential computing is an excellent security tool that puts control directly in the hands of “data owners”.

Use cases for confidential computing

Users with sensitive data sets and regulated industries such as banks, healthcare providers and governments are among the first adopters of sensitive computing. But this is only the beginning.

Because confidential computing protects sensitive data and intellectual property, the group will be able to collaborate securely. They provide certified proof that their content and code is secure.

Examples of confidential computing applications include:

  • Companies executing smart contracts with blockchain
  • Research hospitals collaborate to train AI models that analyze trends in patient data
  • Retailers, telecommunications providers and others at the edge of the network, protecting personal information in places where physical computer access is possible
  • Software vendors can distribute products that incorporate artificial intelligence models and proprietary algorithms while retaining their intellectual property

While private computing is emerging in public cloud services, it will spread rapidly.

Users need sensitive computing to protect edge servers in uncontrolled or hard-to-reach locations. Enterprise data centers can use it to protect against insider attacks and protect one sensitive workload from another.

growth forecast for confidential computing
Market researchers from the Everest Group estimate that the existing confidential computing market could grow 26 times in five years.

Currently, most users are in the proof-of-concept stage with the hope of launching workloads into production soon, Schuster said.

In the future, sensitive computing will not be limited to ad hoc or sensitive workloads. It will be widely used, as will the cloud services that provide this new level of security.

Indeed, experts predict that private computing will become as widely used as encryption.

The potential of the technology prompted vendors to launch in 2019 Confidential Computing Consortium, part of the Linux Foundation. CCC members include leaders in processor and cloud technologies, as well as dozens of software companies.

The group’s projects include Open the Enclave SDKframework for building trusted execution environments.

“Our primary focus is to support all the open source projects that are fundamental parts of the ecosystem,” said Jethro Beekman, a member of CCC’s technical advisory board and vice president of technology at Fortanix, one of the first startups founded to develop confidential computing software. .

“It’s a compelling paradigm to put security at the data level, rather than worrying about infrastructure details, that should lead to you not having to read about data breaches in the newspapers every day,” said Beekman, who wrote his 2016 Ph.D. dissertation on confidential computing.

Table of confidential computing companies
A growing sector of security companies work in confidential computing and related fields. (Source: GradientFlow)

How privacy computing is evolving

Implementations of confidential computing are developing rapidly.

At the processor level, AMD released Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). It extends process-level protection in Intel SGX to full virtual machines, so users can implement sensitive computing without having to rewrite their applications.

Leading processor manufacturers support this approach. Intel support comes via a new Trusted domain extension. Arm described its implementation, named kingdoms.

Proponents of the RISC-V processor architecture implement confidential computing in an open source project called Keystone.

Acceleration of confidential computing

NVIDIA brings to market GPU acceleration for virtual machine-style privacy computing Graphics processors with Hopper architecture.

The H100 Tensor Core GPUs enable confidential computing for a wide range of AI and high-performance computing uses. This gives users of these security services access to accelerated calculations.

How GPUs and CPUs work together to enable NVIDIA's confidential computing
An example of how GPUs and CPUs work together to provide an accelerated confidential computing service.

Meanwhile, cloud service providers today offer services based on one or more underlying technologies or their own unique hybrids.

What’s next for confidential computing

Over time, industry guidelines and standards will emerge and evolve for aspects of sensitive computing such as attestation and efficient secure I/O, CCC’s Beekman said.

Although it is a relatively new privacy tool, the ability of confidential computing to protect code and data and provide privacy guarantees makes it powerful.

Looking ahead, experts expect privacy computing to be mixed with other privacy techniques such as fully homomorphic encryption (FHE), federated learning, differential privacy, and other forms of multiparty computing.

Leveraging all elements of today’s privacy toolkit will be key to success as the demand for AI and privacy grows.

So, there are still many moves in the great security chess game to overcome the challenges and realize the benefits of privacy computing.

Take a deeper dive

To learn more, see Hopper Confidential Computing: How It Works Under the Hood, session S51709 at GTC on or after March 22 (free with registration).

See “Secure Computing: A Developer’s View of Application and Data Protection on the NVIDIA H100,” Session S51684 on or after March 23.

You can also attend the panel discussion on March 15 at Open Confidential Computing Conference moderated by Schuster and attended by Ian Buck, NVIDIA’s Vice President of Hyperscaling and HPC. And watch the video below.