Confidential computing promises to make IoT devices secure
Confidential computing (CC) is set to have a profound impact on all our lives – and yet today hardly anyone recognises the term.
The Confidential Computing Consortium defines CC as protecting ‘data in use by performing computation in a hardware-based Trusted Execution Environment. These secure and isolated environments prevent unauthorized access or modification of applications and data while in use, thereby increasing the security assurances for organizations that manage sensitive and regulated data.’
Today the importance of encrypting data while it’s being transmitted across networks, or while in storage, is widely appreciated – and there are a plethora of tools and companies focused on these tasks. But protecting data while ‘in use’ – ie while it is being processed by a CPU (or nowadays with AI applications, increasingly using a collection of GPUs) – has so far been a highly specialist undertaking, that is not widely understood in the business community.
And yet this “last mile” of data protection makes all the difference in enabling developers to build flexible and trusted applications - that can process any private data in a fully trusted, provably-controlled manner. Resolving this last-mile of data protection will have a transformative impact across all areas of computing – from enterprise-scale cloud applications to IoT devices in the home. Combined with other recent innovations - from multi-party computation and blockchain - there is now no limit to creating provably-trusted software systems – from efficient currency tokens and smart contracts to ad-hoc multi-party exchanges.
Historically, ensuring data privacy and security, needed to rely on a high degree of control over the ‘execution environment’. For example, enterprises would typically process their data on-premise, in their own secure data centres, or through trusted vendors, rather than in a general cloud environment. There are serious problems with this approach however, including: the high costs of running and securing a data centre; the increasing complexity of operating systems, with new vulnerabilities continually being found; a similar issue with ‘hypervisor’ software also means that common forms of virtualisation come with an irreducible security risk. There is finally the risk that internal engineers are careless, or even bad actors: according to Verizon’s 2023 Data Breach Investigations Report nearly 1 in 5 company data breaches are the fault of the company’s own people.
Furthermore, it is no longer just large businesses that need to be aware of data security risks; increasingly they affect every person in every home – with the increasing penetration of smart IoT devices that process ever more private data.
More recently ‘homomorphic computing’ has been trialled as a possible approach to address these issues. With this approach the data is never decrypted, and so is at no risk of being leaked (short of the crypto key being compromised). However, there are severe constraints on how data can be processed while still encrypted. For example, it is feasible to find the average value of an otherwise secret dataset, but executing a general data-dependent smart-contract is beyond the reach of this approach. Homomorphic encryption schemes also create a significant computing overhead, which makes them far too costly or too cumbersome for most practical applications.
Trusted Execution Environments
In contrast, confidential computing uses a ‘trusted hardware execution environment’ which offers far more flexible and practical solutions.
A trusted execution environment (TEE) is a secure area of a CPU that is designed to protect data and processes within it from being tampered with – whether from buggy software, malware, or even direct attacks on the hardware.
TEEs typically use hardware-based security measures such as memory isolation, secure boot, and hardware-based key storage to ensure the environment is secure. They will typically also use software-based security measures such as encryption and authentication to protect any sensitive data and ensure that only authorised applications can access the TEE. The most common (hardware-based) TEEs are AMD’s SEV and Intel’s SGX, both of which use ‘remote attestation’ techniques to provide cryptographic proof of the TEE’s integrity and authenticity at runtime.
So given the availability of these devices, what is holding back their widespread adoption? The answer, simply, is that they are still just too difficult to use - at least for the typical developer to embed into their normal workflows to create new software applications. And this is why a number of startups are starting to bridge the gap. One initiative from our own IQ Capital portfolio is the Klave.network which promises to make it easy for any developer to design and productise applications based on smart contracts, just by using a familiar programming language.
Private and Secure Central Bank Digital Currencies?
There has been some disquiet about Central Bank Digital Currencies (CBDCs) being a threat to citizens’ rights due to governments’ ability to track (and potentially block) individual transactions in real-time, and intruding on their privacy by the collection of all this data.
However, a CBDC designed on confidential computing principles can be as private as cash is today, whilst still allowing tracking of aggregate economic trends and preventing money-laundering-enabled crime. But confidential computing also offers many other design choices: for example, allowing investigators to ask questions about an individual transaction, without having to obtain the full details of that transaction – at least until required to do so by a recognised court. Another key design choice is how different CBDCs can interact with each other, and with other forms of wealth such as cryptocurrencies.
It is imperative that these design choices are properly discussed before CBDCs become widely adopted, as making big changes later on is likely to be costly, if not infeasible.
Smart Contracts Supporting Business Ecosystems
But the most promising potential for confidential computing is to allow businesses to partner and collaborate using generalised smart contracts. For example, a company that has detailed financial data on its customers can ‘share’ that data with another organisation which wants to use it to train a machine-learning model, without that data being exposed to the organisation, and without the company having any access to the organisation’s machine-learning model. Both sides get what they want without any privacy or security risk to either party.
Another very real example is using CC based smart-contracts for privacy-enabled financial exchanges to trade non-fungible products. SoftMetal is a recently-launched trading platform where bids and asks for multi-element metals are matched, filtered by quality parameters selected by buyers and sellers, on an exchange-type auction mechanism – without either party being aware of the other’s details until a match is found and agreed.
There will be many more such innovations as confidential computing finally goes mainstream and becomes widely adopted in the developer community. The true challenge is now faced by business leaders who need to consider how their current business models will be disrupted by this technology, and how they could and should be adopting it to create vastly more complex and valuable business ecosystems than is possible today.
