4 Use Cases for Confidential Computing

Happy new year! It’s 2021, cars can drive themselves and we all have super-computers in our pockets. Still, reliable data security is in many cases an unsolved problem.

Why is that? Data has three “states of matter” — just like water ;-). Data can be at rest (i.e., stored on disk), in transit (e.g., from your browser to your bank), and in processing. Unfortunately, current solutions and tech can only protect data at rest and in transit, using encryption.

The lack of data protection during processing means that malicious actors like hackers can manipulate or steal data while it is being used. And there is typically no way to verify who could see the data and if it was processed correctly.

As a result, data breaches are still commonplace and companies are reluctant to leverage sensitive data — even in 2021. This is where Confidential Computing (CC) comes in.

CC is a new security paradigm in which data is processed in secure “enclaves”. These enclaves are available on many recent processors. The contents of an enclave are encrypted even while data is being processed (“tick”, first of the two remaining checkboxes). Further, the functionality and integrity of an enclave can be verified externally (“tick”, second checkbox). If you are interested in details, please refer to our previous blog post on CC or this whitepaper from the Confidential Computing Consortium.

On a high level, you can picture an enclave as a super-secure “black box” that runs a given piece of code on given data. No one (not even datacenter admins or hackers controlling the operating system) can look inside the black box or manipulate it. The black box even provides proof for its security and that it did exactly what it was told to do. Neat isn’t it?

If you think about what is possible given such a black box, I am sure many exciting applications will pop into your mind. In the following, we’ll sketch 4 use cases we see lots of potential in.

CC in mobility

With CC, sensor data from networked vehicles can be aggregated and processed in an end-to-end encrypted and end-to-end verifiable way. If implemented correctly, even the vehicle manufacturer and the application operator only get access to the aggregated and filtered output data. It can be mathematically ensured that no relevant conclusions can be drawn from the output data about individual drivers. Using the verifiability properties of CC, this can even be proven to customers, partners, and legislators. Thus, CC-based applications can dramatically increase customer acceptance for the use of their data and help with compliance.

We at Edgeless Systems recently engaged in a related project with the German automotive and tech giant Bosch. We recommend you take a look at Bosch’s insightful blog post on the project.

CC in mechanical engineering and manufacturing

“Industry 4.0” is a much hyped term in mechanical engineering and manufacturing — in particular in Germany. In a nutshell, Industry 4.0 stands for the approach to increase productivity through massive use of sensors and corresponding data analytics. However, it is not uncommon for industrial data to be of a sensitive nature, as it often contains business secrets and special know-how. Companies are therefore often unwilling to share this data or process it in the cloud. CC can address these concerns comprehensively. The principle of “sharing data without sharing it”, which is enabled by CC, will create lots of value in the future regarding predictive maintenance, digital twins and other data-driven industry applications. For instance, BCG estimates in a recent blog post that $100 billion of value could be unlocked through the exchange of data in manufacturing.

CC in healthcare and medical research

When it comes to patient data in healthcare, one is clearly dealing with highly sensitive and regulated data. In this context, CC can enable secure multi-party training of AI for different purposes. For example, multiple hospitals can combine their data to train AI for detecting diseases, say, given pictures from CT scans. The patients’ data remains confidential during each step of the process. This way, the patients’ privacy is protected and hospitals or other data owners remain in control of their valuable data.

One of the biggest CC-based healthcare applications in production will be the “E-Rezept” (electronic prescription). Starting in 2021, the E-Rezept infrastructure will handle drug prescriptions within the German national healthcare system. With the help of CC, patient data will be strongly protected throughout the lifecycle of a prescription — from the doctor’s practice to the pharmacist’s counter.

CC in Finance

Another example where the secure combination of data between two parties can unlock substantial value is finance. Through CC, a retailer and a credit card company can cross-check their customer and transaction data for potential fraud while neither of them gets access to the original data. The privacy of their customers sensitive data is ensured by CC alongside the whole process.

Conclusion

Given these examples, it is unsurprising that many are excited about the potential of CC. At Edgeless Systems, we certainly are. We are actively shaping the software landscape of this new technology. We have a range of exciting tools and products lined up for release and will share more in the near future. Stay tuned!