The Importance of Confidential Computing Through Intel’s Enclave and R3’s Conclave
Demystifying the cutting-edge encryption technology that could revolutionise data use.
This article was originally published on our own blog at INDUSTRIA.tech. We’ve decided to move all our content to Medium to reach a broader audience and engage in a more dynamic discussion. Thank you for following our journey and we hope you continue to find value in our insights here.
As far as IT and Big Tech companies are concerned, cybersecurity is priority number one. In the last few years alone, we have seen cyberattacks during conflicts, ransomware that paralyses entire countries, and financial fraud for billions at a time.
But those are the obvious reasons for cybersecurity — individual companies can be a constant target of hacking attempts, and for bigger companies, it is closer to 24/7.
And attacks do not just happen from the outside. Provided that the information a company holds is valuable enough, there can be plenty of incentives for personnel to sabotage their own employers.
For 2022, and indeed, in the near future, the risks are expected to grow exponentially.
Here are some grim but important statistics.
According to IBM Security, the average cost of a data breach in 2020 was $3.86M for the company being attacked. For 2021, it was $4.24M, a 9.8% increase in just one year. The average number of days needed to identify and contain a data breach currently sits at 287. Both of those figures are expected to keep increasing in 2022 and beyond.
And according to Cybersecurity Ventures, global damages are predicted to reach over $10.5T annually by 2025, growing at a rate of 15% per year over the last five years.
While it is easy to wave off cybersecurity as something only the big organisations need to worry about, that could not be further from the truth. 43% of cyber attacks target small businesses, and of those that are attacked, 60% go out of business within six months.
It is not all bad news, however. As the risks increase, demand for better security follows, and we are now seeing numerous new pieces of technology that are aimed at protecting data.
One of the most promising advancements is that of Confidential Computing.
How Confidential Computing Works
Here is a very simplified explanation of how transferring information works.
There are three states of data. Stored information that is not being used or moved is known as being ‘at-rest’ and data actively moving from one location to another is called ‘in-transit.’ In both these states, your information is encrypted.
The third state is ‘data-in-use’, and it is when data is used and stored in a server’s memory that it is most open to being compromised.
Unlike ‘at-rest’ or ‘in-transit’ data, which are encrypted and therefore useless for a malicious actor, ‘in-use’ data needs to be decrypted to be usable by necessity. As it is stored unencrypted in the memory of whatever device might be using it at that moment, this leaves it vulnerable.
That is the final piece of the puzzle, and it is the problem Confidential Computing is already solving.
The way confidential computing effectively challenges modern attack methods is by handling exactly that — how it is being stored and used in the memory.
It is not just the data that is at risk, either. Data breaches can mean a loss in public trust and that of other businesses. And improving cybersecurity can open up businesses to more closely align with necessary regulatory requirements.
Even better, companies that store your data through Confidential Computing also do not have access, meaning that even if third parties would legally have the right to access said data, they would not be able to do so.
There have been several advancements in Confidential Computing in recent years, most notably from IBM, AMD, and the Confidential Computing Consortium, which includes Microsoft, Baidu, Red Hat, Meta, and Intel.
Intel SGX Brings Confidential Computing to the Public
A few years ago, Intel launched their Software Guard Extension (SGX), also known as Enclave, named after the isolated regions of code and data that the technology utilises.
When Intel SGX needs to work with confidential information, it creates a separate “enclave” inside an untrusted part of the computer’s memory. That enclave then calls on a specific trusted function created by a software developer specifically for the purposes of working inside an enclave.
Once that function is called, the application begins running in that trusted space. Any attempt to access this information outside of the enclave is denied. If any tampering is detected, the enclave simply will not load. Once this process is complete, the data contained within that enclave remains stored and encrypted in the untrusted part.
To put it another way, the enclave itself contains the code to access the data in the enclave. The only way to access it is by using functions that the enclave developer has decided on.
Confidential Computing effectively closes the encryption loop. Sensitive information remains encrypted even when it is being used, and it all takes place inside a separate, dedicated portion of a system’s memory, regulated by the CPU.
According to Intel, Enclave could protect against software attacks even when the application, the OS, and even the BIOS are compromised. It is an extra layer of security exactly where it is sorely needed.
SGX was introduced with the sixth-generation Intel Core line of processors and has been available since.
R3 Takes Confidential Computing Further with Conclave
In February of 2021, R3 launched Conclave, a further enhancement of Enclave that is not bound to a single operating system.
Conclave offers numerous improvements on previous Confidential Computing implementations — the API is significantly more straightforward to use than most other competitors, it supports easier to use languages like Kotlin and JavaScript, is prone to fewer memory management errors, and even integrates with both Intel SGX and Corda, with a full integration to Corda Enterprise coming in the near future.
R3 are using this technology to innovate in other areas of Confidential Computing, too.
Conclave combats fraud by pooling together multiple private data sets to increase the likelihood of intercepting malicious activity. That data is still secure, too, and is only processed as part of a larger data set and not individually viewable. Similar solutions can also be implemented for market data aggregation and secure order matching.
So far, R3’s technology has assisted numerous companies in multiple industries, including Nasdaq, ING, HSBC, Wells Fargo, MetLife, SAP, AWS, and even Intel themselves.
On December 07th, 2021, R3 released Conclave 1.2, which adds additional features and improves previous functionality. In particular, improvements were made to cloud acceleration and data persistence, support for Python, support for the latest Intel SGX SDK, and a number of other refinements that made developing applications on Conclave’s open-source API even easier.
A 2021 IDC report titled “What Confidential Computing Can Bring to the European Blockchain Landscape” says it best: “When it comes to software that enables the development of confidential computing solutions for blockchains, one provider has achieved a head start — R3.”
Powerful analytics tools for each of these and other scenarios are also available, meaning that data privacy is not the only benefit anymore — it also means something in context.
What’s Next for Confidential Computing?
Companies are becoming increasingly aware of the technology’s value and importance.
An October 2021 report by the Confidential Computing Consortium highlights that “[the] Total Addressable Market (TAM) for CC is likely to grow at least 26x over the next five years in the best-case scenario due to growing enterprise awareness of confidential computing.”
According to that same report, “[the] confidential computing software segment is expected to be the largest and fastest-growing market segment [in data security].”
A 2022 report by the IEEE Computer Society looked at 16 different technologies and graded them based on likelihood and desirability. Scores were based on the US academic grading system (A — F, with ‘A’ being the highest and ‘F’ being the lowest). Confidential Computing was positioned as one of the leading technologies in the security industry, earning a likelihood score of B/C and a desirability score of A-.
The report states that the adoption of Confidential Computing could have a significantly beneficial impact on the security industry, including lower cybersecurity costs, a faster evolution of mission-critical applications, and the development of new tools to assess, evaluate, and track security across environments.
With all this in mind, it is easy to see that Confidential Computing should have a noticeable effect on the security industry in the coming years. Once it reaches mass adoption, we can expect improvements to the core technology and higher efficiency in its operations.
INDUSTRIA’s Contribution
We’re a company that is committed to researching and experimenting with the most cutting-edge technologies available to us. As a long-term R3 partner, we were excited to work with Conclave’s implementation of Confidential Computing.
We have so far assisted R3 in exploring additional ways to streamline Conclave and making it accessible to everyone, everywhere. In particular, two of our engineers, Alexander Doykov and Alexander Dimitrov, developed a convenient and practical integration between Conclave and Excel that would allow users to more easily take advantage of R3’s Confidential Computing technology from a piece of software they’re already familiar with, an approach that could open the door to additional synergies between Conclave and other third-party products.
We are also excited to share that we have furthered our partnership with R3 and will be working closely on current and future projects.
Conclusion
Data security is quickly becoming an immense risk for businesses, a lucrative industry for both engineers and hackers, and a grave risk for everyone else.
No system is 100% secure and likely never will be. We are rapidly entering a new era of global information infrastructure and logistics that holds practically unlimited potential to protect us, as well as do us harm.
Considering that most personal information is stored on servers spread around the world and operated by different companies, it becomes clear that any breach could prove critical.
Instead of being paralysed by uncertainty, engineers are coming up with new ways to keep us safe, and it is important that we trust and support new technologies through experimentation and adoption.
Thanks to these latest developments in Confidential Computing, cybersecurity is now being democratised and made readily available to anyone interested in keeping themselves and their employers safe.
About INDUSTRIA
INDUSTRIA is a global technology consulting, development, and ventures company with expertise in the field of enterprise blockchain, confidential computing, process automation, and digital experience. As one of the official partners of R3, we are implementing cutting-edge blockchain technologies and reshaping the fintech world.
At INDUSTRIA, we are focused on providing permissioned blockchain solutions, such as Central Bank Digital Currencies, Electronic Bill of Lading, and Smart Legal Contracts. Our solutions apply to a wide range of industries and use cases to empower and modernise society.
Let’s talk about making your idea a reality — contact us at hello@industria.tech!
