Lavita to support additional privacy-preserving computation and TEE solutions beyond cloud-based Intel SGX
What is confidential (privacy-preserving) computation?
Confidential computation refers to technologies that enable the processing of private, sensitive data in a secure environment, ensuring that the data remains confidential and protected, even when being processed. One approach for privacy-preserving computation is based on secure enclave technology which creates a trusted execution environment (TEE) that provides an isolated and tamper-proof approach for private, sensitive data processing.
What exactly is TEE?
TEE (trusted execution environment) is an environment code that can be executed in a trusted/secure environment. The environment can be an O/S, a whole process or parts of them, etc. By utilizing the TEE, only the authorized parties can access the trusted resources, other unauthorized parties even the host O/S will be rejected. Different from the traditional secure database that encrypt the info in ciphertext and decrypt them for unsecure execution, TEE can provide data life-cycle safety.
TEE is now widely used in end user products and cloud platforms: TurstZone is a system-wide approach to embedded security option for the ARM Cortex-based processor systems; intel SGX are now available in Azure, IBM cloud and Alibaba cloud; Google cloud deploys the AMD SEV. Generally, the end user TEE focus on protecting few personal info, and has limited computing resources, and also deeply customized by each manufacturer; the cloud based TEE are more applicable for multi-party data learning and inference, and have different types: Intel SGX is process-based TEE, a trusted environment called enclave can be called by an untrusted code without leaking the private info to the untrusted party, and both the trusted code and untrusted code are in the same process; AMD SEV and Intel TDX on another hand are O/S based, the whole O/S are encrypted during running by the hardware, and the authorized user can run their code in the OS as an insecure environment. In recent years, many open-source projects also implement secure OS based on process-based TEE (Intel SGX).
A key problem for cloud/remote TEEs is how to trust the environment even if the secure platform is not physically presented to users. Thanks to the asymmetric cryptographic mechanism, a remote attestation (RA) technology can solve it. Take the Intel SGX as an example, a secure private key is randomly generated during manufacturing, and Intel holds the public key for verification. During the runtime, the secure environment used the private key to sign the whole trusted environment code, and send back the signature to the authorized user, the user can verify this signature with Intel, or the user deployed CA (DCAP). After the RA, a secure channel is established between the user and the trusted environment, authorized parties even the cloud platform host cannot detect the private info.
How a TEE is implemented will largely depend on the use case. Use cases, for example, include a variety of applications like payment processing, encryption, decryption of private, sensitive data and more.
With major players such as ARM, AMD, and Intel support, it is clear that TEE technology is here to stay and will continue to play a critical role in ensuring the security of sensitive data.
Who are the major players in the TEE market?
Some of the major players include:
- ARM TrustZone
- AMD Secure Encrypted Virtualization (SEV)
- Intel SGX (Software Guard Extensions)
Is Lavita still supporting Intel SGX?
Yes, Lavita will support Intel SGX-enabled chips for server and cloud computing infrastructure. Intel is discontinuing support for SGX chips ONLY limited to personal computer (PC) CPUs in the 11th and 12th generations of Intel Core processors. Following are up-to-date references on SGX deployment in the cloud from leading cloud-providers:
- Azure: Quickstart — Create Intel SGX VM in the Azure Portal | Microsoft Learn
- IBM: Provisioning a bare metal server with Intel SGX
- Alibaba: Build an SGX encrypted computing environment — Elastic Compute Service — Alibaba Cloud Documentation Center
Why did Intel deprecate SGX on desktop PCs?
Although Intel SGX is the most sophisticated implementation among the enclave solutions, it has received some criticism since their 2015 arrival, particularly with some vulnerabilities surfacing over the years like SGAxe, Plundervolt, and LVI. Intel deprecated SGX on the client side(PCs) but continues supporting it for cloud and server hardware.
Will regular Theta edge nodes be able to participate and support the Lavita platform?
Yes, Lavita is planning to expand its computation and storage use cases so all edge nodes can participate to support the platform. Stay tuned for an update!
