In recent years, leading tech companies have shown increasing interest in confidential computing, integrating it into their services. Multiple conferences focused on this technology were held in the first half of this year, including the GPU Technology Conference (GTC) and the Open Confidential Computing Conference (OC3) hosted by Edgeless Systems last March. Additionally, the Confidential Computing Summit, organized by the Confidential Computing Consortium (CCC) – which includes members like Microsoft, Google, Intel, and Nvidia – took place in June. This article will explain the applications of confidential computing and why it has garnered significant attention from major tech companies.
◇ Confidential Computing
Confidential computing is an emerging technology in cybersecurity that ensures data remains secure even during computation and analysis. Traditionally, security concerns focused on data at rest or in transit. However, with the widespread use of cloud services in artificial intelligence, securing data in use has also become crucial. Since cloud services involve sharing CPUs or databases provided by third parties, there are concerns that cloud service providers might access an AI model’s training data while it is being processed in the CPU or GPU. Confidential computing addresses these concerns by ensuring that data in use remains inaccessible to unauthorized parties.
The key components of confidential computing are isolation and attestation. Isolation involves physically separating sensitive data from other data, ensuring it remains secure. Attestation establishes strict requirements for accessing the isolated data, allowing only authorized entities to interact with it. This combination ensures that sensitive data is protected, with unauthorized parties being completely restricted from it due to the physical separation in the memory or CPU.
◇ Confidential computing in Google and Microsoft
Google Cloud offers confidential virtual machines using hardware developed by Intel, AMD, NVIDIA, and others. They provide Confidential GKE Nodes, which encrypt data with keys that are only accessible within the processor. Additionally, Google offers Confidential Space, a product that enables data analysis and machine learning while ensuring that the training data remains protected, even from the cloud service provider.
Microsoft Azure offers various products, including Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and virtual machines with confidential computing features. Azure Key Vault Managed HSM is a cloud service using confidential computing to secure cryptographic keys for applications. Azure SQL runs user queries in isolated hardware, ensuring data security from malware. Microsoft Azure Attestation provides verification services, and Azure Virtual Desktop offers a virtual desktop secured with confidential computing hardware.
◇ Confidential computing in Intel and Nvidia
Intel and Nvidia develop hardware for confidential computing. Intel offers Intel Xeon processors and Intel TDX, both of which enable the creation of confidential virtual machines. This hardware has been utilized by Ant Group, the owner of the major digital payment platform Alipay, to develop a confidential PaaS product. Additionally, Intel provides Intel Trust Authority, a SaaS that verifies the validity of incoming requests.
On April 25, Nvidia announced the integration of confidential computing in the NVIDIA H100 Tensor Core GPU. Unlike existing confidential computing hardware, which is typically based on CPUs, Nvidia’s solution incorporates this feature into a GPU. The NVIDIA H100 includes hardware-based isolation, device attestation, and delivers high performance without requiring code changes.
◇ Confidential computing in Apple and Samsung
In June, Apple announced its latest Private Cloud Compute (PCC). For the large and complex computations required by iPhones, iPads, and Macs, Apple uses cloud AI. PCC ensures that data sent to cloud servers cannot be accessed by anyone, including Apple itself. It features several key requirements: stateless computation, enforceable guarantees, no privileged runtime access, non-targetability, and verifiable transparency. These requirements ensure that personal user data can only be used by the PCC for the specific purposes requested by the user. Additionally, no interfaces, including those of Apple, have privileged access to the PCC, and the privacy and security guarantees are designed to be unbreakable.
In June last year, Samsung announced its on-device confidential computing techniques. These techniques include isolation, memory encryption, and attestation to ensure safe data computation within Samsung devices. They are used to protect sensitive user data, such as bio health data and location data, from being transmitted to insecure websites or applications.
With the increasing adoption of cloud services and AI, privacy concerns are becoming increasingly significant. Global regulations addressing AI, such as the European Union’s AI Act and the United States government’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, emphasize safety, security, and trustworthiness. The advancements in confidential computing across cloud services, hardware, and personal devices align with these directives, aiming to enhance data protection and ensure compliance with stringent privacy regulations.