Thumbnail
Use Cases and Applications

BUILD.5 and the data privacy revolution. Part 1: Confidential Computing - Cloud

Song Choi & Mike Isaia
#build5#confidential_computing#node_manager

We recently unveiled the BUILD.5 Association and our founding team , plus, our world class advisory board. Now it’s time to showcase what we believe is the most exciting part of the work we’ve engaged in, the potential use cases that can be built using the BUILD.5 Platform.

This is just one of several unique industry use cases we will be featuring over the next few days and weeks, but it’s one we are extremely excited about and will be exploring in depth through a 3-part series of blog posts in July:

Why Confidential Computing?

Confidential computing is an essential new technology that plays a vital role in data security in public cloud environments. Since, around 96% of organizations worldwide are using some form of public cloud service, CC’s impact will be felt in every industry from healthcare to the military, banking to commerce. The industry is in the process of a massive pivot to this technological breakthrough due to the positive impact CC will have on the public cloud. Earlier this month OEM chip manufacturing rivals Intel and NVIDIA joined forces to support CC by providing complimentary “attestation” and cloud-based trust services leveraging each other’s technology.

It’s for this reason that the CC market is expected to grow from 5.3 billion USD this year to 59.4 billion USD by 2028, an astonishing 62.1% CAGR over the next 5 years. These estimates are likely conservative as they were developed before we experienced the breakout adoption curve of AI, sovereign clouds, and IoT in 2023. So, what exactly is confidential computing? Let’s explore.

What is Confidential Computing

“Confidential computing is a cloud computing technology that isolates sensitive data in a protected CPU enclave during processing. The contents of the enclave—the data being processed, and the techniques that are used to process it—are accessible only to authorized programming code, and are invisible and unknowable to anything or anyone else, including the cloud provider” (IBM, “What is Confidential Computing”)

“For many years, computers have used encryption to protect data that’s in transit on a network and data at rest, stored in a drive or non-volatile memory chip. But with no practical way to run calculations on encrypted data, users faced a risk of having their data seen, scrambled or stolen while it was in use inside a processor or main memory. With confidential computing, systems can now cover all three legs of the data-lifecycle stool…” (NVIDIA, “What is Confidential Computing”)

From: https://blogs.nvidia.com/blog/2023/03/01/what-is-confidential-computing/

Simply put, there is a security “tri-lemma” that every cloud provider and cloud service user needs to solve: 1) Encryption at rest (stored in a database), Encryption in transit (moving over a network connection), and the holy grail, Encryption in use (data being processed). Only encryption at rest and in transit is currently possible, that is until now. Confidential computing offers the 3rd and final leg of the stool of public cloud security. How? By taking a new approach, which leverages a hardware-based, Trusted Execution Environment (TEE) within a CPU. The TEE uses encryption keys to allow only authorized application code to access the enclave. This creates a hardware / software computational “shell” that cannot be breached by attackers or malicious programs. Even cloud providers cannot interfere or interrupt this process, since it is essentially invisible to unauthorized users or programs and therefore inaccessible to everyone outside the enclave.

Enterprises can now protect themselves from hostile actors while still enjoying the benefits of operating in public clouds. A “best of both worlds” proposition that the cloud has been waiting for.

Now, if these concepts are sounding familiar to you, as a supporter of BUILD.5 and distributed ledgers like IOTA, then you’re starting to understand how our platform plays a crucial role in this evolutionary step in cloud security.

The BUILD.5 Confidential Computing Use Case

By leveraging confidential computing and hardware-based privacy to enable secure processing of transactions, we can now enshrine both security and data privacy into the DNA of the network. For example, transactions can occur within a CPU enclave, within a Hornet node. Thanks to the lightweight nature of the IOTA network, that node can be on something as trivial as a Raspberry Pi. That node can then be part of the BUILD.5 network via the iDOS Node Manager, which can also monetize traffic through the mana station. Voila, a sustainable, lightweight, secure, economically driven, node infrastructure, delivered on demand to enterprise customers through BUILD.5.

But wait, there’s more! This infrastructure can then be tightly integrated with hardware partners via our Universal Rails and Channels / On Tangle Requests (OTR), which we will detail in a future deep dive of the iDOS framework. The important thing to know about OTRs here is they enable the inclusion of certified OEMs and IOTA L1 Smart Contracts! You read that correctly OEM partners, Hornet, IOTA, and BUILD.5 together can create an entire programmatic ecosystem of private services and devices, operating confidentially, and without fees!

In addition, CC increases the inherent security of L1 SC’s by allowing them to run on a hardware based enclave, which ensures that runtime encryption of the data processed by the contract is confidential. It adds further security by ensuring transactions are only allowed from attested validators. This is like giving a cloak of invisibility for SC nodes to use against hackers!

Taken together, all of this gives BUILD.5 extraordinary capabilities as a privacy platform, with unparalleled L1 security, L1 privacy, and L1 programmatic capabilities, accessible through our unified connectors: Financial companies can deploy services with varying levels of privacy to participate in compliant markets, which may not be able to publish data into a public blockchain; Artificial intelligence companies can make use of machine learning algorithms that share insight, but confidentially retain records for data integrity; Manufacturing and supply chains can deliver touchless systems which leverages the immutability of a ledger, without revealing confidential information that competitors can access; these are just a few of the industry use cases that can be developed!

Conclusion

BUILD.5 gives enterprise customers the ability to develop privacy based, compliant environments that require confidentiality to deliver ultra secure solutions to their user base. We’ve created an ecosystem-first approach that improves the lives and industries it serves.

The convergence of IOTA blockchain and confidential computing has the potential to revolutionize the way sensitive data is handled in an era that will be defined by AI, IoT, and new constructs such as sovereign clouds. By combining the scalability and modularity of the BUILD.5 platform with the privacy and security of confidential computing, we address the largest roadblocks to adoption and unlock new possibilities that have never been possible before.

Next we will dive even deeper into our use cases around CC and its impact on Edge computing, and Federated AI.

For more information about Confidential computing, BUILD.5, Node Manager, and the iDOS framework, contact us at [email protected].

Related Articles