Is encryption enough to protect our data?
SAM JARRELL
Hello, Michael.
MICHAEL BIRD
Hello, Sam. Now, you got married recently. Congratulations, by the way.
now I assume you had a bachelorette party, or as I would call it here in the uk, a hen party. How much did you know about what was happening? did you know any of the details or did you want to maybe keep it all secret?
SAM JARRELL
Yeah, I'd say like it, it was exactly that. I knew we were having a party. I knew the location, like the general location, but I didn't know any of the details of what my, bridal party had actually planned for me on purpose. I didn't want to know. I told them to surprise me.
MICHAEL BIRD
Yeah, I had the same thing. I had a stag deal or bachelor party and, I got blindfolded and bundled into a car.
I had no idea what was going on.
Well,
in the same way that you and I didn't have much information as to what was going on within our respective bachelor and bachelorette parties.
today we are exploring different levels of access to information within our organizations. Although in this case it's to do with data protection
I’m Michael Bird
SAM JARRELL
I'm Sam Jarrell
And welcome to Technology Now, from HPE
MICHAEL BIRD
Well, Sam, this is our second episode in our miniseries in collaboration with HPE Labs, celebrating 60 years of innovation.
SAM JARRELL
That is right. Last time we looked into the practicalities of quantum computing and how you would integrate it into our current computing architecture, and of course we will link to that episode in the show notes.
MICHAEL BIRD
Yep. And this time we are exploring the world of confidential computing. Very interesting. A way to keep your data secure from threats both external and internal. Hmm.
SAM JARRELL
sounds fascinating. So who are you interviewing today?
MICHAEL BIRD
Well, today we will be hearing from Dr. Nigel Edwards, director of the security lab at HPE Labs. And as this is a new concept, the first thing I asked Nigel to do was to explain what exactly confidential computing is and what makes it distinct from regular styles of computing?
NIGEL EDWARDS
So, confidential computing is the protection of data while it is being processed or being used. So it relies on certain capabilities that are available in modern processes. And this compliments, the encryption of data in transit, in the encryption of data at rest to provide what I believe is the most secure environment for protecting sensitive data.
MICHAEL BIRD
So, traditional encryption methods already exist, and they've served us pretty well. what problem is this solving?
NIGEL EDWARDS
this is solving the problem of a hostile or compromised inside us. So it's really, mostly relevant for enterprise, IT use.
so today, typically, System administrators have access to all data, on the systems that they are managing when that data is being processed. And the reason for this is when the data is being processed, even though it's hopefully encrypted when it's being stored, once it's loaded into system memory that is in the clear.
And therefore anybody with sufficient privilege on that system, will have full access to that data and can, potentially, if they're a malicious actor, exfiltrate it.
MICHAEL BIRD
right? So, what you're saying is that if either there was a malicious act within your organization or if that person's login details were somehow compromised, then somebody could then access that data even though you think it's secure because it sort of sat within your organization
NIGEL EDWARDS
because to actually use that data to do useful work, it has to be, decrypted. that's potentially when, when a hostile actor could compromise it
MICHAEL BIRD
So, are we, saying that, this would be used across a whole, organization's infrastructure?
NIGEL EDWARDS
so I think it depends on the sensitivity of the data. if you have sensitive personal information for customers, medical data, financial data, maybe, intellectual property as well, it's the best technology to, to protect that data.
MICHAEL BIRD
so do you have any examples of where, if the principles around confidential computing in place actually a malicious attack wouldn't have happened?
NIGEL EDWARDS
I'm thinking, about system administrators again. so, most common attack vector, would be a system administrator that unfortunately has fallen, victim to a phishing attack, which has enabled, a. cyber criminal or nation state actor to, gain, their login credentials.
But there have been instances of hostile insiders, capturing data. The most famous was in 2013, where a, a contractor working the NSA Edward Edward Snowden, obtained access to tens of thousands of documents, which were classified and leaked those to the press, which led to the. The compromise of, certain operations by the five i's, security Alliance and also US government, activities.
MICHAEL BIRD
And so he had access to information that he maybe shouldn't have had access to,
NIGEL EDWARDS
so if we applied the principles of confidential computing, it would make it much, much harder, potentially impossible. so in confidential computing, the paradigm has evolved around using virtual machines.
when the data is loaded into the virtual machines, it's encrypted in system memory. It's only decrypted when it, it's, loaded into the processor within the context of the virtual machine. So if your malicious system administrator tries to load that data into the processor, because they're not inside the virtual machine, they're just the cis admin on the system logged in as route, all they're going to see is.
Encrypted data, it'll look like random data to them.
We'll use a secret key to decrypt the data so it is then available in clear to the legitimate processes that are allowed to access the data.
MICHAEL BIRD
Okay. I'd love to talk about the inception of confidential computing. Where did the idea originally come from?
NIGEL EDWARDS
the idea of protected enclaves, protected execution environments has been around for a very, very long time.
several decades I would say. and the two dominant data center processor, vendors, have had capabilities going back, I think to the mid, sort of, you know, 20 15, 20 16. But they, were following a different approach,
And so it really wasn't taking off. and earlier this decade that changed when, the two major X 86 vendors still dominant in the data center, adopted a common approach.
Based around virtual machines. So now you can start to use this, with a common set of abstractions.
MICHAEL BIRD
And what's been the influence of HP Labs, to the world of confidential computing?
NIGEL EDWARDS
Back, maybe 10 years or so ago, we were working on memory fabrics, and memory driven computing. the idea was that, there would be massive amounts of data, which we surely are seeing. and that. this couldn't be processed in a single place. We would have to have, distributed memory and distributed computation devices.
and when you look inside a modern server chassis that is indeed, what is happening. So out of our memory driven computing work and work on memory fabrics. When we looked at that, we realized, well, actually, when you have all these different components that involve in processing the data, how do you know that nothing's gone wrong?
How do you know they're all in a good state? How do you protect that data? So we started looking at, what it would mean to secure a memory fabric. and then we became aware of other developments in other companies because a lot of technology advantages actually takes place by collaborating. Between multiple companies
and this, led to, discussions with the industry around how you secure memory fabrics. and it led eventually to a protocol. Called SPDM, which stands for Security Protocol and Data Model.
and this is, the protocol in confidential computing, which runs between, CPUs and GPUs so that the two entities can authenticate each other and the data passing between. a confidential computing environment in A CPU and a confidential computing environment in A GPU is protected by authenticated encryption.
several HPE employees were, named on the first author of SPDM and I can trace our contribution to that, right the way back to the work we were doing on the machine and memory driven computing.
MICHAEL BIRD
And we've continued to work on confidential computing protocols over the years.
Like it's, that's continued to
NIGEL EDWARDS
We, we continue to work within the community. We're collaborating today, with our, partner suppliers within the ecosystem. We're collaborating within the confidential computing consortium, which is an industry consortium established to promote.
Confidential computing in 2019.
So why are we talking about confidential computing now? Like have there been technical advancements that have meant that this is now a significantly more viable technology to implement within our organizations?
So SPDM is relatively new.
that's only, been around for a few years. and actually it's not even fully in silicon today. it's coming. There have been announcements from various vendors where SPDM is being deployed in silicon to enable this. the technology's still evolving, still maturing.
MICHAEL BIRD
so what are the current limits of confidential computing? is this something that only nation states? Today would be using or, is this something that we are likely to start to see as just the standard way that organizations protect data?
NIGEL EDWARDS
I don't think today there is, an easy button for confidential computing. and there are services that need to be put in place. there's tooling that needs to be put in place to construct, a confidential virtual machine, which we are working towards, and this has to be done.
we need a common set of tooling across different vendors. and we need common services, which is why we made our attestation service open source.
And if we can get that right, then I think in maybe five years or so, it will become a regulatory requirement for sensitive data to be protected by these technologies.
MICHAEL BIRD
similar to how, there are, regulatory, requirements for handling the credit card information, like it all sort of form part
NIGEL EDWARDS
that.
It will perform part of that. And, if you're not using it then you won't be in compliance with the regulations.
MICHAEL BIRD
And do you foresee a world where this just becomes the standard way organizations just, you know, go about. managing
NIGEL EDWARDS
data? we will get to the point where, the default will be that this is turned on when you create virtual machines.
and also applies to containers as well. Like it's using the same underlying technology. but for deploying virtual machines or deploying container workloads, the confidential computing capability will just be turned on and developers and system users.
they won't even be aware. It's turned on.
MICHAEL BIRD
are we at the stage where actually there isn't a particularly big.
big
Resource overhead because, you know, are we at a stage where actually it's sort of a negligible overhead?
NIGEL EDWARDS
I think the good thing is, is that the, encryption algorithm that's used for this is AES, and AES, can be accelerated very efficiently by silicon. So, today, when we've got the harbor acceleration in place, the overhead for measuring is a order of a few percent, one 2%. For most workloads, maybe 5%.
sort of worst case. but you require the, the hardware acceleration, the capabilities in the silicon. I mentioned the SPDM, is not fully in the silicon yet, so we're having to basically emulate that in software so there you're seeing an overhead therefore of 10 to 20%, but that will go in the next generation of silicon.
So in a couple of years time. That will be back down to order of one 2%. which is negligible. You won't notice it. Okay.
MICHAEL BIRD
So, so what measures are put in place so people will trust a confidential computing environment?
NIGEL EDWARDS
So the foundation of confidential computing is something called a trusted execution environment. When a trusted execution environment starts. The process enters a special state and measures that. That measurement is signed, by a private key. It's known only to the processor that private key is certified by the vendor,
and that measurement, can be made available by the trusted execution environment to an external entity enabling them. To do two things. One is that very certification, right? Silicon certification gives you an assurance that that trusted execution environment is protected.
It's protected by data encryption, and it's protected from system administrative manipulating the memory to compromise the workload.
The
second thing it gives you is a measurement. So that measurement. Can be passed to a service to verify that against an expected measurement. So you know that actually, that trusted execution environment is running the expected code then the paradigm would be to provide that trusted execution environment with a key.
from which it could load confidential data, Load that data into memory, decrypt it, and start to process it. So, for example, load the database into memory, decrypt the database and start processing the data on it. Load the data and the AI model into memory, decrypt those and start using it.
MICHAEL BIRD
Got it. Nigel, thank you so much, uh, for your time. It's been a real pleasure chatting
NIGEL EDWARDS
Thank you.
MICHAEL BIRD
You know what Sam? I love, learning new terminology that I've never heard before. That's one of the best things about doing this podcast. I've never heard of confidential computing until I sat down and had this conversation with Nigel. is it new to you? Have you heard of it before?
SAM JARRELL
the term is new to me. I feel like the concept. In an abstract way is not new. we touched on our own, like personal analogies of this idea, but it also makes me think of zero trust. it's kind of similar in that regard, but this was the first time I'd heard an extensive conversation around this.
MICHAEL BIRD
Yeah, so the, concept is that data is encrypted in rest, and data is encrypted in transit. but where it is not encrypted is when that data is being processed or often it isn't encrypted when that data's being processed.
and that's where that data can be vulnerable. And, there is particularly internal vulnerabilities. So if there is a cis admin that Falls victim to a phishing attack, or if there's just somebody internally that's has malicious intent, they can then potentially get access to that data that's being processed.
it's interesting because it's not something that I've thought about and I think one of the things Nigel said this will be the default.
Like this would basically become a regulatory, requirement if you are handling that sort of data,
SAM JARRELL
Yeah. it seems like it gets more and more difficult every single day to secure anything we've had some episodes recently where we've even talked about Quantum cryptography. Right? Like, it seems as though this is just like table stakes though, is the assumption that you need to be like, doing absolutely everything possible to protect your data, not just from like bad actors, but from yourself to some degree.
because even your own people be weak points in your infrastructure and in your organization.
MICHAEL BIRD
you made the right point with Zero trust. Like the thing with zero trust is you go from trust no one, and you provide access. as and when it's needed. And it's sort of a similar concept to this of, just because they're cis admin, just because they have.
Elevated privileges doesn't necessarily mean they need access to that data. Because if they don't need it, if they have access to it, then.
Other people can have access to it. And really it's about making sure that environment is as secure as possible. I love the phrase protected enclave. I think that summarizes it quite nicely.
SAM JARRELL
I think so too. he was basically discussing sort of that very secure environment, as the, starting point for when you can actually get access to this data. but again, it goes back to the conversation of like, does everyone actually need to be within that enclave? his example felt very, very poignant of when an inside actor can, take your whole organization down.
MICHAEL BIRD
I would agree with you on that. And it's quite a thoughtful point, isn't it?
Anyway, so the final thing I wanted to ask Nigel was how well confidential computing is intending to be developed alongside emerging forms of post quantum cryptography. I mean, to some extent they sort of contradict each other.
NIGEL EDWARDS
the fundamental encryption algorithm that's used in confidential computing is AES. So AES 256,
is actually the standard algorithm that, the American National Institute of Standards in Technology, are advising, recommending for security against the quantum computer.
today, they are using algorithms which are, thought to be vulnerable to a quantum computer, ECDSA, RSA. Those need to be changed to the newer PQC algorithms, in particular M-L-D-S-A. So, future versions of silicon will switch to using. M-L-D-S-A instead of RSA or E-C-D-S-A to sign measurements, uh, of, of trusted execution environments. so what will happen is that the paradigm is fundamentally secure. We will need to update some of the firmware. to use PQC algorithms.
SAM JARRELL
Okay that brings us to the end of Technology Now for this week.
Thank you to our guest, Dr Nigel Edwards
And of course, to our listeners.
Thank you so much for joining us.
MICHAEL BIRD
If you’ve enjoyed this episode, please do let us know – rate and review us wherever you listen to episodes and if you want to get in contact with us, send us an email to technology now AT hpe.com subject line…
SAM JARRELL
Trusted Enclave.
MICHAEL BIRD
Trusted Enclave or SPDM. Either. Subject line is fine.
and don’t forget to subscribe so you can listen first every week.
Technology Now is hosted by Sam Jarrell and myself, Michael Bird
This episode was produced by Harry Lampert and Izzie Clarke with production support from Alysha Kempson-Taylor, Beckie Bird, Nicola McCombie Alissa Mitry, and Janessa Ayache. Our theme music was composed by Greg Hooper.
SAM JARRELL
Our social editorial team is Rebecca Wissinger, Judy-Anne Goldman and Jacqueline Green and our social media designers are Alejandra Garcia, and Ambar Maldonado.
MICHAEL BIRD
Technology Now is a Fresh Air Production for Hewlett Packard Enterprise.
(and) we’ll see you next week. Cheers!
SAM JARRELL
Bye y’all