UPDATED 12:35 EST / SEPTEMBER 20 2023

SECURITY

Intel Trust Authority boosts confidential computing with remote verification of trust in any environment

Intel Corp. said today it has reached a key milestone in its mission to enable “confidential computing” with the general availability of Intel Trust Authority, a new service that attests to the validity of its Trusted Execution Environments.

Intel’s TEEs sit at the heart of its confidential computing strategy. Confidential computing is the term used to describe data encryption technology that safeguards information as it’s being processed.

While strong encryption already exists for data that’s sitting idly in a server or being transmitted across a network, the information needs to be decrypted into its original, readable form when it’s being used by applications. It means data-in-use is extremely vulnerable, and represents the best opportunity for hackers to steal confidential information.

Intel has been working to address this blind spot in data encryption with Software Guard Extensions or SGX, which is a set of security-related instruction codes built into some of its most advanced central processing units. SGX provides the ability to split off parts of a server’s memory into Trusted Execution Environments, or TEEs, which can be thought of as enclaves that are isolated from the rest of the machine.

TEEs are inaccessible not just for the other workloads, but also the hypervisor that manages hardware resources and even the operating system. This isolation offers a way to protect against unauthorized access and modifications to in-memory applications and data, bolstering data security.

However, while Intel’s SGX technology has been around for a while, confidential computing is not yet widespread due to the need for “independent attestation” as to the TEE’s authenticity by a neutral third party, rather than the infrastructure provider. This is necessary to give users confidence before they decrypt sensitive data in TEEs.

Intel Trust Authority, formerly known as Project Amber, is meant to solve this problem, separating attestation from the infrastructure, similar to how certificate authorities assert identity independently, Intel said. It’s a vendor-agnostic security service that ensures both transparency and auditability directly to the workload owner, scalable across multiple cloud and on-premises environments. It’s available as a software-as-a-service, making it simple to deploy on any infrastructure.

Intel said Trust Authority will enable new use cases including multiparty collaboration, providing partners with a way to safeguard their IP and personally identifiable information. It will also aid cloud services environments that can benefit from mutual attestation, verifying a TEE at the edge and a TEE in a centralized cloud prior to the exchange of information.

Holger Mueller, an analyst with Constellation Research Inc., said Intel is effectively offering a platform-as-a-service for secure attestation. “It makes a lot of sense to separate the cloud services from the attestation service for obvious security reasons, as you don’t want any prying eyes,” the analyst explained. “Intel is off to a good start, but now it needs to win over the enterprise.”

To do this, Intel’s attestation service is being launched in partnership with a number of industry-leading security players, including Thales SA, Zscaler Inc. and Leidos Inc. Thales said it is integrating Intel Trust Authority’s remote attestation service with its CipherTrust Data Security Platform, while Zscaler will offer the capability with its Zero Trust Exchange.

Other collaborators include Intel’s rival in the chipmaking industry Nvidia Corp., which will use Intel Trust Authority to provide attestation for its H100 graphics processing units that power many of the world’s artificial intelligence workloads. With this partnership, Intel said customers will have the option of making separate attestation calls to Nvidia’s Remote Attestation Service or a single call to Intel Trust Authority.

Intel said it has also worked closely with cloud services provider Microsoft Corp. to ensure interoperability between that company’s attestation service and Intel Trust Authority.

Photo: Intel

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU