If you’re interested in Confidential Computing to encrypt data and applications in use, then you must be interested in attestation, because, without it, you’re not doing Confidential Computing right. Specifically, without attestation, you really don’t have the documented assurance you need to satisfy regulators (or your boss, for that matter) that you’ve done all you could to protect the sensitive data belonging to your organization, partners, citizens or customers.
In this blog post, we will run through why attestation is a necessity for Confidential Computing, and make the argument that doing attestation remotely is the way to go for the highest level of security.
Confidential Computing and attestation 101
Let’s back up for a second and remind ourselves what Confidential Computing is, as well as define attestation.
Confidential Computing is the protection of applications and data in use by a hardware-based Trusted Execution Environment or TEE.
One way to think of TEEs are as “mini vaults” physically located inside a CPU where data and applications can be encrypted while in use, thereby shoring up a known security risk of cloud computing.
TEEs are widely available in today’s modern data centers, specifically those running IntelⓇ SGX secure enclaves or AMDⓇ SEV technologies.
The key benefit TEEs offer is isolation from the host running your workload. You can run applications in the public cloud, on premises or in the edge, and have cryptographic assurances that no one with access to the host system – hypervisor access, kernel access, admin access, even standard hardware access – can tamper with your intellectual property.
This, specifically, is Type 3 – workload from host – isolation, and is provided by TEEs such as AMD’s SEV and Intel’s SGX – though not, crucially, by AWS Nitro, which does not provide Confidential Computing capabilities as defined by the Confidential Computing Consortium.
Attestation solves a fundamental concern of Confidential Computing: it assures us that the right code has been loaded into the TEE and that the code is not malicious. It also determines what the application code will do with the information.
Attestation is an alternative approach to authentication which identifies the code that is receiving the data rather than a person or organization. The idea of attestation is to provide evidence that all was set up correctly. It verifies the:
- the integrity of the application code and data
- the confidentiality of application data
Without attestation, you’re not really doing Confidential Computing.
Getting back to our topic, let’s consider a scenario where you want to deploy an application using Confidential Computing on a public cloud. You ask your Cloud Service Provider (CSP) to deploy it. The CSP does so. Great – your application is now protected: or is it? How would you know? More importantly, if you needed to, how could you prove it?
The best way to get documented assurance that things were done properly is to take advantage of a capability that TEE chips provide called an attestation measurement. This checks and confirms that a TEE instance was launched correctly and that your application was deployed into it.
How does attestation work?
You (or your application) asks the TEE-enabled chip to perform a cryptographically signed measurement of the TEE set-up (which is basically a set of encrypted memory pages). It does so, and that measurement can then be checked to ensure that it has been correctly set up.
So, how do you do that checking?
Doing a proper cryptographic check of an attestation measurement – the attestation itself – is surprisingly tricky. Unless you’re an expert in TEEs and Confidential Computing – and one of the points of Confidential Computing is to make it easy for anyone to use these capabilities – then you probably don’t want to be doing it yourself. (Note, it took Profian several years to perfect this!)
If you aren’t going to do it, another option is for the validation to be done by the host machine that’s running the TEE. But wait a moment – that makes no sense! You’re trying to isolate yourself from that machine and anyone who has access to it: that’s the whole point of Confidential Computing.
This is why it’s imperative to have a remote attestation service – a service running on a different machine that can be trusted to validate the attestation and either halt execution if it fails or let you know so that you can halt execution.
Final words of advice
As you roll out your holistic IT security strategy, hopefully with a Confidential Computing platform to protect the known security vulnerability of encrypting data and applications in use, please ensure you are using a trusted third-party attestation service. This is not merely a best practice. It is an absolute necessity!