Determine security ramifications to protect personal data and information
92 Discussions

Intel, Customs Cooperating to Foster Trust in Trade

3 1 3,225

By Linda Cheung, Clifton Roberts, and Nikhil Deshpande

At its core, trust is the foundation upon which business can flourish between companies and trade between nations. Frequently, however, trust is not blind. Geopolitical differences and conflict can further erode this trust. Anil Rao, VP & GM of Intel’s Systems Architecture & Engineering group, has said that “this concept of trust is evolving in the digital world, where we must trust the computational infrastructure before we can trust the information it presents us.”

In the world of international trade, very sensitive data is exchanged between individuals, businesses and governments, Rao’s statement holds true in that mutually distrusting parties like Customs agencies and private sector companies remain reluctant to modernize their technology infrastructures, leveraging cloud computing environments and Trusted Execution Environments (TEE). But how are parties to “trust” the TEE’s origin or current state, apart from relying on a data exchange platform’s “self-attestation”? In essence, how do we assure trust in a TEE?

Securing Security with Intel Software Guard Extensions

The confidentiality and integrity of data are cornerstone properties in securing the exchange of information via technology. The use of cryptography, in conjunction with more traditional access control and other separation mechanisms, is now widespread, well understood, and accepted when protecting data at rest or in motion. As we rely more and more on computing environments that we often do not directly control, such as those we see today with various cloud computing models, there is heightened interest in the use of these technologies to protect data that is actively moved, stored, or processed.

Confidential Compute has its roots in the long and rich history of security, where the role of hardware-based trusted execution environments is key. One such environment is Intel® Software Guard Extensions (Intel® SGX). 

Intel SGX helps create a trusted execution environment, which allows for the private and accurate exchange of Customs data. Private businesses regularly submit, and often manually track, cross-border declarations to Customs agencies. They must also quickly respond to any additional Customs requirements or questions to prevent or avoid shipment delays. Meanwhile, Customs officials receive and process these declarations, validating the required data and documents to complete the slow, arduous work of screening for potential fraud before deciding to release or reject the declarations. There is a deluge of data to manage and a need for efficiencies and improved methods for harvesting better insights from this data.

As Intel Chief Trade Officer Jeff Rittener wrote in a recent article in a Customs industry journal, “To ensure the security of data reporting, Intel has developed Intel Software Guard Extensions, a set of instructions that create trusted zones in different data sources, increasing the security of application code and data, giving them more protection from disclosure or modification. When built in a blockchain-based environment and in federated learning solutions, they help improve data accuracy, transparency, and security.”

Intel SGX changes what is possible, providing an easier way for private businesses to effortlessly provide data needed by governments while still protecting their proprietary information. With Intel SGX, the tracking of correspondence and submission status between businesses and Customs can be automated, and more precise insights can be developed from all the data being exchanged, while keeping it confidential.

The progress society has made and the challenges industry still faces require disruptive innovation. Such security-focused hardware makes it possible to deliver protection while data is being processed within secure enclaves. And Rao reminds us that “new cases like machine learning are emerging rapidly to take advantage of this enhanced confidentiality.” However, Rao responsibly asks, “How do we know that the enclave isn’t a malicious actor posing as a TEE, tricking the software into running its sensitive workload where someone else can access that data?” Enter Project Amber.

Project Amber

As illustrated in a recent publication by Intel security executives, “over the next decade, confidential computing will become an everyday norm for organizations that manage sensitive, competitive, personally identifiable, and regulated data.” Further, according to the publication’s authors Nikhil Deshpande and Raghu Yeluri, “next-generation forms of trust are needed to match the major, quickening shifts in computing infrastructure and enterprise usage.” Thus, Intel is breaking ground with Project Amber, an independent trust authority using SaaS-based implementation that can verify and attest to trustworthiness remotely in public/private multi-cloud environments for third-party attestation.

As stated by Greg Lavender, Intel Senior Vice President and Chief Technology Officer, and General Manager of the Software and Advanced Technology Group (SATG), “With the introduction of Project Amber, Intel is taking confidential computing to the next level in our commitment to a zero trust approach to attestation and the verification of computing assets at the network, edge, and in the cloud.”

Case Study: KYG.Trade* CEO, Todd Smith, on Project Amber

KYG.Trade is the first Know Your Good Attestation Platform and Marketplace* and we are super excited about Intel’s Project Amber!

We deliver next-gen global trade and ESG regulatory tech using web 3.0, AI, ML, blockchain, confidential computing, and massive computing power to compliance fingertips at an affordable price. Our customers span the globe (and the emerging nascent Metaverse) and range in size from e-commerce SMEs to the Fortune 50.

The accuracy of trade-in-goods and trade-finance import, export, and ESG attestations depends on access to “atomic-level” attribute data. The attribute data consists of sensitive trade secret intellectual property contained in technical drawings, specifications, recipes, ingredients, sources of supplies, and bills of material. While the source data remains in place at rest, attribute metadata must make its way into our cloud oracles for analysis. So how do we assure CEOs and IT security that their sensitive data is secure? We deploy using Intel’s Project Amber.

The Project Amber value proposition for KYG.Trade is multi-dimensional. First, as a startup competing against well-known ERP, GRC, and GTM brands, delivering SOC2 enterprise-grade confidential computing is essential. With Project Amber, KYG.Trade goes further by enabling customers’ data to be accessed and processed in a zero trust environment.

Why do we want a zero trust environment? Because zero trust means that all users and devices are authenticated and authorized before accessing any cloud resources. Second, because numerous jurisdictions prohibit cross-border data transmission, Project Amber enables KYG.Trade to deploy securely on any cloud service provider (CSP) and location. Finally, Project Amber allows us to achieve zero trust attestation affordably in jurisdictions where a Tier 1 CSP is either cost prohibitive or does not exist.

Using KYG.Trade and Intel’s Project Amber, IT security can rest easy while global-trade, trade-finance, and ESG compliance teams review and audit more with less.


International Trade Use Cases

Intel’s International Trade Group (ITG) is pioneering work on just such a Project Amber–related use case. Intel’s confidential compute technologies help facilitate safe, secure trade enabled by intelligent trade systems. Intel has leveraged these solutions in its Digital Trade Acceleration Initiative (DTAI), which advances confidential compute solutions that bring together software, silicon, and data processing platforms. DTAI also leverages up-to-date voluntary international standards to ensure global, harmonized attestation of trade attributes. 

Intel is focused on its international trade strategy, vision, and trade modernization-related use cases, including engagement with Association of Southeast Asian Nations (ASEAN)-based Customs agencies. Through these relationships, Intel is moving forward in pathfinding efforts to overlay Project Amber’s remote verification of the trustworthiness of computing assets in the cloud with trade-related confidential compute architectures being socialized to ASEAN Customs regimes.

For example, in a unique approach to cultivating relationships with Customs regimes, Intel has gone beyond working with Customs officials as authorities alone. Rather, Intel is now working with the very agencies tasked with protecting national borders as both customers and fellow innovators. Intel engaged SAP to deliver a proof of concept (POC) for the General Department of Vietnam Customs, developing a working confidential compute prototype to promote to the U.S. ASEAN Business Council and its member nations. Also, through extensive engagement with other governments around the globe, Intel is currently working on a blueprint architecture that underscores the potential of confidential compute technologies and Trust as a Service to optimize the flow of information between Customs agencies and companies to:

  • Ease blockchain network setup.
  • Establish clear data security and collaboration rules.
  • Enforce standard data models.
  • Automate report processing.
  • Offer unalterable transaction history.

Intel’s vision of automating and protecting cross-border trade that brings modernization and trustworthiness to Customs processes will continue to be complemented by security-focused, hardware innovation like Trust as a Service.

Trust as a Service Can Bridge the Gap

In a world of geopolitical differences and conflict, and as organizations carry on with grasping the fundamentals of the value of the cloud, security has never been more top of mind and critical to the continued improvement of our lives. Trust is not complete without security, and with Project Amber, Intel is raising the bar with respect to confidential compute technology in a zero trust approach to attestation and verification of compute assets at the network, edge, and cloud. And the building blocks of trust in a confidential compute environment are established through attestation, described herein. The verification of this trustworthiness is a critical requirement for businesses and governments to protect their data and intellectual property, especially as they move sensitive workloads to the cloud. To raise trust assurance and drive forward the promise of confidential computing for the good of society, Intel’s Project Amber is the first step in creating a new multi-cloud, multi-TEE service for third-party attestation.

Learn More About Intel SGX

Learn More About Project Amber


About the Authors

Linda Cheung and Clifton Roberts are directors at Intel’s International Trade Group.
Nikhil Deshpande, Ph.D., is a senior director at Intel’s Software & Advanced Technology Group.

Notices & Disclaimers

No product or component can be absolutely secure. Your costs and results may vary.
© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.

Tags (1)
1 Comment

Fantastic advancement  to digitize trade!

About the Author
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.