Intel, Customs Cooperating to Foster Trust in Trade

By Linda Cheung, Clifton Roberts, and Nikhil Deshpande

At its core, trust is the foundation upon which business can flourish between companies and trade between nations. Frequently, however, trust is not blind. Geopolitical differences and conflict can further erode this trust. Anil Rao, VP & GM of Intel’s Systems Architecture & Engineering group, has said that “this concept of trust is evolving in the digital world, where we must trust the computational infrastructure before we can trust the information it presents us.”

In the world of international trade, very sensitive data is exchanged between individuals, businesses and governments, Rao’s statement holds true in that mutually distrusting parties like Customs agencies and private sector companies remain reluctant to modernize their technology infrastructures, leveraging cloud computing environments and Trusted Execution Environments (TEE). But how are parties to “trust” the TEE’s origin or current state, apart from relying on a data exchange platform’s “self-attestation”? In essence, how do we assure trust in a TEE?

Securing Security with Intel Software Guard Extensions

The confidentiality and integrity of data are cornerstone properties in securing the exchange of information via technology. The use of cryptography, in conjunction with more traditional access control and other separation mechanisms, is now widespread, well understood, and accepted when protecting data at rest or in motion. As we rely more and more on computing environments that we often do not directly control, such as those we see today with various cloud computing models, there is heightened interest in the use of these technologies to protect data that is actively moved, stored, or processed.

Confidential Compute has its roots in the long and rich history of security, where the role of hardware-based trusted execution environments is key. One such environment is Intel® Software Guard Extensions (Intel® SGX). 

Intel SGX helps create a trusted execution environment, which allows for the private and accurate exchange of Customs data. Private businesses regularly submit, and often manually track, cross-border declarations to Customs agencies. They must also quickly respond to any additional Customs requirements or questions to prevent or avoid shipment delays. Meanwhile, Customs officials receive and process these declarations, validating the required data and documents to complete the slow, arduous work of screening for potential fraud before deciding to release or reject the declarations. There is a deluge of data to manage and a need for efficiencies and improved methods for harvesting better insights from this data.

As Intel Chief Trade Officer Jeff Rittener wrote in a recent article in a Customs industry journal, “To ensure the security of data reporting, Intel has developed Intel Software Guard Extensions, a set of instructions that create trusted zones in different data sources, increasing the security of application code and data, giving them more protection from disclosure or modification. When built in a blockchain-based environment and in federated learning solutions, they help improve data accuracy, transparency, and security.”

Intel SGX changes what is possible, providing an easier way for private businesses to effortlessly provide data needed by governments while still protecting their proprietary information. With Intel SGX, the tracking of correspondence and submission status between businesses and Customs can be automated, and more precise insights can be developed from all the data being exchanged, while keeping it confidential.

The progress society has made and the challenges industry still faces require disruptive innovation. Such security-focused hardware makes it possible to deliver protection while data is being processed within secure enclaves. And Rao reminds us that “new cases like machine learning are emerging rapidly to take advantage of this enhanced confidentiality.” However, Rao responsibly asks, “How do we know that the enclave isn’t a malicious actor posing as a TEE, tricking the software into running its sensitive workload where someone else can access that data?” Enter Project Amber.

Project Amber

As illustrated in a recent publication by Intel security executives, “over the next decade, confidential computing will become an everyday norm for organizations that manage sensitive, competitive, personally identifiable, and regulated data.” Further, according to the publication’s authors Nikhil Deshpande and Raghu Yeluri, “next-generation forms of trust are needed to match the major, quickening shifts in computing infrastructure and enterprise usage.” Thus, Intel is breaking ground with Project Amber, an independent trust authority using SaaS-based implementation that can verify and attest to trustworthiness remotely in public/private multi-cloud environments for third-party attestation.

As stated by Greg Lavender, Intel Senior Vice President and Chief Technology Officer, and General Manager of the Software and Advanced Technology Group (SATG), “With the introduction of Project Amber, Intel is taking confidential computing to the next level in our commitment to a zero trust approach to attestation and the verification of computing assets at the network, edge, and in the cloud.”

International Trade Use Cases

Intel’s International Trade Group (ITG) is pioneering work on just such a Project Amber–related use case. Intel’s confidential compute technologies help facilitate safe, secure trade enabled by intelligent trade systems. Intel has leveraged these solutions in its Digital Trade Acceleration Initiative (DTAI), which advances confidential compute solutions that bring together software, silicon, and data processing platforms. DTAI also leverages up-to-date voluntary international standards to ensure global, harmonized attestation of trade attributes. 

Intel is focused on its international trade strategy, vision, and trade modernization-related use cases, including engagement with Association of Southeast Asian Nations (ASEAN)-based Customs agencies. Through these relationships, Intel is moving forward in pathfinding efforts to overlay Project Amber’s remote verification of the trustworthiness of computing assets in the cloud with trade-related confidential compute architectures being socialized to ASEAN Customs regimes.

For example, in a unique approach to cultivating relationships with Customs regimes, Intel has gone beyond working with Customs officials as authorities alone. Rather, Intel is now working with the very agencies tasked with protecting national borders as both customers and fellow innovators. Intel engaged SAP to deliver a proof of concept (POC) for the General Department of Vietnam Customs, developing a working confidential compute prototype to promote to the U.S. ASEAN Business Council and its member nations. Also, through extensive engagement with other governments around the globe, Intel is currently working on a blueprint architecture that underscores the potential of confidential compute technologies and Trust as a Service to optimize the flow of information between Customs agencies and companies to:

• Ease blockchain network setup.
• Establish clear data security and collaboration rules.
• Enforce standard data models.
• Automate report processing.
• Offer unalterable transaction history.

Intel’s vision of automating and protecting cross-border trade that brings modernization and trustworthiness to Customs processes will continue to be complemented by security-focused, hardware innovation like Trust as a Service.

Trust as a Service Can Bridge the Gap

In a world of geopolitical differences and conflict, and as organizations carry on with grasping the fundamentals of the value of the cloud, security has never been more top of mind and critical to the continued improvement of our lives. Trust is not complete without security, and with Project Amber, Intel is raising the bar with respect to confidential compute technology in a zero trust approach to attestation and verification of compute assets at the network, edge, and cloud. And the building blocks of trust in a confidential compute environment are established through attestation, described herein. The verification of this trustworthiness is a critical requirement for businesses and governments to protect their data and intellectual property, especially as they move sensitive workloads to the cloud. To raise trust assurance and drive forward the promise of confidential computing for the good of society, Intel’s Project Amber is the first step in creating a new multi-cloud, multi-TEE service for third-party attestation.

Learn More About Intel SGX

Learn More About Project Amber

About the Authors

Linda Cheung and Clifton Roberts are directors at Intel’s International Trade Group.
Nikhil Deshpande, Ph.D., is a senior director at Intel’s Software & Advanced Technology Group.

References

• Anil Rao, Securing AI—and Other Leading Use Cases—with Confidential Computing, 5-11-2022

• Intel News Room, Intel Introduces Project Amber for Cloud-to-Edge and On-Premises Trust Assurance, 2022

• Jeff Rittener, Protecting Importers’ Information While Improving Customs Controls, WCO News, 2022
• Intel Corporation, Project Amber web page, 2022
• Nikhil Deshpande, Raghu Yeluri, Advancing Confidential Computing with Intel’s Project Amber, 2022
• Ron Perez, Achieving the Promise of Confidential Computing, IEEE Computer Society, 2021
• Everest Global, Inc., Confidential Computing – The Next Frontier in Data Security, 2021

Notices & Disclaimers

No product or component can be absolutely secure. Your costs and results may vary.
© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.