By Nikhil Deshpande, Sr. Director of Product Management, Intel Corp.
Today at Intel, we are proud to announce a significant milestone in our journey towards a more secure digital world: the general availability of Intel Trust Authority, a groundbreaking suite of trust and security services. In its first release, Intel Trust Authority attests to the validity of Intel Confidential Computing environments, also known as Trusted Execution Environments (TEEs).
In recent years, Confidential Computing has emerged as a powerful safeguard, offering end-to-end protection for in-use code and data. Industries such as financial services, government, retail, healthcare, and cloud service providers have recognized its potential, especially in highly regulated environments.
Additionally, many organizations are keen to shield their invaluable intellectual property, particularly when running machine learning and artificial intelligence models in multi-tenant environments.
What is Intel Trust Authority attestation service and why does it matter?
Confidential Computing, at its core, revolves around the protection of data in use through secure, hardware-based enclaves. The goal is to shield data and code within a Trusted Execution Environment from malicious agents on the hardware platform. This isolation is designed to protect against unauthorized access and modifications to in-memory applications and data, bolstering data security.
However, to truly unlock the potential of Confidential Computing and meet the evolving demands of complex computing environments, we recognized the need for three key advancements:
Independent attestation: Traditional cloud service architectures often rely on self-attestation by the infrastructure provider. In today's landscape of "separation of duties," independent attestation by a neutral third-party has become imperative for securing sensitive workloads.
Consistent, scalable attestation: With the proliferation of multiple cloud and hybrid cloud deployments, ensuring consistent and scalable attestation coverage across various vendors and environments has become essential.
Easy to deploy: The Confidential Computing attestation is a SaaS, making it simple to deploy and scale over time.
Previously known by its codename Project Amber, the attestation service under Intel Trust Authority was designed to address these needs head-on. It revolutionizes attestation by separating it from the infrastructure vendor, much like certificate authorities assert identity independently.
This architectural independence empowers Intel Trust Authority to offer a vendor-agnostic security service, ensuring transparency and auditability directly to the workload owner. With an initial service level agreement guaranteeing 99.95% uptime, Intel Trust Authority is poised to enable new critical use cases across various industries:
Multi-party collaboration: When multiple parties need to compute data in collaborative scenarios, such as AI environments, Intel Trust Authority safeguards intellectual property and personally identifiable information.
Edge-to-cloud: Intel Trust Authority helps ensure the integrity of both edge and cloud environments, a critical consideration in today's distributed computing landscape.
Cloud services: In environments that benefit from mutual attestation, for example verification of a TEE at the edge and a TEE in a central cloud prior to exchanging information, Intel Trust Authority establishes that trust seamlessly.
Intel Trust Authority is not just about the here and now; it's about paving the way for the future of cloud computing beyond Intel. NVIDIA plans to collaborate with Intel to offer attestation services for NVIDIA H100 GPUs via Intel® Trust Domain Extensions and the Intel Trust Authority attestation service. Users will have the option of making separate attestation calls to the NVIDIA Remote Attestation Service (NRAS) for GPU attestation and Intel Trust Authority for the CPU attestation, or they can make a single request to Intel Trust Authority and collect all the required evidence for CPU and GPU from a single service. NVIDIA customers can also use the Intel Trust Authority Policy definition and appraisal capabilities for both CPU and GPU TEEs.
Cloud providers are increasingly recognizing the importance of the "separation of duties" concept in ensuring trust and security. Microsoft Azure, for example, has worked closely with Intel to ensure interoperability between their attestation and Intel Trust Authority attestation so customers can transition between the two platforms effortlessly, preserving their chosen attestation properties.
As we continue to innovate and collaborate with industry leaders like NVIDIA and Microsoft Azure, we're excited to redefine what's possible in the world of cloud computing, because at Intel, we know the cloud is the future. And now with Intel Trust Authority, the future is trustworthy.
Learn more about Intel® Trust Authority here.
Nikhil M. Deshpande is currently the Senior Director of Security and Chief Business Strategist for Project Amber in the Office of the CTO at Intel. In prior roles, he led silicon security strategic planning in the Data Center Group as well as managed numerous security technologies research in Intel Labs including privacy preserving multi-party analytics. Nikhil has spoken at numerous conferences and holds 20+ patents. He holds M.S. and Ph.D. in Electrical & Computer Engineering from Portland State University. He also has M.S. in Technology Management from Oregon Health & Science University.