Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1465 Discussions

Any example of encryption-decryption and remote attestation between the user and the public cloud?

Patiala
Beginner
644 Views

Dear Concern,

I am working with Intel’s PyTorch-SGX. I basically followed the example shown on Intel’s GitHub page (https://github.com/intel/sgx-pytorch/tree/sgx/enclave_ops) which demonstrates encryption-decryption of a deep learning model between the model owner and the remote cloud. But I did not find any demonstration between the user and the cloud.

My understanding is that before sending to the public cloud, first, the user needs to encrypt the test data to ensure security. The public cloud will decrypt it and send it to PyTorch’s enclave for making predictions. The public cloud will encrypt the prediction result and send it back to the user. The user will need to decrypt the prediction.   

I am not sure how can we do this. Can you please provide me with some examples (or some guidance) for exchange between the user (not the model owner) and the public cloud?

Thank you. 

0 Kudos
2 Replies
Iffa_Intel
Moderator
578 Views

Hi,

 

Before any sensitive data is sent to the CSP, the user needs to encrypt the data using encryption keys managed by SGX which are then passed to the enclave.

 

The enclave executes the PyTorch computations using the encrypted data which made the data that are sent back to the user from the enclave are encrypted using the same SGX-managed encryption keys.

 

As a result, the user, whose machine has the decryption keys, receives the encrypted outcome and then decrypts the data.

The SGX + PyTorch repo is outdated and is not fully supported, so we recommend using Gramine and PyTorch Curated applications. Some samples are below:

 

 

This video might help to illustrate the process to you as it demonstrates the set-up process for one of Intel® Software Guard Extensions (Intel® SGX) enhanced confidential containers and the PyTorch workload set-up

 

Cordially,

Iffa


Iffa_Intel
Moderator
525 Views

Hi,


Intel will no longer monitor this thread since we have provided a solution. If you need any additional information from Intel, please submit a new question. 


Cordially,

Iffa


0 Kudos
Reply