Adi Ben-Ari, Founder & CEO, Applied Blockchain
The annual cost of annual cybercrime worldwide is forecast to reach US $6 trillion this year, representing grand larceny on a truly historic scale. The value of cybercrime is almost that of the combined GDP of the UK and Germany. The figure shows that efforts to stem the tide of cybercrime are failing.
Typically, the financial services sector is the most heavily targeted by cybercriminals. They are drawn to the sensitive data on individuals, businesses, and governments held by banks and other financial institutions. Cybercrime is widely cited as the number one risk by business leaders.The annual cost of annual cybercrime worldwide is forecast to reach US $6 trillion this year, representing grand larceny on a truly historic scale Click To Tweet
There is no single solution to this, but the good news is that highly sophisticated new data privacy technology is becoming available in the mainstream – and use of blockchain is accelerating its development. The so-called privacy-preserving technologies are creating opportunities across a range of business applications. For the software industry, the implications are profound, but it’s the hardware secure enclaves offering greater functionality, speed, and scalability that are particularly exciting.
Hardware secure enclaves, or HSEs, enable computation to be conducted in a dedicated secure area of a computer chip that cannot be accessed by the operating system. This means that even the system administrator of a machine, or someone with physical access to the hardware, is not able to gain access to the data being processed. It’s more than just watertight.Hardware secure enclaves, or HSEs, enable computation to be conducted in a dedicated secure area of a computer chip that cannot be accessed by the operating system Click To Tweet
The new technology, initially developed by Intel, means that for the first time, companies can offer cloud infrastructure and software services without having any access to the data that is processed. Secure enclaves are now implemented by all the leading chip manufacturers.
Blockchain accelerates advances in cryptography
Data privacy started with cryptography, a branch of computer science, for military usage – encoding messages. Today, using private and public key infrastructure, cryptography enables messages to be encrypted so that they cannot be inspected in transit and data to be digitally signed to verify its origin. This technology is now commonplace, such as in encrypted text messages on WhatsApp, secure browser identification of online banking websites or digital signatures of documents.
This is where blockchain comes in. Cryptography also underpins the security of blockchain distributed ledgers. Public blockchains are completely transparent, and the need to enable third parties to validate transactions on a distributed ledger, without sharing the transaction details, has led to significant advances in data privacy technology. Examples include zero-knowledge proofs, secure multiparty computation, and fully homomorphic encryption, all of which use only software-based cryptography, enabling them to run on any system.Public blockchains are completely transparent, and the need to enable third parties to validate transactions on a distributed ledger, without sharing the transaction details, has led to significant advances in data privacy Click To Tweet
But software-based cryptography systems have drawbacks. These include extensive computation requirements, leading to relatively slow performance and scalability issues; nascent custom cryptographic algorithms are not yet matured, extensively tested, or endorsed by leading industry and government bodies; and they lack depth in functionality, meaning that while simple functions are possible, complex functions are relatively difficult or inefficient.
Hardware secure enclaves gaining traction
An alternative technical approach to data privacy – one that’s gaining traction – is the use of hardware secure enclave environments. HSEs are already used to store cryptographic private keys and secrets, using Hardware Secure Modules (HSMs) in our mobile devices (e.g. Apple Pay) and cloud services (e.g. Azure Key Vault).
The beauty of HSEs is that they allow code to be executed in private with no access given to the host computer or operating system. Their execution and storage environment are inaccessible to the operating system and user no matter what privileges the user has. The chip achieves this by encrypting data before storing it and only decrypting it at runtime within the enclave.The beauty of HSEs is that they allow code to be executed in private with no access given to the host computer or operating system. Their execution and storage environment are inaccessible to the operating system and user Click To Tweet
The technology is already being used. In artificial intelligence, it can perform privacy-preserving natural language processing (NLP) and use machine learning to gain insights from fully encrypted sensitive data belonging to different parties, while providing assurance that the encrypted data provided by the parties is never revealed, even to the host.
GDPR data minimisation
An HSE is ideal for holding personal identifiable information (PII) because it can increase General Data Protection Regulation (GDPR) data minimisation compliance and reduce cyber risk. Sensitive customer data is never revealed to the host, and only computation enabled in the enclave can be performed. This provides maximum compliance with GDPR and, in particular, the Data Minimisation principle, while still enabling value to be extracted from the personal data – for example, proof of properties that don’t reveal actual personal data, such as proof of age.Major cloud hosting providers have all already launched “confidential computing” capabilities based on hardware secure enclaves in order to offer this level of privacy Click To Tweet
For cloud hosting, the technology offers clear advantages. An application that is hosted by a third party (e.g. Amazon AWS, Google Cloud, Microsoft Azure) carries a risk that the cloud provider, one of its employees or an intruder, may access a device directly and gain access to data. But if an application runs in a secure enclave, even if that enclave is hosted in the cloud by a third-party cloud provider, then the data in it cannot be accessed, even if an intruder has physical access to the device. Major cloud hosting providers have all already launched “confidential computing” capabilities based on hardware secure enclaves in order to offer this level of privacy.
It should be noted that using a secure enclave, or any other privacy technology, on its own does not necessarily protect the data. The cloud providers offer the secure enclave to businesses. The latter can then choose to deploy their applications to store and process sensitive data inside the enclave and not take it out – so it is absolutely safe and secure. However, if businesses choose to deploy an application into the enclave that enables sensitive data to come out of the enclave, then this clearly becomes less secure… in which case they no longer get the benefit of using the enclave. So, what is important is which data an application inside the enclave is designed to reveal to the host, and which remains hidden.GDPR gives individuals greater control over their personal data through policy enforcement on the part of the organisations collecting and processing that data Click To Tweet
GDPR gives individuals greater control over their personal data through policy enforcement on the part of the organisations collecting and processing that data. This means that the organisations and all their employees must always adhere to the policy, or the data will be compromised. Secure enclaves and other privacy-preserving technologies remove the need to trust these organisations, as the data is no longer revealed to them.
The GDPR Data Minimisation principle requires organisations to collect and process the minimum data required in order to conduct their business activities. Secure enclaves mean that it is now possible to perform certain functions and tasks without having direct access to the private data. Now that it is possible to do more with less data, the Data Minimisation principle implies that these methods must be used in order to be compliant.The best way to protect data is to not share or reveal it. Secure enclave technology and data minimisation won’t eliminate US$6 trillion of cybercrime, but it will make discernible inroads Click To Tweet
At Applied Blockchain, we help organisations to use secure enclave technology to increase GDPR Data Minimisation compliance and reduce cyber risk.
The best way to protect data is to not share or reveal it. Secure enclave technology and data minimisation won’t eliminate US$6 trillion of cybercrime, but it will make discernible inroads by ensuring that our personal identifiable information is genuinely better secured.