Some advances that were ahead of their time

20KleaguesBanner

Sometimes, advances in science must be done in small increments. Big jumps ahead are often not taken seriously. Sometimes the problem is that the technology is not ready, sometimes, someone with more influence or a better marketing revisits the idea, redefines the name and gets the credit. Here are some examples, but you can find many more in the literature.

In the end, the important question is not really about credit. It is about why the current scientific publishing and scientific dissemination mechanisms slow down some of the highly-relevant ideas….

Confidential computing and Trusted Execution Environments

According to the Wikipedia, “Confidential computing is a security and privacy-enhancing computational technique focused on protecting data in use. Confidential computing can be used in conjunction with storage and network encryption, which protect data at rest and data in transit respectively.” … “The technology protects data in use by performing computations in a hardware-based trusted execution environment (TEE).” …“Confidential data is released to the TEE only once it is assessed to be trustworthy.” … “It is often compared with other privacy-enhancing computational techniques such as fully homomorphic encryption, secure multi-party computation, and Trusted Computing.”

However, there is an important precedent of Confidential Computing, called Protected Computing.

The origin of the Protected Computing approach can be dated back to 1984 [1]. The lack of adequate hardware and software support made it unfeasible in practice at the time. The current concept of Protected Computing has its foundations on more recent work [2, 3].

The Protected Computing approach divides the code (and/or data) of an application into two or more parts. Some of these are protected and prepared to be executed in a secure trusted processor, while others are executed in a normal (untrusted) processor. In this way, the application is divided into two mutually dependent parts in such a way that:

– the public parts do not suffice to gain knowledge about the protected parts; and

– the communication trace between the parts is not enough  to gain knowledge about the protected parts

In a Protected Computing setting, different secure coprocessors can be used (even simultaneously) including TEEs and TEEs provided as a service.

 

[1] Schaumüller-Bichl1, I., Piller, E. A Method of Software ProtectionBased on the Use of Smart Cards and Cryptographic Techniques.Proceedings of Eurocrypt’84. Springer-Verlag. LNCS 0209, pp. 446-454. 1984

[2] Maña, Antonio (2003). Maña, A. Protección de Software Basada en Tarjetas Inteligentes. PhD Thesis. Málaga, Spain: University of Málaga.

[3] A. Mana and A. Munoz, “Protected Computing vs. Trusted Computing,” 2006 1st International Conference on Communication Systems Software & Middleware, New Delhi, India, 2006, pp. 1-7, doi: 10.1109/COMSWA.2006.1665152.