Blockchain and trusted execution create trust
SCS combined blockchain technology with trusted execution environments. This leads to confidentiality, auditability and transparency in the processing of sensitive data.
-
Situation
Since the revelations by Edward Snowden, a lot has happened in terms of data protection: Today, the majority of digital communication is encrypted.
However, data is often processed unencrypted and without auditability, which is a crucial weakness in the overall system. Cyber criminals like to exploit this. -
Solution SCS
SCS combines blockchain technology with trusted execution environments. This ensures data protection for both B2B and B2C applications. In addition, it creates auditable transparency about processes and the use of sensitive data.
-
Added value
The SCS solution complements current solutions for "data in transit" and "data at rest" with the protection of "data in use". For example, patients can release their health data for precisely defined analyses and can be assured that no one but the patient himself has read access to the data and that only the agreed analyses can be carried out.
Project insights
We have become accustomed to the fact that we have to trust our IT administrators. Whereas in the past these were employees in the same company, today they are often bought-in cloud platforms or perhaps soon decentralised systems such as blockchains. Administrators can read and modify any data processed on a machine they manage. Unfortunately, this applies not only to the administrators we trust, but also to hackers who can gain administrator privileges. No company, no matter how qualified, is immune to such attacks.
Trusted Execution Environments (TEEs) provide a remedy here. In simple terms, a TEE is a processor-within-a-processor that can manage its own keys and only executes programmes whose fingerprint corresponds unchanged to the original. The guarantee for this is provided by the manufacturer of the processor, who ensures in hardware that no one has access to the internal keys of the TEE and that no one can read its working memory. Each TEE can be uniquely authenticated by the manufacturer, which means that every user can ensure that their Programis really running on a TEE - even if the machine is physically located in a remote data centre.
One of many use cases for TEEs is e-ticketing with privacy protection: Today, various "check-in" apps exist where operators analyse the movement profile of passengers in order to charge an appropriate ticket. Thanks to TEEs, such a service could be offered, demonstrably without making the passenger's movement profile visible to anyone but the passenger. The passenger's app would send the movement profile in encrypted form to the TEE. There, the ticket price would be calculated within the protected enclave and transferred to the payment process. To gain the trust of passengers, the operator should disclose the code executed in the TEE for external or even public auditing.
On behalf of Integritee, the Web3 Foundation in Zug and the Polkadot Council, Supercomputing Systems is developing a framework that massively simplifies the complexity of blockchain and trusted execution for developers and users. The combination of TEE technology with blockchain makes the use of TEE traceable and provable for everyone and creates transparency for processes that analyse user data.
Thanks to this solution from SCS, even smaller companies can implement "security by design" without becoming dependent on a cloud platform. And global corporations can increase their credibility in terms of data handling by enabling public auditability along with compliance with data protection laws.
