Confidential computing in the telco industry

May 28, 2021
In every country, mobile network operators (telcos) provide the infrastructure for the connectivity of people’s phones and the Internet of Things (IoT). Building and maintaining this essential network infrastructure is very capital intensive. In parallel decreasing prices for connectivity, such as cell-phone contracts, leads to an ever-increasing dilemma of high costs and lowering long-term revenues. This dilemma is further exacerbated by the tremendous success of social media and messaging services, such as WhatsApp and Instagram. These new ways of communication benefit on a global scale without having the costs of investment and maintenance of the infrastructure. So what is blocking telcos from leveraging more of their networks, the generated data and machine learning? Two things: data security and data privacy. This is where confidential computing comes into play, because for the first time in history it enables encryption-in-use, which goes beyond the already available encryption schemes for data-in-rest and in-transit. Therefore telcos can benefit from collaborative work around data and machine learning models without worrying about theirs or their customers’ data security and privacy. The avato platformChallenges around the successful application of machine learning Machine learning models are increasingly proving to be both valuable predictors for many sensitive decisions, but also valuable intellectual property (IP) for many organizations. For telcos this can be in areas such as network optimization, churn and fraud prediction. Developing the actual model, however, is only half the story. The other half is how do you deploy your model in settings where the data is sensitive, such as mobile network data, while protecting the IP of the model. Current options basically fall under two categories and both of them require someone to compromise on security and privacy. * The first option is for the data owner, e.g. telco, to move all their data over to the model owner. An option that has privacy and control risks for the data owner but also data breach risks for the model owner. * The second option is an on-client-premises solution for model deployment. In this case, the model owner is risking their IP by giving it away to the client, but also it heavily depends on the client having the required infrastructure to support the computation. > What if you could utilize cloud infrastructure even for the most sensitive of data while ensuring data security and privacy? With decentriq’s avato [] software platform (request demo []), we offer a machine learning inference application based on the latest advancements in hardware cryptography. avato enables organizations to run machine and deep learning model inference on sensitive data on the public cloud without ever exposing the model or the raw data to any party, including decentriq. How do we make this happen? avato uses Intel SGX, an implementation of Secure Enclaves (SE). SEs are computer programs which – enabled by hardware design – have additional security related properties: They can prove their program identity to remote users (attestation) and their memory is protected from all access, including the operating system (memory encryption and isolation) Consequently, encrypted data can be analyzed in the SE, preventing any third party to reveal the plaintext data. The combination of encryption and SEs enables data operations on sensitive data without ever revealing the data to any third party. For more information regarding SGX security and our security and privacy guarantees, we wrote a blog together with Intel. For the technical specifications request the factsheet []. avato is cloud agnostic The required infrastructure is already deployed in multiple cloud providers and this list is getting longer every month. For specific requests, reach out to us. We will be at the Mobile World Congress 2020 in Barcelona. Please visit us at Fira de Barcelona H2.G60 and join us at Swiss Startup Night []