Confidential computing technologies mark the beginning of a new era as they make it possible to build apps that keep users’ information private.
New confidential computing technologies make it possible to build apps that truly protect users’ information. But how easy are these apps to build in reality? What does it take to convince consumers they can be trusted?
R3’s R&D team set themselves a challenge to build a near ‘real-life’ application using R3’s Conclave — a confidential computing platform that provides strong privacy guarantees. Imagine an app that could be shipped as a product, and use that to think through as many practical questions as possible related to building a real-world privacy-preserving app. The app we came up with is called Flash Polls!
Flash Polls is a prototype confidential computing opinion polling mobile app that relies on Conclave and Intel SGX enclaves to keep respondents’ answers 100% private. From a provider’s perspective, Flash Polls let you get answers you can trust to questions that matter to you, from the people you most want to hear from, instantly. Think of questions like “If you were to vote in a general election right now, which party would you vote for?” The idea is that individuals are more likely to answer honestly if they truly believe their answers are private.
Nobody — not even the operator of Flash Polls — can ever see the individual answers. This means that respondents can give completely honest answers, to even the most sensitive or embarrassing questions, without having to worry about what anybody would think of them if their answers were revealed… because their answers can’t be revealed. Ever..
Quick Flash Polls Intro
Right now, the Flash Polls service is designed for R3 employees — the principles though are applicable to any other polling service. As shown in the figure below, a user can register for the service by providing some personal information such as their gender, office location and division. The users’ information is treated with full confidentiality at all times — i.e., even when processed. A registered user can create polls and respond to polls. Once a user has responded to a poll they have access to the results of that poll.
Screenshots of the Flash Polls Mobile App
Just like in any other client server system, the messages that are exchanged between the mobile app and the server are encrypted… But there’s a key difference: only an enclave that the mobile app trusts can decrypt such messages and process their content; this is the privacy breakthrough that Confidential Computing enables, and Conclave takes care of the tricky details.
Conveying the Information Privacy Message to the Users
Why It Is Important, Why It Is Challenging
We employed the latest and the greatest confidential technology to design and build a service that keeps users’ information private. The problem you then face is that it’s easy to tell your users their information is safe, but how do you convince them?
In technical terms, confidential computing libraries usually let you precisely verify what code is running on the back-end. For instance, the Flash Polls mobile app uses the Conclave client library to verify that the back-end code was signed by a third-party auditor that the customer trusts… But how many consumers would know what this means or have the ability to review the code for themselves? Thus, to convey the privacy message to a broader audience, we designed and built three types of novel mobile app features.
Flash Poll’s design includes several carefully-tailored and strategically-placed buttons, the purpose of which is to remind the users that this app will protect their information…Because this app is different. It’s not like those other apps. Getting the psychology of the user right at the precise time their subconscious processes are deciding how to answer the questions is all-important.
Below we show screenshots from one of the buttons that we designed. It starts as a grey SUMIT button, whose text transitions to “SUBMIT WITH PRIVACY” and whose colour changes to blue— in order to remind the user that their information will be treated confidentially. The button includes the padlock from the Conclave logo whose colour changes from grey to red as the button’s text changes. This button is used when a user submits their response to a poll.
“Check My Privacy” or “Learn How Your Information Is Protected”
“Check My Privacy” allows the users to understand what is happening with their information and how their information is being protected by reading non-technical plain-language text. The feature also includes and displays technical data for interested users.
The feature consists of three tabs (shown in the figure below); the first one is a Privacy Summary which displays the security level of the service and the code auditor; the second is the Privacy Note, a document written in simple English, and the third is a (technical) security report of the Enclave on which the service is running — we refer to it as Remote Attestation hereafter.
The Privacy Note explains how the service processes the users’ information with respect to confidentiality. The role of the auditor is to inspect the code and ensure that the content of the privacy note and the code match. The auditor and the service provider need to be different entities.
In the case of Flash Polls, the Privacy Note (shown in the figure below) starts with a general description of the service, and then details what information is protected and what is NOT, when a user creates a poll, and when a user responds to a poll. Then the last part of the Note focuses on how the service protects individual responses.
The last part of the Privacy Note is applied when the responses are displayed. Let’s take a look at an app feature which allows the user to filter the responses to a poll by the responders’ gender, office location and division. Based on the Privacy Note, the app displays the results only if the anonymity of the responders is not violated — otherwise (i.e., if the number of the responders is less than a threshold) the filtered responses are not displayed, instead the following message appears on the screen “Insufficient responders to display results without risking a breach of anonymity”. We show this scenario in the figure below.
Strong Privacy Guarantees
Confidential computing libraries usually let you precisely verify what code is running on the back-end. For instance, the Flash Polls mobile app uses the Conclave client library to verify that the back-end code was signed by a third-party auditor that the customer trusts. In simple words, if the code running on the enclave (confidential hardware) is not approved by a designated trusted party (i.e., auditor), the client does not connect to it. Note that this check takes place every time the client attempts to connect to the enclave.
We wanted to take one step further though and investigate what is possible beyond the standard functionality that confidential computing libraries offer. Our goal was to provide new client-side features that in a way resemble x-rays into the back-end, and notify/alert the user of changes happening at the backend — changes that would otherwise remain unnoticed. These unique features allow the users to be in control.
Consider the following scenario: After the user has started using the Flash Polls mobile app, the code running on the enclave changes. The new code is verified by the designated auditor, so it passes the necessary checks that confidential computing libraries perform. The implications are that the Privacy Note may have changed as a result of the code change, even if the new code is still verified by the designated auditor. Thus, a user may want to read the Privacy Note again before keep using the app. The feature is designed to notify the user (when a code change is detected), prompt them to read the Privacy Note and allow them to decide for themselves whether they would like to keep using the app.
To detect if the enclave code has changed the mobile app can leverage the code hash, a fingerprint of the code that can be found in the Remote Attestation. The app maintains the previous code hash and compares it against the newly obtained one.
If the code has changed, the mobile app displays the following message “Flash Polls service has been updated. Please read My Privacy for further information.” The user can then decide whether they would like to read the Privacy Note and potentially stop using the service if they do not agree with the provided privacy guarantees anymore.
Deep Dive Intended for Technical Audience
The Conclave SDK includes an API that the client (mobile app) can employ in order to check that the enclave respects a certain constraint.
In Flash Polls we use the following constraint
"S:4924CA3A9C8241A3C0AA1A24A407AA86401D2B79FA9FF84932DA798A942166D4 PROD:1 SEC:STALE" which includes the hash of the singing key; Enclaves’ code which is not signed by this specific key is rejected. The constraint also dictates the privacy level that the client will accept. When the level is STALE, the client accepts enclaves running in release mode (i.e., on a legitimate SGX instance), but need to be patched. The client will also accept enclaves that run in the highest privacy level (SECURE). These are machines which are up-to-date regarding firmware updates.
If the constraint check fails, for instance because the service runs in a lower privacy level, the mobile app does not connect to the service, and notifies the user about the constraint violation by displaying a message: “The Flash Polls service is running with an insufficient security level”. Past this point the only option is to close the app. If the constraint check is successful, the mobile app can connect to the service.
Our novel client-side features allow the mobile app to communicate additional information regarding the confidentiality guarantees of the service to the user for scenarios where the constraint check is successful. Let’s take a look at such a scenario (1) the code that runs on the enclave has changed and is signed by the approved auditor, and (2) the privacy level of the enclave is STALE (not SECURE), (3) the constraint at the client side is
"S:4924CA3A9C8241A3C0AA1A24A407AA86401D2B79FA9FF84932DA798A942166D4 PROD:1 SEC:STALE".
On top of a successful constraint check, there is more valuable information regarding the confidentiality guarantees of the service to be communicated to the user — passing the constraint check is of paramount importance, but we can do even better!
- The mobile app connects to the enclave — which means that the constraint is not violated.
- The mobile app has retrieved the Remote Attestation which includes the code hash and privacy level of the enclave.
- The mobile app detects that the privacy level is STALE (which means that there are firmware updates that need to be installed), and displays the following message to inform the user “Note: the server processing your data will shortly need to be patched. You may experience a temporary loss of service when this happens” (see the figure below)
- At the same time, a new version of the code has been deployed on the enclave which means that the code hash has changed. The mobile app includes the necessary logic and metadata to detect the code change and display a relevant message. “The Flash Polls service has been updated. Please read My Privacy for further information. ” (see the figure below)
Conclusion: Our novel client-side features can detect complex scenarios regarding changes in the confidentiality guarantees of the service and communicate them to the user.
Take Away Message
- Conveying the privacy message to the user can be one of the most challenging aspects of the design of a confidential consumer application
- We designed and built three novel mobile app features that aim at conveying the confidentiality message to the user
- If you want to learn more, join our Flash Polls Talk at CordaCon 2022!
R3’s R&D team sits in the Office of the CTO,
Richard Brown. The Flash Polls team was Bogdan Paunescu, Stefan, Iliev, Agnieszka Szczepanska and Sotiria Fytraki (Lead).
Thanks to Richard Brown!