Periodic Reporting for period 1 - CONFIDENTIAL6G (Confidential Computing and Privacy-preserving Technologies for 6G)
Reporting period: 2023-01-01 to 2024-06-30
6G infrastructures must ensure reliability, trust and resilience on a globally connected continuum of heterogeneous environments supported by the convergence of networks and IT systems to enable new future digital services. The substantial increase of coverage and network heterogeneity, raises severe concerns that security and privacy in 6G can be worse than the previous generations. The 6G network should be a deep integration of emerging AI tools, new hardware components and accelerators, compute and networking functions, IoT and edge nodes. Contemporary security obviously needs to be enhanced. CONFIDENTIAL6G emphasizes on privacy preservation and security of sensitive data by focusing on protection of data:
• In use.
• In transit.
• At the Edge.
CONFIDENTIAL6G will base its research on 3 pillars: Post-quantum cryptography, Confidential Computing and Confidential Communication. CONFIDENTIAL6G will test and validate the developed solutions in three use cases
1) Predictive maintenance for airline consortium
2) mitigation of internal threats for telecom cloud providers and
3) Intelligent connected vehicle for mission-critical services and OTA updates
• In use.
• In transit.
• At the Edge.
CONFIDENTIAL6G will base its research on 3 pillars: Post-quantum cryptography, Confidential Computing and Confidential Communication. CONFIDENTIAL6G will test and validate the developed solutions in three use cases
1) Predictive maintenance for airline consortium
2) mitigation of internal threats for telecom cloud providers and
3) Intelligent connected vehicle for mission-critical services and OTA updates
One of the first CONFIDENTIAL6G key results is an in-depth analysis of the state-of-the-art in Post-Quantum Cryptography (PQC). This serves as a comprehensive toolkit for the algorithms currently considered by NIST for standardization and its results are expected to be exploited by other further work in the project that pertains to PQC integration in network protocols. Additionally, the design of secure communication protocols and algorithms resistant to attacks from quantum computers, known as Quantum-safe Networking Primitives, will be used to safeguard against future quantum threats. In parallel, the development of secure network architectures and mechanisms for data protection has led to the creation of Secure Architecture and Mechanisms, ensuring robust defense layers against potential cyber threats. With regards to data privacy and confidential computing, the project has developed several Machine Learning (ML) algorithms that support Fully Homomorphic Encryption (FHE) and have been testing them against industrial test data. These efforts are complemented by improved data privacy in federated AI/ML through better orchestration mechanisms within confidential computing environments, termed Federated AI/ML Orchestration. In a complementary fashion, solutions based on Zero-Knowledge Proofs (ZKP) that could potentially solve the verifiability issues of FHE computations, while also leveraging blockchain for data verification and access control are being investigated, with privacy enhancements using cryptographic techniques (Blockchain-based Data Verification and Access Control). Moreover, novel schemes for threshold signatures are investigated, an architecture for a Trusted Execution Environment (TEE) that supports multi-party computations (MPC) is designed. Finally, a blockchain-based solution with a novel consensus mechanism called Proof of Chosen for training ML Models is developed, marking significant strides towards secure and private computing in the digital age.
CONFIDENTIAL6G will advance the state of the art as follows:
Domain 1: Confidential Computing Enablers: CONFIDENTIAL6G will significantly improve the efficiency of Fully Homomorphic Encryption (FHE) schemes, by considering relaxed functionalities tailored towards specific AI applications and design of new encryption functions that are more efficient in the cost model of FHE; provide Secure Multi-party Computation (SMPC) cryptographic protocols that distribute a computation across multiple parties, with a focus on improving pre-processing for the types of computations carried out in AI/ML; enable Trusted Execution Environment (TEE) abstractions in an architecture-agnostic manner and with the support for remote attestations; address the challenge of complex federated orchestration for AI/ML workloads in order to increase privacy-preservation of the computations.
Domain 2: Confidential Communication Enablers: CONFIDENTIAL6G will develop new post-quantum secure cryptographic network protocols adequate for the use in secure 6G applications. The design of these systems is supported by in-depth, state-of-the-art cryptographic analysis and formal security proofs. These protocols serve as essential enablers for the goals of the project when protecting against quantum attackers. CONFIDENTIAL6G will research the application of PQC primitives on securing the networking protocols - above all TLS. Blockchain efficiency will be researched and new approaches and cryptographic enablers developed to enhance network security with quantum-safe protocols, and enhance blockchain technologies with anonymity and privacy protection, notably using ZKP and FHE encryption schemes to increase the privacy of Smart Contracts. Additionally, DLT technology will be examined in the domain of sovereignty and authentication/authorization for devices and persons with the potential of DIDs and Anonymous and Verifiable Credentials it can bring.
Domain 3: Confidential Edge and IoT enablers: CONFIDENTIAL6G will propose novel methods to resolve crucial challenges in the Federated Learning (FL) space, such as: scaling the FL algorithms to run on thousands - millions of devices using hierarchical networks and edge computing technology, and accommodating the heterogeneity of resources such as different types of devices, TEE capabilities and data available per device. CONFIDENTIAL6G will propose an integration of trusted computing with a B5G supported environment and define its role in eliminating attack vectors, especially those against identity and firmware tampering which will become a major attack vector. Edge and constrained devices bring new challenges when it comes to confidential data operations. To achieve this, CONFIDENTIAL6G will research FPGA- and GPU-accelerated FHE, develop PQC algorithms, adapted to run even on the far-edge nodes; permit FHE operations be offloaded to the server, and devices’ libraries; HW-supported acceleration for cryptographic and confidential computing operations to enable practical use of these techniques on devices with constrained resources.
Domain 1: Confidential Computing Enablers: CONFIDENTIAL6G will significantly improve the efficiency of Fully Homomorphic Encryption (FHE) schemes, by considering relaxed functionalities tailored towards specific AI applications and design of new encryption functions that are more efficient in the cost model of FHE; provide Secure Multi-party Computation (SMPC) cryptographic protocols that distribute a computation across multiple parties, with a focus on improving pre-processing for the types of computations carried out in AI/ML; enable Trusted Execution Environment (TEE) abstractions in an architecture-agnostic manner and with the support for remote attestations; address the challenge of complex federated orchestration for AI/ML workloads in order to increase privacy-preservation of the computations.
Domain 2: Confidential Communication Enablers: CONFIDENTIAL6G will develop new post-quantum secure cryptographic network protocols adequate for the use in secure 6G applications. The design of these systems is supported by in-depth, state-of-the-art cryptographic analysis and formal security proofs. These protocols serve as essential enablers for the goals of the project when protecting against quantum attackers. CONFIDENTIAL6G will research the application of PQC primitives on securing the networking protocols - above all TLS. Blockchain efficiency will be researched and new approaches and cryptographic enablers developed to enhance network security with quantum-safe protocols, and enhance blockchain technologies with anonymity and privacy protection, notably using ZKP and FHE encryption schemes to increase the privacy of Smart Contracts. Additionally, DLT technology will be examined in the domain of sovereignty and authentication/authorization for devices and persons with the potential of DIDs and Anonymous and Verifiable Credentials it can bring.
Domain 3: Confidential Edge and IoT enablers: CONFIDENTIAL6G will propose novel methods to resolve crucial challenges in the Federated Learning (FL) space, such as: scaling the FL algorithms to run on thousands - millions of devices using hierarchical networks and edge computing technology, and accommodating the heterogeneity of resources such as different types of devices, TEE capabilities and data available per device. CONFIDENTIAL6G will propose an integration of trusted computing with a B5G supported environment and define its role in eliminating attack vectors, especially those against identity and firmware tampering which will become a major attack vector. Edge and constrained devices bring new challenges when it comes to confidential data operations. To achieve this, CONFIDENTIAL6G will research FPGA- and GPU-accelerated FHE, develop PQC algorithms, adapted to run even on the far-edge nodes; permit FHE operations be offloaded to the server, and devices’ libraries; HW-supported acceleration for cryptographic and confidential computing operations to enable practical use of these techniques on devices with constrained resources.