3.5.4 Attesteer

⚠️ Warning:️ The recently published WireTap attack affects the security of the Attesteer. Please carefully review the threat model for your application.

The Attesteer is less about individual use cases. It is more about massively streamlining the process to have any kind of software in a TEE, and get public auditability via the on-chain attestation registry. This basically means that all aforementioned benefits about the confidentiality of a TEE and public auditability apply here.

Hence, the Attesteer is relevant for any use case handling data that falls under the GDPR law, or other user-sensitive data that the operator or business is prohibited to have insight on. Additionally, any mistrust an end-user has against the operator or business is removed due to the public TEE registry.

Particularly interesting use cases might be multi-party data analytics or secret provisioning.

Secret Provisioning

The more sensitive the data, the better it should be secured. Thus, secrets that are being provisioned should be handled in the most secure manner only, verifiably. This makes the Attesteer an excellent fit for attesting any kind of policy manager that, honestly, should always store its secrets in a TEE anyhow. We will soon offer some integrations with the Attesteer of well-known key stores, which will simplify the attestation of your existing keystore. The Attesteer could also function as the secret provisioner itself. An outlook of potential key stores we will support in the future:

  • Hashicorp Vault
  • Hardware Security Modules (HSM) supporting PKCS11 or KMIP APIs
  • AWS Key Management Service (KMS)
  • Azure Key Vault
  • GCP Cloud KMS
  • Venafi Encryption Director

Data collaboration/Multi-party analytics

Attesteer provides verifiable privacy together with public auditability - valuable features, especially in cases where trust between mutual stakeholders is required. An example use case is the collaboration on sensitive data between two or more parties. For example, imagine Company A and Company B seek to pool their customer data and Company C, a data analytics firm, provides an algorithm to analyze the data and derive innovative insights. Using TEE technlogy to process the data and the Attesteer service, the data is analyzed securely and privately and the integrity of the data and process is verified and registered on our public network. This way, all participating parties can transparently track whether their data has been secure and confidential at all times. Companies A and B can be sure that their data has not been exposed to the other involved parties, Company C is assured that its IP for the provided algorithm is protected and even the customers of Companies A and B can transparently monitor and verify that their data has been confidential at all times.