How is Cape Secure?
At Cape Privacy, we put the power of confidential computing and encryption into the hands of every developer. Our mission is to protect privacy by default. Cape makes protecting your user’s data and your apps simple. You can encrypt, deploy a function, and run, You can easily try this out back on the Quick Start.
Confidential Computing is a cloud computing technology that isolates sensitive data in a protected enclave during processing. Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment (TEE) within a Secure Enclave.
Cape leverages the attestation process of secure enclaves. Attestation is a process that the enclave uses to prove its identity using a cryptopically signed document that has unique measures, such as hardware-backed platform configuration registers (PCRs). Learn more about how Attestation works within the AWS Nitro Enclave.
We do this in several steps to make sure the enclave is secure:
We Verify the Signature and Root Certificate
The first check Cape does is verifying the signature and root certificate of the enclave and the attestation document that comes in a CBOR file. These certificates must be included as part of generating an executable runnable in the enclave. A service wishing to attest to a specific enclave first has to open a TLS connection to that enclave, and verify that the enclave's certificates are valid. These certificates are included in the enclave during the enclave image file build.
We Verify PCRs
The PCRs or Platform Configuration Registers are unique measures exposed when an Enclave Image File (.eif) is generated. An .eif provides the dependencies needed to run an enclave. During the build to spin up an enclave, this file is generated and the PCRs are exposed.
An enclave’s measurements include a series of hashes and platform configuration registers (PCRs) that are unique to the enclave. Verifying these configurations is part of verifying the Enclave’s identity. They can be used during the attestation process to verify that the enclave you are talking to is not masquerading as an unauthorized entity.
We Verify the Key Management Service Policy
The next step is verifying the integrity of the KMS policy, which is scoped to each Cape account. Specific measures in the enclave are validated to match specifically to the condition keys of that policy that govern what operations are permitted. Under Cape’s implementation, Cape signs the .eif, and KMS policy is restricted against PCR 3 and 8.
We Encrypt the Data During Deployment
When a customer sends a “cape deploy” request, Cape generates a keypair. The public key from the enclave is sent back to the customer to be used for encrypting data. The data is then encrypted using that public key from the enclave. The function is then doubly encrypted using HPKE. The function is then sent over TLS to the enclave, and decrypted using the private key of the enclave. Once decrypted within the enclave, Cape will encrypt using KMS for storage. The function is re-encrypted using the AWS KMS for storage. The function is only ever decrypted in the secure enclave during cape run to process the data. Learn more about how cape deploy and cape run work.
To protect your data at-rest and in-transit, we also offer cape encrypt. The cape encrypt command encrypts data so it can only be processed inside the enclave by Cape Functions that you’ve deployed. Learn more about cape encrypt.
We Verify the Function Checksum
We verify the correct function is being used and data is only run by the application it was intended for without having been tampered with. This is not part of the enclave’s attestation process but an extra layer of protection that Cape adds to ensure that your data is only processed by the function you specified.
Cape verifies that your apps and data are going into a valid enclave using the Attestation process and verifying the function checksum of an application. cape encrypt can be used to encrypt the data locally to be safe during transit. Attestation proves that an enclave is a trustworthy entity based on the code and configuration running within a particular enclave. The function checksum is tied to the application a user has deployed to ensure the user is indeed running that unaltered application.