U-M spin-off Agita Labs releases always encrypted computing product

TrustForge, based on U-M research spearheaded by Austin and Bertacco, provides users with the ability to protect data using a process called sequestered encryption
Todd Austin
Prof. Todd Austin

As the capabilities of computing grow exponentially, so too do the threats to private and professional users concerned with the safety of their data. With the popularization of cloud-based storage and increased avenues for hackers to enter seemingly secure systems, advances in cybersecurity are critical to keeping up with threats of information breaches.

Valeria Bertacco portrait
Prof. Valeria Bertacco

Computer system security startup Agita Labs has an answer. Founded by S. Jack Hu Collegiate Professor of Computer Science and Engineering Todd Austin and Arthur F. Thurnau Professor and Vice Provost for Engaged Learning Valeria Bertacco, the company has announced that its latest venture in secure computing—TrustForge—has made its debut on Microsoft Azure Cloud. 

TrustForge, based on U-M research spearheaded by Austin and Bertacco, provides users with the ability to protect data using a process called sequestered encryption. According to a recent Agita Labs press release, “TrustForge enables users to upload data to the cloud while retaining complete control over who can view and process it. Both the data and its decryption keys stay encrypted at all times, keeping them safe from attackers, developers and IT staff.”

Touted as a low-overhead alternative to fully homomorphic encryption, which requires more intense mathematical computations to mask user activity, TrustForge operates as a service specifically designed to house sensitive data like healthcare-related or financial information using a “hardware-based cryptographic wall.”

Austin and Bertacco began work on TrustForge following their success with the “unhackable” Morpheus secure CPU. Funded by a DARPA contract, Morpheus resisted the cyberattacks of over 500 researchers, inspiring the U-M professors to continue building upon the technology’s encryption potential.

Designed as a system by and for programmers, TrustForge’s sequestered encryption technology relies on a hardware feature called a sequestered enclave, which protects its data by performing computations with hidden inputs and outputs, ensuring outside sources have no access to private information. As a result, TrustForge is so secure, not even Agita Labs would be able to decrypt the data that it is processing.

According to Austin, “TrustForge tips the balance of power from the attacker to the defender by keeping data always encrypted and accessible only by a provably secure cryptographic enclave deployed in the cloud. Even if the system is hacked, data stays secure.”

Released to the Microsoft Azure cloud as of May 2022 and with plans to debut on Amazon Web Services and in-house by the end of the year, the latest Agita Labs innovation marks another successful effort by U-M faculty and alumni to bring the University’s research out of theory and into practice.

Chip Design & Architectures; Chip Design, Architecture, and Emerging Devices; Cybersecurity; Division News; Hacking; Secure, Trustworthy, and Reliable Systems; Security and Privacy; Todd Austin; Valeria Bertacco; Women in Computing