Facebook
Britain's News Portal
Around The Clock
BREAKING
Loading latest headlines…

Confidential computing trust mechanism broken, researchers find

New academic research reveals fundamental flaws in attested TLS, the protocol meant to underpin trust in confidential computing. The findings threaten Europe's sovereign cloud ambitions and raise serious questions about data security for UK businesses.

  • Researchers at TU Dresden found attested TLS protocols vulnerable to diversion and relay attacks, allowing traffic to be silently redirected to malicious servers.
  • Seven different methods of binding cryptographic evidence to TLS connections all failed to prevent relay attacks, according to the paper presented at ESORICS 2026.
  • The flaws undermine confidential computing's promise of verifiable trust, which is central to Europe's sovereign cloud strategy and UK data protection frameworks.

Confidential computing, long promoted by major cloud vendors as the bedrock of secure data processing in Europe, has suffered a significant blow. New, independently verified research from TU Dresden has exposed fundamental weaknesses in attested TLS, the cryptographic protocol designed to prove that a server is running inside a genuine, unmodified Trusted Execution Environment (TEE).

The research, led by Muhammad Usama Sardar and presented at the AsiaCCS 2026 and ESORICS 2026 conferences, demonstrates that attested TLS protocols can be exploited through diversion and relay attacks. In a diversion attack, a connection intended for one server is silently redirected to a compromised machine running identical software, anywhere in the world, without the client detecting the switch. The intended server has done nothing wrong; the attacker simply exploits the fact that the protocol checks software integrity, not location.

Sardar's team examined intra-handshake attestation, where cryptographic evidence is generated during the TLS handshake itself. They tested seven different methods of binding that evidence to the underlying connection. None of them prevented relay attacks, in which a client verifies the evidence of a genuine, trustworthy AI agent or server but ends up encrypting its traffic to an entirely different, malicious one. The paper, titled Intra-handshake.fail, concludes that the starting assumption—that the hardware itself can be trusted—remains a critical vulnerability.

For UK businesses, the implications are stark. Confidential computing is increasingly marketed as a solution for regulated sectors such as finance, healthcare, and legal services, where data sovereignty and auditability are paramount. The UK Information Commissioner's Office (ICO) has previously signalled that technologies like TEEs could help organisations meet accountability obligations under UK GDPR. However, if the protocol layer cannot reliably prove where data is processed, those assurances collapse. The EU AI Act also places emphasis on robust technical safeguards for high-risk AI systems, many of which rely on confidential computing infrastructure.

Intel's TDX and Google Cloud's confidential computing offerings have been positioned as enablers of 'full, auditable control over access to customer data'. The new research suggests that promise may be premature. Sardar noted: 'In confidential computing, you have to trust the hardware manufacturer anyway. There is absolutely no way around this.' With that root of trust accepted, the protocol layer was supposed to provide everything else. His research shows it provides far less than assumed.

Experts caution that the findings do not mean confidential computing is worthless, but they do demand urgent attention from standards bodies, cloud providers, and regulators. The UK's National Cyber Security Centre (NCSC) has yet to issue specific guidance on attested TLS, but the research is likely to prompt a review. For now, organisations relying on confidential computing for sensitive workloads should seek additional verification mechanisms and remain aware that the protocol's trust guarantees are weaker than advertised.

Why this matters: UK businesses are increasingly adopting confidential computing for sensitive data processing, often to comply with GDPR and sector-specific regulations. If the core trust mechanism is broken, the data sovereignty and security guarantees they rely on may be illusory, exposing them to legal and financial risks.

What this means for you: What this means for you: If your employer uses cloud services that promise confidential computing for sensitive data, the protection may be weaker than advertised. Check with your IT or data protection team whether attested TLS is relied upon and what additional safeguards are in place.

Related Articles

Get the news that matters.

Join thousands of readers getting the best of British news straight to their inbox.