BLINDTRUST: Oblivious Remote Attestation for Secure Service Function Chains
This addresses security and privacy challenges in next-generation systems-of-systems by providing a scalable solution that eliminates the need for federated infrastructure trust, though it appears incremental in improving existing remote attestation methods.
The paper tackles the problem of verifying software and device integrity in remote systems without disclosing configuration information, presenting a lightweight dynamic configuration integrity verification method that enables scalable inter and intra-device attestation for both edge devices and cloud services.
With the rapidly evolving next-generation systems-of-systems, we face new security, resilience, and operational assurance challenges. In the face of the increasing attack landscape, it is necessary to cater to efficient mechanisms to verify software and device integrity to detect run-time modifications. Towards this direction, remote attestation is a promising defense mechanism that allows a third party, the verifier, to ensure a remote device's (the prover's) integrity. However, many of the existing families of attestation solutions have strong assumptions on the verifying entity's trustworthiness, thus not allowing for privacy preserving integrity correctness. Furthermore, they suffer from scalability and efficiency issues. This paper presents a lightweight dynamic configuration integrity verification that enables inter and intra-device attestation without disclosing any configuration information and can be applied on both resource-constrained edge devices and cloud services. Our goal is to enhance run-time software integrity and trustworthiness with a scalable solution eliminating the need for federated infrastructure trust.