BLINDTRUST: Oblivious Remote Attestation for Secure Service Function Chains

TL;DR

BLINDTRUST introduces a lightweight, scalable remote attestation method that verifies software integrity on devices and cloud services without revealing configuration details, enhancing security and privacy.

Contribution

It proposes a novel dynamic configuration integrity verification approach that operates efficiently on resource-constrained devices and cloud environments, without relying on trusted third parties.

Findings

Enables privacy-preserving remote attestation

Supports both edge devices and cloud services

Improves scalability and efficiency of integrity verification

Abstract

With the rapidly evolving next-generation systems-of-systems, we face new security, resilience, and operational assurance challenges. In the face of the increasing attack landscape, it is necessary to cater to efficient mechanisms to verify software and device integrity to detect run-time modifications. Towards this direction, remote attestation is a promising defense mechanism that allows a third party, the verifier, to ensure a remote device's (the prover's) integrity. However, many of the existing families of attestation solutions have strong assumptions on the verifying entity's trustworthiness, thus not allowing for privacy preserving integrity correctness. Furthermore, they suffer from scalability and efficiency issues. This paper presents a lightweight dynamic configuration integrity verification that enables inter and intra-device attestation without disclosing any configuration information and can be applied on both resource-constrained edge devices and cloud services. Our goal is to enhance run-time software integrity and trustworthiness with a scalable solution eliminating the need for federated infrastructure trust.