Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust

TL;DR

JANUS introduces a decentralized, open, and resilient remote attestation scheme for Trusted Execution Environments, leveraging PUFs and smart contracts to enhance security, flexibility, and adaptability against advanced attacks.

Contribution

The paper presents JANUS, a novel TEE remote attestation scheme that decentralizes trust using PUFs and smart contracts, with an automated resilience mechanism and formal security proof.

Findings

JANUS achieves enhanced security through PUF-based trust.

The scheme provides flexible and resilient RA services.

Prototype demonstrates scalability and practicality.

Abstract

Remote Attestation (RA) enables the integrity and authenticity of applications in Trusted Execution Environment (TEE) to be verified. Existing TEE RA designs employ a centralized trust model where they rely on a single provisioned secret key and a centralized verifier to establish trust for remote parties. This model is however brittle and can be untrusted under advanced attacks nowadays. Besides, most designs only have fixed procedures once deployed, making them hard to adapt to different emerging situations and provide resilient functionalities. Therefore, we propose JANUS, an open and resilient TEE RA scheme. To decentralize trust, we, on one hand, introduce Physically Unclonable Function (PUF) as an intrinsic root of trust (RoT) in TEE to directly provide physical trusted measurements. On the other hand, we design novel decentralized verification functions on smart contract with result audits and RA session snapshot. Furthermore, we design an automated switch mechanism that allows JANUS to remain resilient and offer flexible RA services under various situations. We provide a UC-based security proof and demonstrate the scalability and generality of JANUS by implementing an complete prototype.