A Cryptographic View of Deep-Attestation, or how to do Provably-Secure Layer-Linking - Archive ouverte HAL Access content directly
Conference Papers Year :

A Cryptographic View of Deep-Attestation, or how to do Provably-Secure Layer-Linking

(1) , (2, 3) , (1, 2, 4) , (4, 2) , (4) , (5) ,
1
2
3
4
5

Abstract

Deep attestation is a particular case of remote attestation, i.e., verifying the integrity of a platform with a remote verification server. We focus on the remote attestation of hypervisors and their hosted virtual machines (VM), for which two solutions are currently supported by ETSI. The first is single-channel attestation, requiring for each VM an attestation of that VM and the underlying hypervisor through the physical TPM. The second, multi-channel attestation, allows to attest VMs via virtual TPMs and separately from the hypervisor-this is faster and requires less overall attestations, but the server cannot verify the link between VM and hypervisor attestations, which comes for free for single-channel attestation. We design a new approach to provide linked remote attestation which achieves the best of both worlds: we benefit from the efficiency of multichannel attestation while simultaneously allowing attestations to be linked. Moreover, we formalize a security model for deep attestation and prove the security of our approach. Our contribution is agnostic of the precise underlying secure component (which could be instantiated as a TPM or something equivalent) and can be of independent interest. Finally, we implement our proposal using TPM 2.0 and vTPM (KVM/QEMU), and show that it is practical and efficient.
Fichier principal
Vignette du fichier
main.pdf (545.65 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-03450625 , version 1 (26-11-2021)

Licence

Attribution - CC BY 4.0

Identifiers

  • HAL Id : hal-03450625 , version 1

Cite

Ghada Arfaoui, Pierre-Alain Fouque, Thibaut Jacques, Adina Nedelcu, Cristina Onete, et al.. A Cryptographic View of Deep-Attestation, or how to do Provably-Secure Layer-Linking. International Conference on Applied Cryptography and Network Security ACNS, Jun 2022, Rome, Italy. ⟨hal-03450625⟩
172 View
81 Download

Share

Gmail Facebook Twitter LinkedIn More