In collaboration with Technical University of Denmark (DTU) and the European Research Center of Huawei Technologies in Germany, UBITECH publishes a preprint entitled “BLINDTRUST: Oblivious Remote Attestation for Secure Service Function Chains” at the arXiv open-access repository of electronic preprints and postprints (known as e-prints) approved for posting after moderation. Dr Thanassis Giannetsos, Head of UBITECH’s Digital Security and Trusted Computing Research Group, and his co-authors present a lightweight dynamic configuration integrity verification that enables inter and intra-device attestation without disclosing any configuration information and can be applied on both resource-constrained edge devices and cloud services. Their goal is to enhance run-time software integrity and trustworthiness with a scalable solution eliminating the need for federated infrastructure trust.
In particular, this paper provides a novel Configuration Integrity Verification (CIV) protocol for supporting trust-aware Service Graph Chains (SGCs) with verifiable evidence on the integrity and correctness of deployed devices and virtual functions. Key features provided that extend the state-of-theart include: (i) the possibility to distinguish which container is compromised, and (ii) the use of trusted computing for enabling inter- and intra-device attestation without disclosing any configuration information. The proposed solution is scalable, (partially) decentralized, and capable of withstanding even a prolonged siege by a pre-determined attacker as the system can dynamically adapt to its security and trust state. The presented scheme is demonstrated with an implementation leveraging a Trusted Platform Module (TPM), following the TCG TPM 2.0 specification, benchmarking its performance.