Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust

Xiaolin Zhang, Kailun Qin, Shipei Qu, Tengfei Wang, Chi Zhang, Dawu Gu

TL;DR

This paper tackles the brittleness of traditional remote attestation by decentralizing trust and verification in TEEs. It introduces JANUS, a PUF-based intrinsic RoT coupled with smart-contract–driven, auditable on-chain verification and a switch mechanism that enables resilient, end-to-end attestation workflows that can adapt to network disruptions. The authors provide a UC-based security proof for the PUF-driven protocols, implement a PoC on SGX and TrustZone hardware, and evaluate both off-chain and on-chain performance, demonstrating scalability and practicality. The work has potential impact for large-scale, heterogeneous TEEs by enabling transparent, resilient attestation in cloud, edge, and IoT environments.

Abstract

Remote Attestation (RA) enables the integrity and authenticity of applications in Trusted Execution Environment (TEE) to be verified. Existing TEE RA designs employ a centralized trust model where they rely on a single provisioned secret key and a centralized verifier to establish trust for remote parties. This model is however brittle and can be untrusted under advanced attacks nowadays. Besides, most designs only have fixed procedures once deployed, making them hard to adapt to different emerging situations and provide resilient functionalities. Therefore, we propose JANUS, an open and resilient TEE RA scheme. To decentralize trust, we, on one hand, introduce Physically Unclonable Function (PUF) as an intrinsic root of trust (RoT) in TEE to directly provide physical trusted measurements. On the other hand, we design novel decentralized verification functions on smart contract with result audits and RA session snapshot. Furthermore, we design an automated switch mechanism that allows JANUS to remain resilient and offer flexible RA services under various situations. We provide a UC-based security proof and demonstrate the scalability and generality of JANUS by implementing an complete prototype.

Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust

TL;DR

This paper tackles the brittleness of traditional remote attestation by decentralizing trust and verification in TEEs. It introduces JANUS, a PUF-based intrinsic RoT coupled with smart-contract–driven, auditable on-chain verification and a switch mechanism that enables resilient, end-to-end attestation workflows that can adapt to network disruptions. The authors provide a UC-based security proof for the PUF-driven protocols, implement a PoC on SGX and TrustZone hardware, and evaluate both off-chain and on-chain performance, demonstrating scalability and practicality. The work has potential impact for large-scale, heterogeneous TEEs by enabling transparent, resilient attestation in cloud, edge, and IoT environments.

Abstract

Remote Attestation (RA) enables the integrity and authenticity of applications in Trusted Execution Environment (TEE) to be verified. Existing TEE RA designs employ a centralized trust model where they rely on a single provisioned secret key and a centralized verifier to establish trust for remote parties. This model is however brittle and can be untrusted under advanced attacks nowadays. Besides, most designs only have fixed procedures once deployed, making them hard to adapt to different emerging situations and provide resilient functionalities. Therefore, we propose JANUS, an open and resilient TEE RA scheme. To decentralize trust, we, on one hand, introduce Physically Unclonable Function (PUF) as an intrinsic root of trust (RoT) in TEE to directly provide physical trusted measurements. On the other hand, we design novel decentralized verification functions on smart contract with result audits and RA session snapshot. Furthermore, we design an automated switch mechanism that allows JANUS to remain resilient and offer flexible RA services under various situations. We provide a UC-based security proof and demonstrate the scalability and generality of JANUS by implementing an complete prototype.
Paper Structure (42 sections, 1 theorem, 1 equation, 9 figures, 6 tables, 2 algorithms)

This paper contains 42 sections, 1 theorem, 1 equation, 9 figures, 6 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Trusted Execution Environment and Remote Attestation
  4. Physically Unclonable Functions (PUF)
  5. Motivation
  6. Lessons Learned from Real-world TEE RA Designs
  7. Related Works and Design Motivation
  8. Stronger TEE RoT for RA.
  9. Decentralized Verification Functions
  10. Resilient RA Procedure
  11. Janus Overview
  12. Threat Model and Assumption
  13. System Architecture
  14. Design Challenges
  15. Janus Designs
  16. ...and 27 more sections

Key Result

Theorem 1

If the AEAD algorithm $(\mathcal{E}, \mathcal{D})$ provides ciphertext indistinguishability under chosen ciphertext attack (IND-CCA), the hash function $H$ is collision resistant and $\textit{puf}{}$ is an ideal PUF, then the PUF-based attestation protocols of Janus with respect to a global databas

Figures (9)

  • Figure 1: A typical TEE RA workflow.
  • Figure 2: Illustration of attestation switch mechanism
  • Figure 3: Architecture and workflow of Janus
  • Figure 4: The off-chain local attestation protocol of Janus
  • Figure 5: The off-chain remote attestation protocol of Janus
  • ...and 4 more figures

Theorems & Definitions (3)

  • Definition 1
  • Theorem 1
  • Definition 2