Paper 2023/735
Towards a Privacy-preserving Attestation for Virtualized Networks
Abstract
TPM remote attestation allows to verify the integrity of the boot sequence of a remote device. Deep Attestation extends that concept to virtualized platforms by allowing to attest virtual components, the hypervisor, and the link between them. In multi-tenant environments, deep attestation solution offer security and/or efficiency, but no privacy. In this paper, we propose a privacy preserving TPM-based deep attestation solution in multi-tenant environments, which provably guarantees: (i) Inter-tenant privacy: a tenant is cannot know whether other VMs outside its own are hosted on the same machine; (ii) Configuration hiding: the hypervisor's configuration, used during attestation, remains hidden from the tenants; and (iii) Layer linking: tenants can link hypervisors with the VMs, thus obtaining a guarantee that the VMs are running on specific hardware. We also implement our scheme and show that it is efficient despite the use of complex cryptographic tools.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Minor revision. ESORICS 2023
- Keywords
- Deep AttestationMulti-tenant5GPrivacy
- Contact author(s)
- thibaut jacques @ orange com
- History
- 2023-10-05: revised
- 2023-05-22: received
- See all versions
- Short URL
- https://ia.cr/2023/735
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/735,
author = {Ghada Arfaoui and Thibaut Jacques and Marc Lacoste and Cristina Onete and Léo Robert},
title = {Towards a Privacy-preserving Attestation for Virtualized Networks},
howpublished = {Cryptology {ePrint} Archive, Paper 2023/735},
year = {2023},
url = {https://eprint.iacr.org/2023/735}
}
