Paper 2023/735

Towards a Privacy-preserving Attestation for Virtualized Networks

Ghada Arfaoui, Orange (France)
Thibaut Jacques, Orange (France), University of Limoges
Marc Lacoste, Orange (France)
Cristina Onete, University of Limoges
Léo Robert, University of Picardie Jules Verne

TPM remote attestation allows to verify the integrity of the boot sequence of a remote device. Deep Attestation extends that concept to virtualized platforms by allowing to attest virtual components, the hypervisor, and the link between them. In multi-tenant environments, deep attestation solution offer security and/or efficiency, but no privacy. In this paper, we propose a privacy preserving TPM-based deep attestation solution in multi-tenant environments, which provably guarantees: (i) Inter-tenant privacy: a tenant is cannot know whether other VMs outside its own are hosted on the same machine; (ii) Configuration hiding: the hypervisor's configuration, used during attestation, remains hidden from the tenants; and (iii) Layer linking: tenants can link hypervisors with the VMs, thus obtaining a guarantee that the VMs are running on specific hardware. We also implement our scheme and show that it is efficient despite the use of complex cryptographic tools.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. ESORICS 2023
Deep AttestationMulti-tenant5GPrivacy
Contact author(s)
thibaut jacques @ orange com
2023-10-05: revised
2023-05-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ghada Arfaoui and Thibaut Jacques and Marc Lacoste and Cristina Onete and Léo Robert},
      title = {Towards a Privacy-preserving Attestation for Virtualized Networks},
      howpublished = {Cryptology ePrint Archive, Paper 2023/735},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.