BlindTrust: Oblivious Remote Attestation for Secure Service Function Chains

With the rapidly evolving next-generation systems- of-systems, we face new security, resilience, and operational as- surance challenges. In the face of the increasing attack landscape, it is necessary to cater to efficient mechanisms to verify software and device integrity to detect run-time modifications. Towards this direction, remote attestation is a promising defense mecha- nism that allows a third party, the verifier, to ensure a remote device’s (the prover’s) integrity. However, many of the existing families of attestation solutions have strong assumptions on the verifying entity’s trustworthiness, thus not allowing for privacy- preserving integrity correctness. Furthermore, they suffer from scalability and efficiency issues. This paper presents a lightweight dynamic configuration integrity verification that enables inter and intra-device attestation without disclosing any configuration information and can be applied on both resource-constrained edge devices and cloud services. Our goal is to enhance run-time software integrity and trustworthiness with a scalable solution eliminating the need for federated infrastructure trust.