Abstract:Remote Attestation (RA) enables the integrity and authenticity of applications in Trusted Execution Environment (TEE) to be verified. Existing TEE RA designs employ a centralized trust model where they rely on a single provisioned secret key and a centralized verifier to establish trust for remote parties. This model is however brittle and can be untrusted under advanced attacks nowadays. Besides, most designs only have fixed procedures once deployed, making them hard to adapt to different emerging situations and provide resilient functionalities. Therefore, we propose JANUS, an open and resilient TEE RA scheme. To decentralize trust, we, on one hand, introduce Physically Unclonable Function (PUF) as an intrinsic root of trust (RoT) in TEE to directly provide physical trusted measurements. On the other hand, we design novel decentralized verification functions on smart contract with result audits and RA session snapshot. Furthermore, we design an automated switch mechanism that allows JANUS to remain resilient and offer flexible RA services under various situations. We provide a UC-based security proof and demonstrate the scalability and generality of JANUS by implementing an complete prototype.

What problem does this paper attempt to address?

The problems that this paper attempts to solve mainly focus on three key limitations in the existing Trusted Execution Environment (TEE) Remote Attestation (RA) design: 1. **Untrustworthy TEE Platform**: - The current TEE remote attestation design relies on the centralized root keys provided by manufacturers, and users must trust the manufacturers to trust these keys. However, in recent years, advanced attack means such as side - channel attacks and fault - injection attacks have proven that it is very difficult to protect this centralized and digitally configured Root of Trust (RoT). Once the keys are leaked, attackers can generate forged RA reports, covering up the fact that the TEE platform has been completely compromised. 2. **Untrustworthy Verifier**: - The verification process in remote attestation is usually carried out by a centralized verifier, lacking transparency and public review mechanisms. Users cannot verify or audit the authenticity of the verification results. The centralized verifier may claim that a compromised application is trustworthy for commercial interests or due to external attacks, and vice versa. Worse still, the verification service is often deployed by the manufacturers themselves, and this single - trust model will undermine users' trust in TEE. 3. **Rigid Process**: - Most TEE remote attestation designs follow a fixed process and rely heavily on the underlying cloud infrastructure to operate normally. They lack the ability to keep running under adverse conditions, such as network outages, device failures, and exhaustion of computing resources. This rigid process cannot adapt to the ever - changing emerging scenarios, resulting in the inability of remote attestation to provide continuous trust guarantees for other TEE functions. To address these problems, the author proposes JANUS, an open and resilient TEE remote attestation scheme. JANUS solves the above problems by introducing the Physically Unclonable Function (PUF) as an intrinsic Root of Trust and designing a decentralized verification function based on smart contracts and an automatic switching mechanism. Specifically: - **Decentralized Root of Trust**: Use PUF to directly provide physical trust measurement, avoiding reliance on a single centralized root key. - **Open Verification Process**: Implement decentralized verification functions through smart contracts, supporting multi - party participation and result auditing. - **Resilient Authentication Process**: Design an automatic switching mechanism, allowing users to select different authentication workflows according to different situations, ensuring the flexibility and reliability of the authentication process. In summary, JANUS aims to provide a more secure, transparent, and flexible TEE remote attestation scheme through decentralization and redundant design to address the deficiencies in existing designs.

Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust

Remote Credential Management with Mutual Attestation for Trusted Execution Environments

SRAS: Self-governed Remote Attestation Scheme for Multi-party Collaboration

Trusted isolation environment: an attestation architecture with usage control model

Credibility Attestation of Property Remote Attestation Method

Building secure distributed applications the DECENT way

Remote Attestation on Function Execution

Remote attestation on function execution (work-in-progress)

Remote Attestation on Program Execution

Decentralized Translator of Trust: Supporting Heterogeneous TEE for Critical Infrastructure Protection

Partial Attestation: Towards Cost-Effective and Privacy-Preserving Remote Attestations

Remote Platform Attestation: The Testimony for Trust Manageement

DO-RA: Data-oriented runtime attestation for IoT devices

Research Directions for Verifiable Crypto-Physically Secure TEEs

Towards Everlasting Privacy and Efficient Coercion Resistance in Remote Electronic Voting.

Runtime Verification for Trustworthy Computing

Blockchain-based TLS Notary Service

A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs

Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders

Remote Attestation: A Literature Review

A Last-Level Defense for Application Integrity and Confidentiality