Cited By
View all- Eckel MGeorge DGrohmann BKrauß C(2023)Remote Attestation with Constrained DisclosureProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627118(718-731)Online publication date: 4-Dec-2023
ZEKRO: Zero-Knowledge Proof of Integrity Conformance
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security
Article No.: 35, Pages 1 - 10
Abstract
In the race toward next-generation systems of systems, the adoption of edge and cloud computing is escalating to deliver the underpinning end-to-end services. To safeguard the increasing attack landscape, remote attestation lets a verifier reason about the state of an untrusted remote prover. However, for most schemes, verifiability is only established under the omniscient and trusted verifier assumption, where a verifier knows the prover’s trusted states, and the prover must reveal evidence about its current state. This assumption severely challenges upscaling, inherently limits eligible verifiers, and naturally prohibits adoption in public-facing security-critical networks. To meet current zero trust paradigms, we propose a general ZEro-Knowledge pRoof of cOnformance (ZEKRO) scheme, which considers mutually distrusting participants and enables a prover to convince an untrusted verifier about its state’s correctness in zero-knowledge, i.e., without revealing anything about its state.
References
[1]
Tamleek Ali 2010. Scalable, privacy-preserving remote attestation in and through federated identity management frameworks. In ICISA. IEEE, 1–8.
[2]
Sami Alsouri 2010. Group-based attestation: Enhancing privacy and management in remote attestation. In Trust and Trustworthy Computing. Springer.
[3]
Alcardo Alex Barakabitze 2020. 5G network slicing using SDN and NFV: A survey of taxonomy, architectures and future challenges. (2020).
[4]
David Chaum and Eugène van Heyst. 1991. Group signatures. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, 257–265.
[5]
Liqun Chen 2008. Property-based attestation without a trusted third party. In International Conference on Information Security. Springer, 31–46.
[6]
Heini Bergsson Debes. 2022. ZEKRO. https://github.com/HeiniDebes/ZEKRO
[7]
Ken Goldman. 2022. IBM’s Software TPM and TSS. Retrieved February 24, 2022 from sourceforge.net/projects/ibmswtpm2, sourceforge.net/projects/ibmtpm20tss
[8]
Hugo Krawczyk and Tal Rabin. 1998. Chameleon hashing and signatures. (1998).
[9]
Benjamin Larsen, Heini Bergsson Debes, and Thanassis Giannetsos. 2020. Cloudvaults: Integrating trust extensions into system integrity verification for cloud-based environments. In ESORICS. Springer, 197–220.
[10]
Wu Luo 2016. Partial attestation: towards cost-effective and privacy-preserving remote attestations. In 2016 IEEE Trustcom/BigDataSE/ISPA. IEEE.
[11]
Wu Luo 2019. Container-IMA: a privacy-preserving integrity measurement architecture for containers. In {RAID}. 487–500.
[12]
John Lyle and Andrew Martin. 2009. On the feasibility of remote attestation for web services. In CSE, Vol. 3. IEEE, 283–288.
[13]
NVD. 2021. CVE-2021-44228.
[14]
Andrew Paverd 2014. Modelling and automatically analysing privacy properties for honest-but-curious adversaries. Tech. Rep (2014).
[15]
Ahmad-Reza Sadeghi and Christian Stüble. 2004. Property-based attestation for computing platforms: caring about properties, not mechanisms. In NSPW. 67–77.
[16]
Reiner Sailer 2004. Design and Implementation of a TCG-based Integrity Measurement Architecture. In USENIX Security symposium, Vol. 13. 223–238.
[17]
Nuno Santos 2012. {Policy-Sealed} Data: A New Abstraction for Building Trusted Cloud Services. In 21st USENIX Security Symposium. 175–188.
[18]
TCG 2018. TCG Guidance for Securing Network Equipment. TCG.
[19]
TCG 2018. TPM 2.0 Keys for Device Identity and Attestation. TCG.
[20]
TCG. 2022. TPM 2.0 Library - Trusted Computing Group. Retrieved February 24, 2022 from trustedcomputinggroup.org/resource/tpm-library-specification/
[21]
K Watsen 2019. Secure zero touch provisioning (SZTP). Internet Requests for Comments, RFC Editor, IETF, Wilmington, DE, USA, Tech. Rep 8572(2019).
[22]
Siyuan Xin, Yong Zhao, and Yu Li. 2011. Property-based remote attestation oriented to cloud computing. In CIS. IEEE, 1028–1032.
[23]
Sachiko Yoshihama 2005. WS-Attestation: Efficient and fine-grained remote attestation on web services. In ICWS’05. IEEE.
Index Terms
- ZEKRO: Zero-Knowledge Proof of Integrity Conformance
Recommendations
Efficient Zero-Knowledge Proof Systems
Tutorial Lectures on Foundations of Security Analysis and Design VIII - Volume 9808A proof system can be used by a prover to demonstrate to one or more verifiers that a statement is true. Proof systems can be interactive where the prover and verifier exchange many messages, or non-interactive where the prover sends a single convincing ...
Definitions and properties of zero-knowledge proof systems
In this paper we investigate some properties of zero-knowledge proofs, a notion introduced by Goldwasser, Micali, and Rackoff. We introduce and classify two definitions of zero-knowledge: auxiliary-input zero-knowledge and blackbox-simulation zero-...
Memorizable interactive proof and zero-knowledge proof systems
AbstractInteractive proof and zero-knowledge proof systems are two important concepts in cryptography and complexity theory. In the past two decades, a great number of interactive proof and zero-knowledge proof protocols have been designed and applied in ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
August 2022
1371 pages
ISBN:9781450396707
DOI:10.1145/3538969
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 23 August 2022
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ARES 2022
ARES 2022: The 17th International Conference on Availability, Reliability and Security
August 23 - 26, 2022
Vienna, Austria
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 174Total Downloads
- Downloads (Last 12 months)48
- Downloads (Last 6 weeks)2
Reflects downloads up to 17 Feb 2025
Other Metrics
Citations
Cited By
View all- Eckel MGeorge DGrohmann BKrauß C(2023)Remote Attestation with Constrained DisclosureProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627118(718-731)Online publication date: 4-Dec-2023
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format