Skip to main content
SpringerLink
Log in

A collective attestation scheme towards cloud system

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Considering cloud computing continues to grow and flourish, the increasing number of cloud infrastructures results in unlimited resources and convenient pay-as-you-go services, which makes it essential to ensure software integrity (including OS, apps, and configurations) on such massive devices to guarantee both privacy and safety. As a key technical solution, remote attestation allows a remote entity to validate integrity state of targeted cloud devices. Aiming to attest the real integrity state of cloud system and improve scalability and efficiency of existing scheme, a Collective Attestation scheme towards Cloud System named CACS is presented in this paper. First, in order to promote scalability, CACS proposes an attestation scheme based on cooperation between cloud servers. Second, to increase efficiency, CACS puts forward Attestation Relationship Tree structure, which could determine the cooperative objects and tasks during the collective attestation. Besides, identity-based aggregation signature technology is adopted to quickly verify the authenticity of integrity report about cloud servers. To evaluate the efficiency and scalability, CACS is simulated in a large-scale cloud system. Experimental results show that not only is CACS able to effectively prove a cloud system of 30,000 nodes in 19.9 s, but also it could perform well in terms of scalability compared to current cloud system attestation schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Petrolo, R., Loscri, V., Mitton, N., et al.: Towards a smart city based on cloud of things, a survey on the smart city vision and paradigms[C]. Trans. Emerg. Telecommun. Technol. 28(1), e2931 (2017)

    Article  Google Scholar 

  2. Miah, S.J., Hasan, J., John, G.: On-cloud healthcare clinic: an e-health consultancy approach for remote communities in a developing country. Telematics Inform. 34(1), 311–322 (2017)

    Article  Google Scholar 

  3. Lee, Y.T., Hsiao, W.H., Huang, C.M., et al.: An integrated cloud-based smart home management system with community hierarchy. IEEE Trans. Consum. Electron. 62(1), 1–9 (2016)

    Article  Google Scholar 

  4. Ever, E.: Performability analysis of cloud computing centers with large numbers of servers. J. Supercomput. 73(5), 2130–2156 (2017)

    Article  Google Scholar 

  5. Shukla, V., Jain, A.: Design and analysis of high speed optical routers for next generation data centre network. J. Eng. Res. 6(2), 122–137 (2018)

    Google Scholar 

  6. Waldrop, M.M.: The chips are down for Moore’s law. Nature 530(7589), 144–147 (2016)

    Article  Google Scholar 

  7. Xiao, Y., Zhang, X., Zhang, Y., et al. One bit flips, one cloud flops: cross-VM row hammer attacks and privilege escalation. USENIX security symposium, pp. 19–35 (2016).

  8. Liao, X., Alrwais, S., Yuan, K., et al. Lurking malice in the cloud: understanding and detecting cloud repository as a malicious service. In: Computer and communications security, pp. 1541–1552 (2016).

  9. Tak, B.C., Isci, C., Duri, S.S., et al. Understanding security implications of using containers in the cloud. USENIX annual technical conference, pp. 313–319 (2017).

  10. Sohal, A.S., Sandhu, R., Sood, S.K., et al.: A cybersecurity framework to identify malicious edge device in fog computing and cloud-of-things environments. Comput. Secur. 74, 340–354 (2018)

    Article  Google Scholar 

  11. Cloud Security Alliance. Top threats to cloud computing: egregious eleven. https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-egregious-eleven, 2019-08-06/2020-07-08.

  12. Asha, B. Alteryx S3 leak leaves 123m American households exposed. https://www.zdnet.com/article/alteryx-s3-leak-leaves-120m-american-households-exposed/. 2017-12-19/2020-07-08.

  13. Ali, T., Ismail, R., Musa, S., et al.: Design and implementation of an attestation protocol for measured dynamic behavior. J. Supercomput. 74(11), 5746–5773 (2018)

    Article  Google Scholar 

  14. Santos, N., Gummadi, K.P., Rodrigues, R. et al. Towards trusted cloud computing. In: IEEE international conference on cloud computing technology and science, pp. 1–5 (2009).

  15. Partha, S., Pritam, S., Sunirmal, K. A distributed approach towards trusted cloud computing platform. In: Applications and innovations in mobile computing, pp. 146–151 (2005).

  16. Asokan, N., Brasser, F., Ibrahim, A., et al. SEDA: scalable embedded device attestation. In: Computer and communications security, pp. 964–975 (2015).

  17. Stephen, A., Benedict, S., Kumar, R.P., et al.: Monitoring IaaS using various cloud monitors. Cluster Comput. 22(5), 12459–12471 (2019)

    Article  Google Scholar 

  18. Balasubramanian, V., Mala, T.: Cloud data integrity checking using bilinear pairing and network coding. Cluster Comput. 22(3), 6927–6935 (2019)

    Article  Google Scholar 

  19. Vijayakumar, K., Arun, C.: Continuous security assessment of cloud based applications using distributed hashing algorithm in SDLC. Cluster Comput. 22(5), 10789–10800 (2019)

    Article  Google Scholar 

  20. Ali, T., Nauman, M., Jan, S., et al.: Trust in IoT: dynamic remote attestation through efficient ehaviour capture. Cluster Comput. 21(1), 409–421 (2018)

    Article  Google Scholar 

  21. Nunes, I.O., Dessouky, G., Ibrahim, A., et al. Towards systematic design of collective remote attestation protocols. In: International conference on distributed computing systems, pp. 1188–1198 (2019).

  22. Ibrahim, A. Collective attestation: for a stronger security in embedded networks. In: Symposium on reliable distributed systems, pp. 267–268 (2018).

  23. Tan, H., Tsudik, G., Jha, S., et al.: MTRA: multi-tier randomized remote attestation in IoT networks. Comput Secur 81, 78–93 (2019)

    Article  Google Scholar 

  24. Dushku, E., et al.: SARA: Secure asynchronous remote attestation for IoT systems. IEEE Trans. Inf. Forensics Secur. 15, 3123–3136 (2020)

    Article  Google Scholar 

  25. Sailer, R., Zhang, X., Jaeger, T., et al. Design and implementation of a TCG-based integrity measurement architecture. USENIX security symposium, pp. 16–16 (2004).

  26. Xing, B., Han, Z., Chang, X., et al.: OB-IMA: out-of-the-box integrity measurement approach for guest virtual machines. Concurr. Comput. 27(5), 1092–1109 (2015)

    Article  Google Scholar 

  27. Shim, K.: An ID-based aggregate signature scheme with constant pairing computations. J. Syst. Softw. 83(10), 1873–1880 (2010)

    Article  Google Scholar 

  28. Schuster, F., Costa, M., Fournet, C., et al. VC3: Trustworthy data analytics in the cloud using SGX. In: IEEE symposium on security and privacy, pp. 38–5, (2015).

  29. Hua, Z., Gu, J., Xia, Y., et al. vTZ: virtualizing {ARM} TrustZone. USENIX security symposium, pp. 541–556 2017().

  30. Baumann, A., Peinado, M., Hunt, G.C., et al.: Shielding applications from an untrusted cloud with haven. ACM Trans. Comput. Syst. 33(3), 1–26 (2015)

    Article  Google Scholar 

  31. Wang, J., Hong, Z., Zhang, Y., et al.: Enabling security-enhanced attestation with intel SGX for remote terminal and IoT. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 37(1), 88–96 (2018)

    Article  Google Scholar 

  32. Arnautov, S., Trach, B., Gregor, F., et al. SCONE: secure Linux containers with Intel SGX. Operating systems design and implementation, pp. 689–703 (2016).

Download references

Acknowledgements

This work was supported in part by the National Natural Science Foundation of China under Grant No. 61472429, Beijing Natural Science Foundation, P.R. China under Grant No. 4122041, and National High-Tech Research Development Program of China under Grant No. 2007AA01Z414.

Author information

Authors and Affiliations

  1. School of Information, Renmin University, Beijing, China

    Yuan Song, Wenchang Shi, Bo Qin & Bin Liang

  2. Key Laboratory of Data Engineering and Knowledge Engineering (Renmin University of China) of Ministry of Education, Beijing, China

    Yuan Song, Wenchang Shi, Bo Qin & Bin Liang

Authors
  1. Yuan Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenchang Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bo Qin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bin Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wenchang Shi.

Ethics declarations

Conflict of interests

The authors declare that they have no conflict of interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Song, Y., Shi, W., Qin, B. et al. A collective attestation scheme towards cloud system. Cluster Comput 26, 2467–2478 (2023). https://doi.org/10.1007/s10586-020-03174-3

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-020-03174-3

Keywords

Search

Navigation