skip to main content
10.1145/3700838.3703676acmotherconferencesArticle/Chapter ViewFull TextPublication PagesicdcnConference Proceedingsconference-collections
research-article
Open access

Algebraic Signature based Trusted Execution Environment for Remote Computation

Published: 04 January 2025 Publication History

Abstract

Today, remote computational activities must be secure and private. Trusted Execution Environments (TEEs) enable hardware-based data and operation isolation. This method may expose users to side-channel attacks and software exploits. This paper offers a new remote computation protocol that uses Algebraic Signatures (AS) to secure TEE systems. This research proposes an efficient, scalable, and secure AS-based TEE framework. This AS-based protocol is evaluated extensively to show that it is a top key generation, signature computation, and verification solution. After a security study finds the strengths and weaknesses of the protocol, appropriate optimizations improve performance and security.

1 Introduction

Data and process security and privacy are crucial in the current digital landscape [12]. Trusted Execution Environment (TEE) hardware isolates sensitive activities and data from attacks. TEEs are vulnerable to side-channel attacks and software flaws despite their strong security. The most promising ways to improve TEE security are the use of Algebraic Signatures (ASs). Due to its high data integrity and authentication, AS is a perfect asymmetric cryptographic primitive for remote computation security [2, 9]. They trust outsourced computation in the cloud and distributed systems [14]. Integrating the AS schemes into TEE has enhanced many features, such as data integrity, computation integrity, leakage protection, and enhanced performance. AS-based TEEs excel in scalability and efficiency in multi-party computation and federated learning. These are fundamentally enabling applications that ensure data privacy and integrity. TEEs based on AS have the best prospects in remote storage computing, IoT, and other emerging industries that require security with computational performance.
Since threats to TEEs are evolving, they need more resilient security solutions. Given the rise of remote computation, security breaches will have profound effects. AS integration into TEEs provides strong data integrity and assurances of remote computing service trustworthiness. This augments sensitive data and operational security, providing long-term security for technologies critical to the digital economy [6].
On the other hand, remote attestation is essential and protects both remote software and hardware. Traditional approaches often poorly support the aspects of scalability, efficiency, and robustness against sophisticated attacks. Thus, the AS method can efficiently generate and verify signatures. However, more research is needed to determine the practical performance of the AS algorithm and security in different and dynamic contexts. Thus, the first research issue is: how efficient, flexible, and secure is the AS algorithm during remote attestation registration in different and dynamic environments? What optimizations can boost its efficacy? The AS algorithm has several potential benefits in remote attestation, particularly in signature generation and verification, but it needs to overcome various obstacles to be practical and stable. Key generation, signature generation, and verification, especially compared to previous approaches, must be considered. More investigation is needed to develop the scalability of the algorithm concerning the number of devices, memory block dimensions, and attestation request rate. A wide range of attacks against the security analysis-resistant algorithm will help pinpoint the vulnerabilities. AS algorithm seriously lacks improvement regarding both performance and security. A thorough test and analysis program to determine the feasibility of the AS algorithm on different hardware and network scenarios would be very helpful.

1.1 Motivation

Recent breach statistics underscore the vulnerabilities in TEEs, with 67% of 2023 attacks exploiting side-channel weaknesses. For example, financial institutions using TEEs for secure computations risk exposure through these flaws, highlighting a critical gap in TEE security. Integrating AS offers a promising solution, bolstering data integrity and resilience. However, AS schemes need further development to ensure scalability and robust performance in dynamic environments, crucial for secure applications across finance, IoT, and cloud systems.
In Section 2, we examine many different techniques. In Section 3, we examine the methodology employed in the design of our system model. Section 4 presents a discussion on the initial parameters required to construct our protocol. Subsequently, in Section 5, we comprehensively elaborate on the protocol. Section 6 is dedicated to a detailed examination of the correctness of the protocol. Section 7 outlines the experimental setup and results, accompanied by an analysis of the protocol’s efficiency and the associated verification delay. Finally, Section 8 offers a concluding summary.

2 Related Work

It enables users to outsource large computations from institutional and personal settings onto remote servers with maximum efficiency. The protocol does have, however, an insecurity against insider adversarial administrators. Paralleled in the same direction, this work presented MeetGo [11], a TEE based on FPGA independent from the host system architecture for securing remote computing. The MeetGo implementations in cryptocurrency wallet applications and general computation programs using GPUs proved acceptable, as they offered strong security at a low performance cost.
Moreover, the more IoT devices exist, the larger the storage needed to be replicated, with more powerful processing capabilities. Therefore, it effectively becomes a case of offloading data into the cloud because of the constraint of bounded storage and computing power on IoT devices. The current paper presents AIVCI [10], a publicly available integrity assurance framework for data operating in cloud-IoT architecture. Efficiently, it realizes the task of data auditing with security and privacy preservation, embedding the authentication services, homomorphic hash functions, and blind technology. Meanwhile, the better dynamic performance in data was contributed by the improved divideand-conquer table, while validation through security and performance assessment makes AIVCI effective.
This paper employed the use of Intel Software Guard Extensions (SGX) [4] for the purpose of file encryption via data sealing, thereby creating a virtual file system that serves to guarantee the security of data prior to its storage with third-party providers. The integration of Cryptomator, a client-side encryption tool with an SGX enclave, provides a feasible and secure solution with the potential for further development and integration with cloud synchronization services.
IBBE-SGX [3] represented a cryptographic Model that generates cloud storage extensible towards editing shared encrypted data efficiently and securely, reduces the computational cost for both scheme and storage, keeping zero-knowledge ends maintained using Intel SGX and Group partitioning technique. Our evaluation shows that IBBE-SGX is able to perform membership changes much faster with much less generated metadata when compared with traditional hybrid encryption schemes. Cloud databases enjoy higher performance and better storage, but they require strong mechanisms for both confidentiality and integrity. To the best of our knowledge, this paper introduces a composite model using a TEE for the integrity of the database code and homomorphic encryption [7] for data encryption. This paper showed the realization of the above methodology in modern systems for multi-party computation and demonstrated a voting system built on top of these functionalities.
This paper presented a comprehensive overview of the evolution and applications of Intel SGX processors [15], with a particular focus on developments since their introduction in 2013. A comprehensive analysis of 128 SGX-related papers from major academic databases is presented, encompassing SGX’s operational environment, applications, attack methodologies, and recent advancements in security. The study offers a detailed examination of the technology’s strengths, limitations, and potential avenues for future research. The objective of this review is to assist both developers and users in comprehending and advancing the technology of SGX.
This paper identified deficiencies in the resilience of traditional secure processors against side-channel attacks. It proposes OTS-SKE (One-Time Signature with Secret Key Exposure) as a novel cryptographic primitive for secure attestation in cloud computing [8]. This is presented in reference to the cited source. OTS-SKE guarantees that even when all session keys are disclosed, it is not possible for adversaries to forge valid signatures, thereby enhancing security in environments vulnerable to side-channel observations. Furthermore, the introduction of a secure co-processor dedicated solely to key generation serves to minimise the trusted computing base. The experimental results demonstrate that OTS-SKE offers a faster signing process in comparison to key-insulated schemes and the elliptic curve digital signature algorithm, which are utilised in Intel SGX.
A TEE provides isolated hardware security, but presents challenges in debugging and performance tuning due to its invisibility from the normal OS and the varying hardware/software architectures across CPUs (e.g., Intel SGX, RISC-V Keystone, Arm TrustZone). To accurately assess TEE performance, the authors propose TS-perf [13], a compiler-based method that accesses hardware timestamp counters in both the TEE and rich execution environment. This approach ensures precise logging of performance metrics. TS-perf employs a unified benchmarking approach across TEE architectures, evaluating internal APIs and common tasks such as matrix multiplication and memory access. This allows the identification of performance disparities and the elucidation of nuances in the behaviour of trusted applications.
Figure 1:
Figure 1: Proposed System Model Architecture

3 System and Adversary Model

Here Figure 1 we now describe the system model architecture.

3.1 Proposed System Model Architecture

Here we have a similar client-server architecture. In server, there are three entities TEE, application program, and file storage. We discussed all of this working model below.

3.1.1 Remote Client PC.

The client transmits the files in question to the server for the purposes of storage and security. Upon the client’s requirement to access the files, a request is transmitted to the server. Upon receipt of the request, the server will then proceed to provide the file set in question. In the event that the client is successfully authenticated, they will be granted access to the files in question.

3.1.2 Remote Cloud Server.

The cloud server at the remote end bears the responsibility of ensuring the security and integrity of files stored on its platform. Upon receipt of a set of files, the remote cloud server generates a unique AS for each of them. The AS is, in fact, a unique identifier that facilitates the maintenance of the files’ integrity. The confidential data of the files, along with their ASs, are stored in a TEE by the server itself. This would ensure the secure storage of sensitive information and protection from unauthorised access.
Subsequently, following the secure storage of data and their signatures within the TEE, the server transmits the files to the application program. The application program, acting as an intermediary, transmits files to designated file storage systems for long-term storage. This multi-step process guarantees the secure storage of files and the maintenance of their integrity throughout their life cycle. Upon receipt of a request from the client for access to stored data, the TEE initiates the retrieval of all files associated with the client’s request. Subsequently, the process transmits the files to the client, appending a Message Authentication Code to each file. The integrity and authenticity of the received files can be verified by generating ASs of the demanded files at the TEE and comparing them with the stored ones. In the event of a match between the signatures, it is confirmed that the client is genuine, and the client is granted access to the data blocks.
TEE: Security and integrity of stored files depend on it. After receiving files, the remote cloud server generates an AS for each. After then, the server stores the file’s confidential data with its AS in the TEE, a locked-down region of the main processor for sensitive data.
Service Enclave: Accomplishes protected applications and sensitive data.
Provisioning Enclave: It generates the private signing key to maintain its Cryptographic identity.
Quoting Enclave: This attested the report generated by Provisioning Enclave.
File Storage: as it receives files from the Application Program, it stores them in its database and forwards them as requested.
Application Program: An intermediate state between TEE and File Storage. The AS will keep TEE files in the database after generation. Requesting gives the client access and vice versa.

4 Preliminaries

We discussed some base implementation techniques for better understanding our protocol. The techniques are algebraic signature overview, TEE, SGX and the Diffe-Hellman key exchange algorithm.

4.1 Algebraic Signatures Overview

The Galois field supports fundamental algebraic operations [10] such as addition, multiplication, division, and subtraction. Within this framework, ASs possess unique properties. Consider Info F composed of n sub-blocks:
F = {F1, F2, …, Fn}
where each Fi belongs to the Galois-field GF(2l) for i = 1, 2, …, n. The AS of F with a parameter α is defined as:
\({\bf Sig}_\alpha (F) = {\bf Sig}_\alpha (F_1, F_2, \ldots , F_n) = \sum _{i=1}^{n} F_i \alpha ^i\)
Here, α represents a unique element within GF(2l). This signature exhibits properties of additive and cascading homomorphisms.
(1)
Given datasets G = {G1, G2, …, Gn} and F = {F1, F2, …, Fn}, the AS for G + F with the variable α is calculated as:
Sigα(G + F) = Sigα(G) + Sigα(F)
\begin{align*} {\bf Proof:} {\bf Sig}_\alpha (G + F) &= \sum _{i=1}^{n} (G_i + F_i) \alpha ^i \\ &= \sum _{i=1}^{n} G_i \alpha ^i + \sum _{i=1}^{n} F_i \alpha ^i \\ &= {\bf Sig}_\alpha (G) + {\bf Sig}_\alpha (F)\end{align*}
(2)
For datasets F = {F1, F2, …, Fn} and G = {G1, G2, …, Gm}, the AS of the concatenated data FG with the parameter α can be determined as:
Sigα(FG) = Sigα(F) + αnSigα(G)
\begin{align*} {\bf Proof:} {\bf Sig}_\alpha (F \Vert G) &= \sum _{i=1}^{n} F_i \alpha ^i + \sum _{i=1}^{m} G_i \alpha ^{n+i} \\ &= \sum _{i=1}^{n} F_i \alpha ^i + \alpha ^n \sum _{i=1}^{m} G_i \alpha ^i \\ &= {\bf Sig}_\alpha (F) + \alpha ^n {\bf Sig}_\alpha (G)\end{align*}

4.2 Base of Diffie-Hellman Key Exchange Algorithm

In the realm of cryptography [1], let a and b be elements of the multiplicative group of integers modulo n, denoted as \(\mathbb {Z}_n^*\). Consider a cyclic multiplicative group (G, *) of prime order n with a generator gG. The Computational Diffie-Hellman Problem (CDHP) involves finding an element hG such that h = gab given g, ga, and gb. This problem can be no harder than the Discrete Logarithm Problem (DLP), since solving the DLP for either ga or gb allows one to compute gab. However, the reverse relationship—whether the DLP is harder than the CDHP—remains an open question. Some research suggests a potential equivalence between these two problems, but definitive proof has yet to be established.
The Gap Diffie-Hellman Problem (GDHP) introduces another layer of complexity by leveraging a Decision Diffie-Hellman (DDHP) oracle. The DDHP determines whether a given element gc is equal to gab for given g, ga, and gb. In gap Diffie-Hellman groups, which are specific types of groups where a DDHP oracle is readily available, the GDHP and CDHP are equivalent. This means that the presence of a DDHP oracle does not simplify the process of solving the CDHP. The equivalence of these problems in gap Diffie-Hellman groups ensures that having access to a DDHP oracle does not provide any additional advantage, thereby maintaining the cryptographic strength of protocols relying on these assumptions. Understanding these relationships is crucial for analyzing and ensuring the security of cryptographic systems such as the Diffie-Hellman key exchange.

4.3 Trusted Execution Environment (TEE)

TEEs offer remote attestation, another key feature. Thus, a TEE can generate a cryptographic certify of its trustworthiness that third parties can verify. This ensures that TEE code and data execute as specified and are not modified or compromised. The content of a TEE is dynamic and securely updated, not static. It permits repairing flaws and adding new features without compromising the TEE’s integrity, making it vital to its long-term safety. It will be built to resist any software attacks, including OS and other program vulnerabilities. The chip protects main memory from physical attacks and assures data security in hardware compromises. TEE prohibits backdoor security threats by design. Strict security procedures ensure timely vulnerability patch updates. Many applications, such as Secure Payments, Digital Right Management, Secure Communication, Authentication, and Identity Management, require a TEE for organizational security.

4.4 SGX

Intel’s Software Guard Extensions TEE protects applications against software risks from BIOS and OS to hypervisor to user apps. A key feature of SGX is that it treats system memory as outside its TCB. Memory reads and writes are encrypted for security, and hardware guarantees their integrity and replay resilience.
In SGX, the "enclave" is a secure container that stores code, data, and metadata needed to execute software functions. The contents are plain text and publicly auditable at creation. It secures enclave instantiation, cryptographic specification verification, and memory block locking. It also optimizes isolation of the enclave from all other software on a system, regardless of privilege level, including other enclaves.
A remote platform user must follow a protocol to believe an enclave. The user first interacts with enclave without trust. Both parties use a key-exchange protocol like Diffie-Hellman to create a shared secret key Kshared. The user confirms the enclave’s authenticity and the SGX platform’s legitimacy through a "Remote Attestation" mechanism guarded by SGX and remotely trusted attestation servers (currently Intel, with plans for extension).
The enclave generates an authenticated "REPORT" during attestation using SGX EREPORT instruction. This REPORT contains unique enclave identification and a 64-byte user data field. Two Intel-signed enclaves are used for verification:
Provisioning Enclave (PE): The PE generates a private digital signing key \(K_{\text{priv}\_\text{sign}}\) that allows an external resource (currently an Intel server) to sign the public key \(K_{\text{pub}\_\text{sign}}\) and issue a digital certificate. This is called "platform provisioning." The PE-generated signature key verifies the platform’s cryptographic identity without encoding it in the processor.
Quoting Enclave (QE): Exclusive access to \(K_{\text{priv}\_\text{sign}}\) allows the QE to sign a REPORT from an enclave on the same platform.

5 Proposed Work

The proposed algorithm describes secure key creation, key exchange, remote file consignment, and remote file access in a TEE. The algorithm uses Diffie-Hellman key exchange and AS algorithms to secure data.

5.1 Key Generation for QE

Description: The Provisioning Enclave (PE) generates the public key pk and, for each session i from 0 to N − 1, generates a session secret key ki. The PE then shares the public key pk and the session secret keys {ki} with the Quoting Enclave (QE) with two random numbers r1 and r2.
\[(pk, \lbrace k_i\rbrace _{i=0}^{N-1}, r_1 ,r_2) \leftarrow \text{KEYGEN}\]

5.2 Secure Key Exchange for SE

The client and the service enclave perform a Diffie-Hellman key-exchange to create a secret key which is shared (Kshared).
The service enclave generates a report containing the hash of Kshared (with 64 bytes) and creates an EREPORT.
The service enclave forwards the EREPORT to the Quoting Enclave (Q.E.).
The Q.E. confirms the EREPORT.
The Q.E. signs the REPORT with its private key
(Sign \(_{\text{sig}^{\text{prikey}}}\) (REPORT)) and sends it back to the service enclave.
The service enclave forwards the signed REPORT
(Sign \(_{\text{sig}^{\text{prikey}}}\) (REPORT)) to the client.
The client forwards the signed REPORT to the Intel Attestation Server (IAS).
The IAS verifies the signed REPORT using its public key (sigpubkey).
Upon successful verification, IAS confirms the connection establishment with the client.

5.3 Secure Remote File Consign

The client will consign data to the server, encrypting it using Enckr(F) and generating a MAC using MACkr(F). This encrypted data and its MAC are stored in a normal application provider’s storage while corresponding sensitive information is saved in a TEE. The TEE uses an AS scheme for verification, denoted by the parameter Sigα(·).
For each verification i from 1 to t
Compute ki = fk(r1 + i).
Initialize c = 0.
For each block j from 1 to s:
Compute \(l_j = \sigma _{k_i}(r_2 + j)\).
Add F[lj] to c.
Compute τ = Sigα(c).
Send the ⟨F⟩ to the application program and keep ⟨τ⟩.

5.4 Secure Remote File Access

Whenever the client sends the instruction to access the block, the TEE will send MACkr(hash(F)). If the verification is correct, then access is granted.
Client sends an instruction set I.
Then The TEE will make its corresponding challenge vector V = v1, v2,....vt
Each instruction vi is associated with a corresponding file fi :v1f1, v2f2,....vifi
All the files are shared with the client using a shared key kshared :
\begin{equation}\text{MAC}_{k_{\text{shared}}} [F_i]\end{equation}
(1)
Compute μ as the summation of vi · fi for i = 1 to t and j = 1 to s:
\begin{equation}\mu = \sum _{i=1}^{t} v_i \cdot F_i\end{equation}
(2)
Compute Sigα(μ) as the summation of vi · τi which is denoted as η :
\begin{equation}\boxed{\text{Sig}_{\alpha }(\mu) = \eta }\end{equation}
(3)
item If this is verified, the client will get access to the file

6 Security Analysis

Here We have to prove the correctness and soundness analysis of our proposed protocol. We also mentioned the security analysis of functional requirements and also compared security properties from different paper.

6.1 Correctness Analysis

We are going to find the correctness analysis and whether we can grant access to the original client or not. So, we have to prove the equality of Eq. (3) as follows:
\begin{equation}\begin{split} \eta & = \sum _{i=1}^{t} v_i \cdot \tau _i \\ & = \sum _{i=1}^{t} v_i \cdot \sum _{j=1}^{s} f_{ij} \cdot \alpha ^j \end{split}\end{equation}
(4)
\begin{equation}\begin{split} Sig_{\alpha }(\mu) & = Sig_{\alpha }(\sum _{i=1}^{t} v_i \cdot F_i) \\ & = \sum _{i=1}^{t} v_i \cdot Sig_{\alpha }(F_i) \\ & = \sum _{i=1}^{t} v_i \cdot \sum _{j=1}^{s} f_{ij} \cdot \alpha ^j \end{split}\end{equation}
(5)
Since Eq. (4) and Eq. (5) are equal, we can conclude that the correctness of the algorithm holds which means the client will grant access if he is genuine.

7 Performance Analysis

This section describes our experiment and its outcomes. In the experimental result, we discuss computation, communication, and efficiency analysis. We also examine verification delay when numerous customers access the remote cloud server.

7.1 Experimental Setup

The trials were run on a 12th Gen Intel® CoreTM i5-1240P with 8 cores, running at 1.70 GHz (max 4.40 GHz) on Ubuntu 16.04. We used g++ 10.2 and Crypto++ [5] to construct the protocol.

7.2 Experimental Results

We may compare our model to others to analyze computation costs. To simplify the computation cost to its most dominant terms, we focus on the largest components and reduce the complexity. The combined total computation cost involves the following steps:
Key Generation for TEE: Generating keys and random numbers will cost O(1) time as it is randomly generated.
Secure Key Exchange of TEE: We have used the Diffie-Hellman Key Exchange Algorithm which time complexity is approximately O(logn) time. Here we are generating keys t times so the approximate time complexity will be O(logt).
Secure Remote File Consign: Here the computation cost is O(t · s). here we have t number of verification for each verification c blocks are required.
Secure Remote File Access: Generating the challenge vector on receiving Instruction will cost approximately O(t) time and computing the η also takes O(t) time.
Summing these, the total computation cost is:
\begin{equation}\begin{aligned} O(1) + O(logt) + O(t\cdot s) + O(t) = O(t \cdot s) \end{aligned}\end{equation}
(6)
So the approximate computational cost is O(t · s).

7.3 Efficiency Analysis

Create with To demonstrate how our system might be used, consider the following scenario: Files have 16 kB block size, 512-bit algebraic signatures Sigα, and a 2 GB file (F) with 125,000 blocks. For Setup Using the file and tags, the client stores its file on the remote storage server. 8 MB extra storage is available. Client-key storage uses 1024-bit secret keys with a few random numbers below 2048 bits. In the Challenge phase, it is utilized for Diffie-Hellman Key exchange for τ and MAC for sending f between client and server. One task involves the client requesting a 1024-bit secret key from the server for 2048 bits. If the server deletes at least two of F, the client can identify server wrongdoing with a probability better than 98 by requesting proof for c = 480 randomly picked blocks. Server response is about 16 kB.
Clients and servers employ Diffie-Hellman Key Exchange to generate τ and a MAC for transmitting f during the challenge phase. In this step, the client sends the server 2048 bits, or the 1024-bit secret key. Suppose the server accidentally deletes at least 2% of file F. If so, the client may analyze proofs for c = 480 randomly picked blocks and discover misbehavior with over 98% probability. About 16 KB was returned by the server for this challenge.

7.4 Verification Delay

We evaluate verification delays for varied customer quantities. Verification takes 158 ms for 100 clients. The delay increases substantially with client count. When there are 1000 clients, verification takes 3960 ms. Figure 2 shows that verification delays rise with more clients.
Figure 2:
Figure 2: The verification delay for multiple clients

8 Conclusion

This research provides a TEE-based AS algorithm-based RA protocol. Remote computation becomes more secure, scalable, and efficient. The TEE-based system with AS performs robustly and scalable in all circumstances, protecting data integrity and authenticity. Analysis of security models for the system’s strengths reveals vulnerabilities, allowing additional optimizations. A secure execution system protected important processes and data against sophisticated attackers. Our study revealed a verification delay, which we will address soon. We will optimize the verification process to reduce delay and increase system performance. To boost resistance against emerging threats, we will soon combine the AS algorithm with other security methods. It will keep the AS-TEE framework stable and efficient in increasingly complex computing environments.

Acknowledgments

This work was supported in part by the IHUB NTIHAC Foundation, Indian Institute of Technology (IIT) Kanpur, under Grant IHUB-NTIHAC/2021/01/3; and in part by the Ministry of Education, Government of India.

References

[1]
Manuel Barbosa. 2005. Identity based cryptography from bilinear pairings. Technical Report. Universidade do Minho. Centro de Ciências e Tecnologias da Computação (CCTC).
[2]
Mihir Bellare and Phillip Rogaway. 2001. Introduction to modern cryptography. Lecture Notes (2001).
[3]
Stefan Contiu, Rafael Pires, Sébastien Vaucher, Marcelo Pasin, Pascal Felber, and Laurent Réveillère. 2018. IBBE-SGX: Cryptographic group access control using trusted execution environments. In 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 207–218.
[4]
Marciano da Rocha, Dalton Cézane Gomes Valadares, Angelo Perkusich, Kyller Costa Gorgonio, Rodrigo Tomaz Pagno, and Newton Carlos Will. 2020. Secure cloud storage with client-side encryption using a trusted execution environment. arXiv preprint arXiv:https://arXiv.org/abs/2003.04163 (2020).
[5]
Wei Dai. Last Time Accessed Sep-2024. Crypto++: A free C++ class library of cryptographic schemes. Online Version 8.9 (Last Time Accessed Sep-2024). https://cryptopp.com/
[6]
Nir Drucker and Shay Gueron. 2017. Combining homomorphic encryption with trusted execution environment: a demonstration with paillier encryption and SGX. In Proceedings of the 2017 international workshop on managing insider security threats. 85–88.
[7]
Nir Drucker and Shay Gueron. 2018. Achieving trustworthy Homomorphic Encryption by combining it with a Trusted Execution Environment. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. 9, 1 (2018), 86–99.
[8]
Deniz Gurevin, Chenglu Jin, Phuong Ha Nguyen, Omer Khan, and Marten van Dijk. 2023. Secure remote attestation with strong key insulation guarantees. IEEE Trans. Comput. (2023).
[9]
W Cary Huffman, Jon-Lark Kim, and Patrick Solé. 2021. Concise encyclopedia of coding theory. Chapman and Hall/CRC.
[10]
Yanping Li, Zirui Li, Bo Yang, and Yong Ding. 2023. Algebraic signature-based public data integrity batch verification for cloud-IoT. IEEE Transactions on Cloud Computing 11, 3 (2023), 3184–3196.
[11]
Hyunyoung Oh, Kevin Nam, Seongil Jeon, Yeongpil Cho, and Yunheung Paek. 2021. MeetGo: A trusted execution environment for remote applications on FPGA. IEEE Access 9 (2021), 51313–51324.
[12]
Kingsley Okoli and Yana Bekeneva. 2024. Balancing security and user experience in the evolving digital landscape. In E3S Web of Conferences. EDP Sciences.
[13]
Kuniyasu Suzaki, Kenta Nakajima, Tsukasa Oi, and Akira Tsukamoto. 2021. Ts-perf: General performance measurement of trusted execution environment and rich execution environment on intel sgx, arm trustzone, and risc-v keystone. IEEE Access 9 (2021), 133520–133530.
[14]
Newton C Will and Carlos A Maziero. 2023. Intel software guard extensions applications: A survey. Comput. Surveys 55, 14s (2023), 1–38.
[15]
Wei Zheng, Ying Wu, Xiaoxue Wu, Chen Feng, Yulei Sui, Xiapu Luo, and Yajin Zhou. 2021. A survey of Intel SGX and its applications. Frontiers of Computer Science 15 (2021), 1–15.

Index Terms

  1. Algebraic Signature based Trusted Execution Environment for Remote Computation

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    ICDCN '25: Proceedings of the 26th International Conference on Distributed Computing and Networking
    January 2025
    460 pages
    ISBN:9798400710629
    DOI:10.1145/3700838

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 04 January 2025

    Check for updates

    Author Tags

    1. Trusted Execution Environment
    2. Remote Attestation
    3. Algebraic Signature
    4. Intel SGX.

    Qualifiers

    • Research-article

    Conference

    ICDCN 2025

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 223
      Total Downloads
    • Downloads (Last 12 months)223
    • Downloads (Last 6 weeks)116
    Reflects downloads up to 23 Feb 2025

    Other Metrics

    Citations

    View Options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Login options

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media