Introduction to TEE

A Trusted Execution Environment (TEE) is engineered to assure the confidentiality and integrity of computations. It constitutes an isolated compartment capable of storing sensitive data and issuing attestations to verify the accuracy of computations. In practice, Intel SGX and ARM Trustzone are popular candidates of TEE.

Key Characteristics of TEE:

• Isolation: Code and data inside the TEE are isolated from the rest of the system.

• Integrity: Ensures that the computations performed are not tampered with.

• Confidentiality: Protects sensitive data from being exposed during computation.

Although a few side-channel attacks have been explored against those TEE candidates, new designs and fixes are proposed on a monthly basis. Hence, We uses TEE as an acceptable hardware shield to ensure privacy and logical correctness of key component data. In our research, our benchmarks are executed on the Intel SGX platform for its readily deployed remote attestation infrastructure; however, we emphasize that our protocol can also be implemented on any other TEE platforms.

Device remote Attestation

Device remote attestation is a crucial security process that allows a relying party, such as a server or service, to verify the authenticity of a specific device. In the context of cybersecurity, attestation serves as a means to ensure that a device is genuine, has not been tampered with, and is operating as expected. This process is particularly important for devices that play a critical role in user authentication and data protection, such as hardware security keys.

The attestation process typically involves the generation of an attestation statement by the device, which includes a cryptographic signature and other metadata. The relying party then verifies the attestation statement by checking the cryptographic signature and metadata, confirming that the statement came from a genuine device. This verification process provides an added layer of security, ensuring that only trusted devices can access sensitive information and services.

On-chain Device Remote Attestation

In the traditional device attestation process, a relying party, such as a server or service, is responsible for verifying the authenticity of a device. However, this approach has limitations in terms of transparency and accessibility. To address these issues, we have implemented a novel approach by replacing the relying party with an on-chain contract. In this new model, the attestation statement generated by the device is verified and stored on a blockchain. This approach offers several advantages:

• It provides a transparent and tamper-proof record of the attestation, as the attestation statement is immutably stored on the blockchain.

• It allows anyone to publicly access and verify the attestation statement, enhancing the trustworthiness of the attestation process.

By leveraging the decentralized and secure nature of blockchain technology, we can ensure that the device attestation process is more robust, transparent, and accessible to all.