Within the RAINBOW action, the partners in work-package 2 (security and trust for fog and cross-cloud services), successfully delivered the final deliverables on collective attestation and runtime verification. In this task the partners invested a lot of research in relation to security and privacy.
Some of the noteworthy outcomes are:
- Rainbow security and privacy-preserving attestation enables
- Control flow enabler
- Formal models of the attestation protocols
In point 1, the partners introduced the use of a TPM as a secured storage for sensitive information like keys and as an enabler for a privacy-preserving algorithm called Direct Anonymous Attestation. Furthermore, the partners gave an overview how reinforced zero-touch configuration functionality within the attestation toolkit works.
In point 2, they introduced ZEKRA, a Zero-Knowledge Runtime Attestation a privacy-respecting control-flow attestation protocol. This protocol augments existing control-flow attestation schemes by encasing the rigorous task of verifying that a program’s execution path is benign according to the program’s CFG in a verifiable zkSNARK proof. This enables provers to convince untrusted verifiers of a program’s benign execution without disclosing the executed path or the program’s Control Flow Graph (CFG).
As point 3, finally, work-package 2 (security and trust for fog and cross-cloud services) also modeled and verified the RAINBOW attestation protocols with the latest rigorous analysis toolings, thus improving the protocols and increasing the trustworthiness of the RAINBOW collective attestation services.
If you are interested in the details check out the last version of the deliverable here.