Search papers, labs, and topics across Lattice.
This paper introduces the Heterogeneous Mutual Attestation (Hema) protocol, designed for the mutual attestation of trusted application (TA) instances across different trusted execution environments (TEEs). By providing a dedicated solution for cross-TEE attestation, Hema enhances both the efficiency and security of communications between heterogeneous components in cloud services. The protocol is formally verified, ensuring robust security guarantees while facilitating interoperability among various TEE types, such as SGX and TrustZone.
Cross-TEE mutual attestation can significantly streamline secure communications in cloud environments, eliminating the need for each TEE type to support all others' attestation stacks.
Cloud services are composed of multiple heterogeneous distributed components and instances that communicate with one another. This occurs both in applications and services running in traditional execution environments and in trusted applications (TAs) running in trusted execution environments (TEEs). TA instances use attestation before exchanging information to ensure all parties meet the expected security conditions. The straightforward solution to mutually attesting two TA instances that are willing to communicate is employing remote attestation mechanisms in both directions. This is typically the case when the two TA instances are running on TEEs of the same type. In order to support cross-TEE attestation, such an approach, that is, using remote attestation in both directions, would require each TEE type (e.g., SGX, TrustZone) to support the attestation software stack of all other TEE types with which it needs to interact. A dedicated cross-TEE mutual attestation solution has multiple benefits in terms of efficiency and security. This paper presents the Heterogeneous Mutual Attestation (Hema) protocol, a formally-verified protocol for the mutual attestation of TA instances running on the same TEE type or on different TEE types.