TVRAVNF:基于 TEE 的高效低成本虚拟网络功能远程验证方案

IF 3.9 4区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Jie Yuan, Rui Xu, Xinghai Wei, Keji Miao, Dongxiao Liu
{"title":"TVRAVNF:基于 TEE 的高效低成本虚拟网络功能远程验证方案","authors":"Jie Yuan, Rui Xu, Xinghai Wei, Keji Miao, Dongxiao Liu","doi":"10.1186/s42400-024-00235-7","DOIUrl":null,"url":null,"abstract":"<p>With the continuous advancement of virtualization technology and the widespread adoption of 5G networks, the application of the Network Function Virtualization (NFV) architecture has become increasingly popular and prevalent. While the NFV architecture brings a lot of advantages, it also introduces security challenges, including the effective and efficient verification of the integrity of deployed Virtual Network Functions (VNFs) and ensuring the secure operation of VNFs. To address the challenge of efficiently conducting virtual remote attestation for VNFs and establishing trust in virtualized environments like NFV architecture, we propose TVRAVNF, which is a highly efficient and low-cost TEE-based virtual remote attestation scheme for VNFs. The scheme we proposed ensures the security and effectiveness of the virtual remote attestation process by leveraging TEE. Furthermore, we introduces a novel local attestation mechanism, which not only reduces the overall overhead of the virtual remote attestation process but also shortens the attestation interval to mitigate Time-Of-Check-Time-Of-Use attacks, thereby enhancing overall security. We conduct experiments to validate the overhead of the TVRAVNF scheme and compare its performance with that of a typical remote attestation process within a maximum unattested time interval. The experimental results demonstrate that, by employing the local attestation mechanism, our solution achieves nearly an 80% significant performance improvement with a relatively small time overhead for small to medium-sized files. This further substantiates the significant advantages of our approach in both security and efficiency.</p>","PeriodicalId":36402,"journal":{"name":"Cybersecurity","volume":"30 1","pages":""},"PeriodicalIF":3.9000,"publicationDate":"2024-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"TVRAVNF: an efficient low-cost TEE-based virtual remote attestation scheme for virtual network functions\",\"authors\":\"Jie Yuan, Rui Xu, Xinghai Wei, Keji Miao, Dongxiao Liu\",\"doi\":\"10.1186/s42400-024-00235-7\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>With the continuous advancement of virtualization technology and the widespread adoption of 5G networks, the application of the Network Function Virtualization (NFV) architecture has become increasingly popular and prevalent. While the NFV architecture brings a lot of advantages, it also introduces security challenges, including the effective and efficient verification of the integrity of deployed Virtual Network Functions (VNFs) and ensuring the secure operation of VNFs. To address the challenge of efficiently conducting virtual remote attestation for VNFs and establishing trust in virtualized environments like NFV architecture, we propose TVRAVNF, which is a highly efficient and low-cost TEE-based virtual remote attestation scheme for VNFs. The scheme we proposed ensures the security and effectiveness of the virtual remote attestation process by leveraging TEE. Furthermore, we introduces a novel local attestation mechanism, which not only reduces the overall overhead of the virtual remote attestation process but also shortens the attestation interval to mitigate Time-Of-Check-Time-Of-Use attacks, thereby enhancing overall security. We conduct experiments to validate the overhead of the TVRAVNF scheme and compare its performance with that of a typical remote attestation process within a maximum unattested time interval. The experimental results demonstrate that, by employing the local attestation mechanism, our solution achieves nearly an 80% significant performance improvement with a relatively small time overhead for small to medium-sized files. This further substantiates the significant advantages of our approach in both security and efficiency.</p>\",\"PeriodicalId\":36402,\"journal\":{\"name\":\"Cybersecurity\",\"volume\":\"30 1\",\"pages\":\"\"},\"PeriodicalIF\":3.9000,\"publicationDate\":\"2024-08-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Cybersecurity\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1186/s42400-024-00235-7\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cybersecurity","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1186/s42400-024-00235-7","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

随着虚拟化技术的不断进步和 5G 网络的广泛采用,网络功能虚拟化(NFV)架构的应用日益普及和流行。NFV 架构在带来诸多优势的同时,也带来了安全方面的挑战,包括如何切实有效地验证已部署的虚拟网络功能(VNF)的完整性并确保 VNF 的安全运行。为了解决在 NFV 架构等虚拟化环境中高效地对 VNF 进行虚拟远程验证并建立信任所面临的挑战,我们提出了 TVRAVNF,这是一种高效、低成本的基于 TEE 的 VNF 虚拟远程验证方案。我们提出的方案利用 TEE 确保了虚拟远程验证过程的安全性和有效性。此外,我们还引入了一种新颖的本地验证机制,它不仅降低了虚拟远程验证过程的总体开销,还缩短了验证间隔时间,以缓解 "检查时间-使用时间 "攻击,从而增强了总体安全性。我们通过实验验证了 TVRAVNF 方案的开销,并将其性能与典型远程验证流程在最大未验证时间间隔内的性能进行了比较。实验结果表明,通过采用本地验证机制,我们的解决方案在中小型文件中以相对较小的时间开销实现了近 80% 的显著性能提升。这进一步证实了我们的方法在安全性和效率方面的显著优势。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

TVRAVNF: an efficient low-cost TEE-based virtual remote attestation scheme for virtual network functions

TVRAVNF: an efficient low-cost TEE-based virtual remote attestation scheme for virtual network functions

With the continuous advancement of virtualization technology and the widespread adoption of 5G networks, the application of the Network Function Virtualization (NFV) architecture has become increasingly popular and prevalent. While the NFV architecture brings a lot of advantages, it also introduces security challenges, including the effective and efficient verification of the integrity of deployed Virtual Network Functions (VNFs) and ensuring the secure operation of VNFs. To address the challenge of efficiently conducting virtual remote attestation for VNFs and establishing trust in virtualized environments like NFV architecture, we propose TVRAVNF, which is a highly efficient and low-cost TEE-based virtual remote attestation scheme for VNFs. The scheme we proposed ensures the security and effectiveness of the virtual remote attestation process by leveraging TEE. Furthermore, we introduces a novel local attestation mechanism, which not only reduces the overall overhead of the virtual remote attestation process but also shortens the attestation interval to mitigate Time-Of-Check-Time-Of-Use attacks, thereby enhancing overall security. We conduct experiments to validate the overhead of the TVRAVNF scheme and compare its performance with that of a typical remote attestation process within a maximum unattested time interval. The experimental results demonstrate that, by employing the local attestation mechanism, our solution achieves nearly an 80% significant performance improvement with a relatively small time overhead for small to medium-sized files. This further substantiates the significant advantages of our approach in both security and efficiency.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Cybersecurity
Cybersecurity Computer Science-Information Systems
CiteScore
7.30
自引率
0.00%
发文量
77
审稿时长
9 weeks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信