A collective attestation scheme towards cloud system

Abstract

Considering cloud computing continues to grow and flourish, the increasing number of cloud infrastructures results in unlimited resources and convenient pay-as-you-go services, which makes it essential to ensure software integrity (including OS, apps, and configurations) on such massive devices to guarantee both privacy and safety. As a key technical solution, remote attestation allows a remote entity to validate integrity state of targeted cloud devices. Aiming to attest the real integrity state of cloud system and improve scalability and efficiency of existing scheme, a Collective Attestation scheme towards Cloud System named CACS is presented in this paper. First, in order to promote scalability, CACS proposes an attestation scheme based on cooperation between cloud servers. Second, to increase efficiency, CACS puts forward Attestation Relationship Tree structure, which could determine the cooperative objects and tasks during the collective attestation. Besides, identity-based aggregation signature technology is adopted to quickly verify the authenticity of integrity report about cloud servers. To evaluate the efficiency and scalability, CACS is simulated in a large-scale cloud system. Experimental results show that not only is CACS able to effectively prove a cloud system of 30,000 nodes in 19.9 s, but also it could perform well in terms of scalability compared to current cloud system attestation schemes.