TVRAVNF: an efficient low-cost TEE-based virtual remote attestation scheme for virtual network functions

Abstract With the continuous advancement of virtualization technology and the widespread adoption of 5G networks, the application of the Network Function Virtualization (NFV) architecture has become increasingly popular and prevalent. While the NFV architecture brings a lot of advantages, it also introduces security challenges, including the effective and efficient verification of the integrity of deployed Virtual Network Functions (VNFs) and ensuring the secure operation of VNFs. To address the challenge of efficiently conducting virtual remote attestation for VNFs and establishing trust in virtualized environments like NFV architecture, we propose TVRAVNF, which is a highly efficient and low-cost TEE-based virtual remote attestation scheme for VNFs. The scheme we proposed ensures the security and effectiveness of the virtual remote attestation process by leveraging TEE. Furthermore, we introduces a novel local attestation mechanism, which not only reduces the overall overhead of the virtual remote attestation process but also shortens the attestation interval to mitigate Time-Of-Check-Time-Of-Use attacks, thereby enhancing overall security. We conduct experiments to validate the overhead of the TVRAVNF scheme and compare its performance with that of a typical remote attestation process within a maximum unattested time interval. The experimental results demonstrate that, by employing the local attestation mechanism, our solution achieves nearly an 80% significant performance improvement with a relatively small time overhead for small to medium-sized files. This further substantiates the significant advantages of our approach in both security and efficiency.