5G-ENSURE partners, RISE SICS, are presenting a demo on Bootstrapping Trust - Safeguarding VNF Credentials at ACM SIGCOMM 2017, taking place at the UCLA campus in Los Angeles, CA, U.S., 21-25 August 2017.
Safeguarding VNF Credentials with Intel SGX
The demo shows a novel approach based on two major use cases. The first use case is the integrity attestation of a VNF. This is done by requesting a quote from the application integrity enclave, which is then verified and matched against the expected values by the Verification Manager. This use case is demonstrated by showing attestation protocol, communication with IAS, and matching the actual and expected measurements.
The second use case is enrolling the VNF into the SDN deployment. A prerequisite for this is that it has been attested as above. The Verification Manager then generates a key and certificate, signs the certificate with its certificate authority, and then provisions the VNF's enclave with the key material. This key can then be used to establish a secure communication session with the SDN controller. This use is demonstrated by showing the key provisioning, as well as that entities without correct credentials cannot enroll in the SDN deployment.
ACM SIGCOMM 2017