We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:

References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Building secure distributed applications the DECENT way

Abstract: Remote attestation (RA) authenticates code running in trusted execution environments (TEEs), allowing trusted code to be deployed even on untrusted hosts. However, trust relationships established by one component in a distributed application may impact the security of other components, making it difficult to reason about the security of the application as a whole. Furthermore, traditional RA approaches interact badly with modern web service design, which tends to employ small interacting microservices, short session lifetimes, and little or no state.
This paper presents the Decent Application Platform, a framework for building secure decentralized applications. Decent applications authenticate and authorize distributed enclave components using a protocol based on self-attestation certificates, a reusable credential based on RA and verifiable by a third party. Components mutually authenticate each other not only based on their code, but also based on the other components they trust, ensuring that no transitively-connected components receive unauthorized information. While some other TEE frameworks support mutual authentication in some form, Decent is the only system that supports mutual authentication without requiring an additional trusted third party besides the trusted hardware's manufacturer. We have verified the secrecy and authenticity of Decent application data in ProVerif, and implemented two applications to evaluate Decent's expressiveness and performance: DecentRide, a ride-sharing service, and DecentHT, a distributed hash table. On the YCSB benchmark, we show that DecentHT achieves 7.5x higher throughput and 3.67x lower latency compared to a non-Decent implementation.
Comments: 17 pages, 21 figures. V3: Added a section to introduce a distributed revoker design; Added details on Decent Handshake protocol; Revised the description on data sealing mechanism; Added a discussion of future research directions related to automatic component verification; Added and replaced 11 figures; V2: Added formal verification result for the protocols; clarified verifiers and revokers
Subjects: Cryptography and Security (cs.CR); Distributed, Parallel, and Cluster Computing (cs.DC)
Cite as: arXiv:2004.02020 [cs.CR]
  (or arXiv:2004.02020v3 [cs.CR] for this version)

Submission history

From: Haofan Zheng [view email]
[v1] Sat, 4 Apr 2020 21:20:38 GMT (1051kb,D)
[v2] Fri, 2 Oct 2020 04:25:16 GMT (1069kb,D)
[v3] Mon, 31 Jan 2022 23:22:26 GMT (822kb,D)

Link back to: arXiv, form interface, contact.