{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T12:16:15Z","timestamp":1775736975762,"version":"3.50.1"},"reference-count":35,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,8,4]],"date-time":"2024-08-04T00:00:00Z","timestamp":1722729600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,8,4]],"date-time":"2024-08-04T00:00:00Z","timestamp":1722729600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2023YFB3107605"],"award-info":[{"award-number":["2023YFB3107605"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"Abstract<\/jats:title>With the continuous advancement of virtualization technology and the widespread adoption of 5G networks, the application of the Network Function Virtualization (NFV) architecture has become increasingly popular and prevalent. While the NFV architecture brings a lot of advantages, it also introduces security challenges, including the effective and efficient verification of the integrity of deployed Virtual Network Functions (VNFs) and ensuring the secure operation of VNFs. To address the challenge of efficiently conducting virtual remote attestation for VNFs and establishing trust in virtualized environments like NFV architecture, we propose TVRAVNF, which is a highly efficient and low-cost TEE-based virtual remote attestation scheme for VNFs. The scheme we proposed ensures the security and effectiveness of the virtual remote attestation process by leveraging TEE. Furthermore, we introduces a novel local attestation mechanism, which not only reduces the overall overhead of the virtual remote attestation process but also shortens the attestation interval to mitigate Time-Of-Check-Time-Of-Use attacks, thereby enhancing overall security. We conduct experiments to validate the overhead of the TVRAVNF scheme and compare its performance with that of a typical remote attestation process within a maximum unattested time interval. The experimental results demonstrate that, by employing the local attestation mechanism, our solution achieves nearly an 80% significant performance improvement with a relatively small time overhead for small to medium-sized files. This further substantiates the significant advantages of our approach in both security and efficiency.<\/jats:p>","DOI":"10.1186\/s42400-024-00235-7","type":"journal-article","created":{"date-parts":[[2024,8,3]],"date-time":"2024-08-03T21:01:42Z","timestamp":1722718902000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["TVRAVNF: an efficient low-cost TEE-based virtual remote attestation scheme for virtual network functions"],"prefix":"10.1186","volume":"7","author":[{"given":"Jie","family":"Yuan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rui","family":"Xu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinghai","family":"Wei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Keji","family":"Miao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6559-9745","authenticated-orcid":false,"given":"Dongxiao","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,8,4]]},"reference":[{"issue":"2","key":"235_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3379444","volume":"53","author":"I Alam","year":"2020","unstructured":"Alam I, Sharif K, Li F et al (2020) A survey of network virtualization techniques for internet of things using SDN and NFV. ACM Comput Surv (CSUR) 53(2):1\u201340","journal-title":"ACM Comput Surv (CSUR)"},{"issue":"8","key":"235_CR2","doi-asserted-by":"publisher","first-page":"7220","DOI":"10.1109\/JIOT.2020.2983655","volume":"7","author":"MN Aman","year":"2020","unstructured":"Aman MN, Basheer MH, Dash S et al (2020) Hatt: hybrid remote attestation for the internet of things with high availability. IEEE Internet Things J 7(8):7220\u20137233","journal-title":"IEEE Internet Things J"},{"issue":"4","key":"235_CR3","doi-asserted-by":"publisher","first-page":"2447","DOI":"10.1109\/COMST.2020.3008879","volume":"22","author":"M Ambrosin","year":"2020","unstructured":"Ambrosin M, Conti M, Lazzeretti R et al (2020) Collective remote attestation at the internet of things scale: State-of-the-art and future challenges. IEEE Commun Surv Tutor 22(4):2447\u20132461","journal-title":"IEEE Commun Surv Tutor"},{"key":"235_CR4","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2019.106984","volume":"167","author":"AA Barakabitze","year":"2020","unstructured":"Barakabitze AA, Ahmad A, Mijumbi R et al (2020) 5G network slicing using SDN and NFV: a survey of taxonomy, architectures and future challenges. Comput Netw 167:106984","journal-title":"Comput Netw"},{"issue":"6","key":"235_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3172866","volume":"51","author":"MS Bonfim","year":"2019","unstructured":"Bonfim MS, Dias KL, Fernandes SF (2019) Integrated NFV\/SDN architectures: a systematic literature review. ACM Comput Surv (CSUR) 51(6):1\u201339","journal-title":"ACM Comput Surv (CSUR)"},{"key":"235_CR6","doi-asserted-by":"crossref","unstructured":"Cheng J, Zhang K, Tu B (2021) Remote attestation of large-scale virtual machines in the cloud data center. In: 2021 IEEE 20th international conference on trust, security and privacy in computing and communications (TrustCom). IEEE, pp 180\u2013187","DOI":"10.1109\/TrustCom53373.2021.00041"},{"key":"235_CR7","doi-asserted-by":"crossref","unstructured":"De\u00a0Oliveira\u00a0Nunes I, Jakkamsetti S, Rattanavipanon N et\u00a0al (2021) On the TOCTOU problem in remote attestation. In: Proceedings of the 2021 ACM SIGSAC conference on computer and communications security, pp 2921\u20132936","DOI":"10.1145\/3460120.3484532"},{"key":"235_CR8","doi-asserted-by":"publisher","first-page":"3123","DOI":"10.1109\/TIFS.2020.2983282","volume":"15","author":"E Dushku","year":"2020","unstructured":"Dushku E, Rabbani MM, Conti M et al (2020) SARA: secure asynchronous remote attestation for IoT systems. IEEE Trans Inf Forensics Secur 15:3123\u20133136","journal-title":"IEEE Trans Inf Forensics Secur"},{"issue":"4","key":"235_CR9","doi-asserted-by":"publisher","first-page":"3307","DOI":"10.1109\/COMST.2018.2830648","volume":"20","author":"AJ Gonzalez","year":"2018","unstructured":"Gonzalez AJ, Nencioni G, Kamisi\u0144ski A et al (2018) Dependability of the NFV orchestrator: state of the art and research challenges. IEEE Commun Surv Tutor 20(4):3307\u20133329","journal-title":"IEEE Commun Surv Tutor"},{"key":"235_CR10","unstructured":"Hua Z, Gu J, Xia Y, et\u00a0al (2017) $$\\{vTZ\\}$$: virtualizing $$\\{ARM\\}\\{TrustZone\\}$$. In: 26th USENIX security symposium (USENIX Security 17), pp 541\u2013556"},{"key":"235_CR11","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102300","volume":"106","author":"M Kucab","year":"2021","unstructured":"Kucab M, Bory\u0142o P, Cho\u0142da P (2021) Remote attestation and integrity measurements with intel SGX for virtual machines. Comput Secur 106:102300","journal-title":"Comput Secur"},{"issue":"2","key":"235_CR12","doi-asserted-by":"publisher","first-page":"1409","DOI":"10.1109\/COMST.2018.2884835","volume":"21","author":"A Laghrissi","year":"2018","unstructured":"Laghrissi A, Taleb T (2018) A survey on the placement of virtual resources and virtual network functions. IEEE Commun Surv Tutor 21(2):1409\u20131434","journal-title":"IEEE Commun Surv Tutor"},{"key":"235_CR13","doi-asserted-by":"crossref","unstructured":"Lal S, Kalliola A, Oliver I et\u00a0al (2017a) Securing VNF communication in NFVI. In: 2017 IEEE conference on standards for communications and networking (CSCN). IEEE, pp 187\u2013192","DOI":"10.1109\/CSCN.2017.8088620"},{"issue":"8","key":"235_CR14","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1109\/MCOM.2017.1600899","volume":"55","author":"S Lal","year":"2017","unstructured":"Lal S, Taleb T, Dutta A (2017) NFV: security threats and best practices. IEEE Commun Mag 55(8):211\u2013217","journal-title":"IEEE Commun Mag"},{"key":"235_CR15","doi-asserted-by":"crossref","unstructured":"Lee D, Kohlbrenner D, Shinde S, et\u00a0al (2020) Keystone: an open framework for architecting trusted execution environments. In: Proceedings of the fifteenth European conference on computer systems, pp 1\u201316","DOI":"10.1145\/3342195.3387532"},{"issue":"8","key":"235_CR16","doi-asserted-by":"publisher","first-page":"5824","DOI":"10.1109\/JIOT.2021.3058250","volume":"9","author":"J Li","year":"2021","unstructured":"Li J, Shi W, Wu H et al (2021) Cost-aware dynamic SFC mapping and scheduling in SDN\/NFV-enabled space-air-ground-integrated networks for internet of vehicles. IEEE Internet Things J 9(8):5824\u20135838","journal-title":"IEEE Internet Things J"},{"key":"235_CR17","doi-asserted-by":"crossref","unstructured":"Li W, Xia Y, Lu L et\u00a0al (2019) Teev: virtualizing trusted execution environments on mobile platforms. In: Proceedings of the 15th ACM SIGPLAN\/SIGOPS international conference on virtual execution environments, pp 2\u201316","DOI":"10.1145\/3313808.3313810"},{"issue":"7","key":"235_CR18","doi-asserted-by":"publisher","first-page":"5706","DOI":"10.1109\/JIOT.2019.2942719","volume":"7","author":"Z Lv","year":"2019","unstructured":"Lv Z, Xiu W (2019) Interaction of edge-cloud computing based on SDN and NFV for next generation IoT. IEEE Internet Things J 7(7):5706\u20135712","journal-title":"IEEE Internet Things J"},{"key":"235_CR19","doi-asserted-by":"crossref","unstructured":"Narayanan V, Carvalho C, Ruocco A et\u00a0al (2023) Remote attestation of SEV-SNP confidential VMS using e-vtpms. arXiv preprint arXiv:2303.16463","DOI":"10.1145\/3627106.3627112"},{"key":"235_CR20","doi-asserted-by":"crossref","unstructured":"Ozga W, Fetzer C et\u00a0al (2021) Triglav: remote attestation of the virtual machine\u2019s runtime integrity in public clouds. In: 2021 IEEE 14th international conference on cloud computing (CLOUD). IEEE, pp 1\u201312","DOI":"10.1109\/CLOUD53861.2021.00013"},{"key":"235_CR21","doi-asserted-by":"crossref","unstructured":"Paladi N, Karlsson L (2017) Safeguarding VNF credentials with intel SGX. In: Proceedings of the SIGCOMM posters and demos. pp 144\u2013146","DOI":"10.1145\/3123878.3132016"},{"issue":"6","key":"235_CR22","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3291047","volume":"51","author":"S Pinto","year":"2019","unstructured":"Pinto S, Santos N (2019) Demystifying arm trustzone: a comprehensive survey. ACM Comput Surv (CSUR) 51(6):1\u201336","journal-title":"ACM Comput Surv (CSUR)"},{"key":"235_CR23","doi-asserted-by":"crossref","unstructured":"Schwarz M, Lipp M, Moghimi D et\u00a0al (2019) Zombieload: cross-privilege-boundary data sampling. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security, pp 753\u2013768","DOI":"10.1145\/3319535.3354252"},{"key":"235_CR24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-019-0042-y","volume":"3","author":"M Schwarz","year":"2020","unstructured":"Schwarz M, Weiser S, Gruss D et al (2020) Malware guard extension: abusing intel SGX to conceal cache attacks. Cybersecurity 3:1\u201320","journal-title":"Cybersecurity"},{"key":"235_CR25","unstructured":"Sev-Snp A (2020) Strengthening VM isolation with integrity protection and more. White Paper, January 53:1450\u20131465"},{"key":"235_CR26","doi-asserted-by":"crossref","unstructured":"Shih MW, Kumar M, Kim T et\u00a0al (2016) S-NFV: securing NFV states by using SGX. In: Proceedings of the 2016 ACM international workshop on security in software defined networks & network function virtualization, pp 45\u201348","DOI":"10.1145\/2876019.2876032"},{"key":"235_CR27","doi-asserted-by":"crossref","unstructured":"Shih MW, Lee S, Kim T et\u00a0al (2017) T-SGX: Eradicating controlled-channel attacks against enclave programs. In: NDSS","DOI":"10.14722\/ndss.2017.23193"},{"issue":"2","key":"235_CR28","doi-asserted-by":"publisher","first-page":"479","DOI":"10.1109\/TC.2021.3055293","volume":"71","author":"Y Xia","year":"2021","unstructured":"Xia Y, Hua Z, Yu Y et al (2021) Colony: a privileged trusted execution environment with extensibility. IEEE Trans Comput 71(2):479\u2013492","journal-title":"IEEE Trans Comput"},{"issue":"2","key":"235_CR29","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1109\/TPDS.2020.3017001","volume":"32","author":"S Yang","year":"2020","unstructured":"Yang S, Li F, Trajanovski S et al (2020) Recent advances of resource allocation in network function virtualization. IEEE Trans Parallel Distrib Syst 32(2):295\u2013314","journal-title":"IEEE Trans Parallel Distrib Syst"},{"issue":"11","key":"235_CR30","doi-asserted-by":"publisher","first-page":"2468","DOI":"10.1109\/JSAC.2017.2760418","volume":"35","author":"FZ Yousaf","year":"2017","unstructured":"Yousaf FZ, Bredel M, Schaller S et al (2017) NFV and SDN-key technology enablers for 5G networks. IEEE J Sel Areas Commun 35(11):2468\u20132478","journal-title":"IEEE J Sel Areas Commun"},{"issue":"3","key":"235_CR31","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1109\/MWC.2019.1800234","volume":"26","author":"S Zhang","year":"2019","unstructured":"Zhang S (2019) An overview of network slicing for 5G. IEEE Wirel Commun 26(3):111\u2013117","journal-title":"IEEE Wirel Commun"},{"key":"235_CR32","doi-asserted-by":"crossref","unstructured":"Zhao S, Zhang Q, Qin Y et\u00a0al (2019) Sectee: a software-based approach to secure enclave architecture using tee. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security, pp 1723\u20131740","DOI":"10.1145\/3319535.3363205"},{"key":"235_CR33","doi-asserted-by":"crossref","unstructured":"Zhao S, Li M, Zhangyz Y et\u00a0al (2022) VSGX: Virtualizing SGX enclaves on AMD SEV. In: 2022 IEEE symposium on security and privacy (SP). IEEE, pp 321\u2013336","DOI":"10.1109\/SP46214.2022.9833694"},{"key":"235_CR34","first-page":"1","volume":"15","author":"W Zheng","year":"2021","unstructured":"Zheng W, Wu Y, Wu X et al (2021) A survey of intel SGX and its applications. Front Comput Sci 15:1\u201315","journal-title":"Front Comput Scince"},{"issue":"2","key":"235_CR35","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1109\/JPROC.2019.2951169","volume":"108","author":"W Zhuang","year":"2019","unstructured":"Zhuang W, Ye Q, Lyu F et al (2019) SDN\/NFV-empowered future IOV with enhanced communication, computing, and caching. Proc IEEE 108(2):274\u2013291","journal-title":"Proc IEEE"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00235-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-024-00235-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00235-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,3]],"date-time":"2024-08-03T21:01:59Z","timestamp":1722718919000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-024-00235-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,8,4]]},"references-count":35,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["235"],"URL":"https:\/\/doi.org\/10.1186\/s42400-024-00235-7","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,8,4]]},"assertion":[{"value":"1 December 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 March 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 August 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"All the authors declare that they have no Conflict of interest","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"39"}}