TEE Remote Attestation

DC's implementation of Remote Attestation is based on SGX DCAP (Data Center Attestation Primitive), which is vital for addressing the reliability of software execution within Trusted Execution Environments (TEE) and countering malicious actions. In DC, remote attestation plays a pivotal role in forming a decentralized network. Here's a detailed breakdown of how remote attestation functions within DC and its importance:

Remote Attestation Process in DC:

1. Initialization: Each node sets up and operates the PCCS (Provisioning Certificate Caching Service), which is responsible for syncing hardware certificates from Intel's PCS (Provisioning Certification Service). This service is essential for validating the remote attestations of other nodes.

2. Submission of Attestations: Nodes submit transactions to DCChain that include remote attestations. These transactions could be for purposes such as node onboarding applications or reporting abnormal nodes.

3. Verification: DCChain randomly selects a group of nodes already within the network to verify the submitted remote attestations. This verification process requires confirming:

   • The node's identity.

   • The integrity of the node's running logic.

   • The authenticity of the platform, ensuring it is running genuine Intel SGX.

4. Reporting and Penalties: If a node fails the remote attestation verification, it is subjected to the abnormal node reporting process. The reporting transaction itself includes remote attestation for verification by DC. If the number of reported anomalies for a node exceeds a certain threshold, penalties are applied. These can include the deduction of staked DCT tokens and temporary or permanent bans from the network.

Importance of Remote Attestation in DC:

• Ensures Node Identity and Trustworthiness: Remote attestation confirms the identity of nodes and guarantees their trustworthiness, which is crucial for maintaining a secure and reliable network.

• Prevents Various Attacks: The mechanism fundamentally prevents a variety of security threats, including witch attacks, generation attacks, resource attacks, and data tampering. By ensuring that the code logic running on nodes cannot be altered undetected, remote attestation helps preserve the integrity and security of the entire network.

This robust remote attestation mechanism is integral to the security architecture of DC, ensuring that all nodes operate in a trustworthy manner and contribute positively to the network's overall health and security.