A Secure Scheme for Chained Authentication Combined with Attestation

Michael Sonntag

doi:10.35011/IDIMT-2025-55

A Secure Scheme for Chained Authentication Combined with Attestation

Michael Sonntag^*

^*Corresponding author for this work

Institute of Networks and Security

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

Abstract

It may be desirable to split computation into several parts and perform them on remote systems, see e.g. microservices. However, not always are these services directly and publicly available. For instance, if the calculation is performed at home, no public IP address may be available. Or the exact location of the computation should remain hidden. In these cases, the remote party may be identified solely as a Tor onion service or some anonymous cloud provider. It is then desirable to pass on the work only if the recipient can still be identified as trustworthy, e.g. by remote attestation (guaranteeing a specific calculation via the actual executable and its secure environment). Even if the location and identity of the operator is known, this is very desirable. Moreover, each entity in a chain of calculation should remain oblivious of all non-directly connected steps and any authentication information for those, including any additional data or the exact work instructions. This paper proposes a scheme to pass on work packages in a secure manner to a verified next step, while keeping all non-directly involved data hidden.

Original language	English
Title of host publication	IDIMT 2025 - ICT in Business
Subtitle of host publication	AI Everywhere? Glory and Disgrace of AI - 33rd Interdisciplinary Information Management Talks
Editors	Petr Doucek, Michael Sonntag, Lea Nedomova
Publisher	TRAUNER Verlag
Pages	55 - 62
Number of pages	8
ISBN (Electronic)	9783991518563
ISBN (Print)	978-3-99151-856-3
DOIs	https://doi.org/10.35011/IDIMT-2025-55
Publication status	Published - 2025

Publication series

Name	Schriftenreihe Informatik
Number	54

Fields of science

505015 Legal informatics
102016 IT security
102 Computer Sciences

JKU Focus areas

Digital Transformation

Access to Document

10.35011/IDIMT-2025-55

1 Organising a conference, workshop, ...
1 Invited talk

A Secure Scheme for Chained Authentication Combined with Attestation
Sonntag, M. (Speaker)
04 Sept 2025
Activity: Talk or presentation › Invited talk › science-to-science
IDIMT-2025: ICT in Business: AI Everywhere? Glory and Disgrace of AI
Sonntag, M. (Organiser), Doucek, P. (Organiser) & Nedomova, P. (Organiser)
03 Sept 2025 → 05 Sept 2025
Activity: Participating in or organising an event › Organising a conference, workshop, ...

Cite this

@inproceedings{27ab757bb8eb4cdfb1cc5b215889f0df,

title = "A Secure Scheme for Chained Authentication Combined with Attestation",

abstract = "It may be desirable to split computation into several parts and perform them on remote systems, see e.g. microservices. However, not always are these services directly and publicly available. For instance, if the calculation is performed at home, no public IP address may be available. Or the exact location of the computation should remain hidden. In these cases, the remote party may be identified solely as a Tor onion service or some anonymous cloud provider. It is then desirable to pass on the work only if the recipient can still be identified as trustworthy, e.g. by remote attestation (guaranteeing a specific calculation via the actual executable and its secure environment). Even if the location and identity of the operator is known, this is very desirable. Moreover, each entity in a chain of calculation should remain oblivious of all non-directly connected steps and any authentication information for those, including any additional data or the exact work instructions. This paper proposes a scheme to pass on work packages in a secure manner to a verified next step, while keeping all non-directly involved data hidden.",

author = "Michael Sonntag",

year = "2025",

doi = "10.35011/IDIMT-2025-55",

language = "English",

isbn = "978-3-99151-856-3",

series = "Schriftenreihe Informatik",

publisher = "TRAUNER Verlag",

number = "54",

pages = "55 -- 62",

editor = "Petr Doucek and Michael Sonntag and Lea Nedomova",

booktitle = "IDIMT 2025 - ICT in Business",

}

A Secure Scheme for Chained Authentication Combined with Attestation. / Sonntag, Michael.
IDIMT 2025 - ICT in Business: AI Everywhere? Glory and Disgrace of AI - 33rd Interdisciplinary Information Management Talks. ed. / Petr Doucek; Michael Sonntag; Lea Nedomova. TRAUNER Verlag, 2025. p. 55 - 62 (Schriftenreihe Informatik; No. 54).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

TY - GEN

T1 - A Secure Scheme for Chained Authentication Combined with Attestation

AU - Sonntag, Michael

PY - 2025

Y1 - 2025

N2 - It may be desirable to split computation into several parts and perform them on remote systems, see e.g. microservices. However, not always are these services directly and publicly available. For instance, if the calculation is performed at home, no public IP address may be available. Or the exact location of the computation should remain hidden. In these cases, the remote party may be identified solely as a Tor onion service or some anonymous cloud provider. It is then desirable to pass on the work only if the recipient can still be identified as trustworthy, e.g. by remote attestation (guaranteeing a specific calculation via the actual executable and its secure environment). Even if the location and identity of the operator is known, this is very desirable. Moreover, each entity in a chain of calculation should remain oblivious of all non-directly connected steps and any authentication information for those, including any additional data or the exact work instructions. This paper proposes a scheme to pass on work packages in a secure manner to a verified next step, while keeping all non-directly involved data hidden.

AB - It may be desirable to split computation into several parts and perform them on remote systems, see e.g. microservices. However, not always are these services directly and publicly available. For instance, if the calculation is performed at home, no public IP address may be available. Or the exact location of the computation should remain hidden. In these cases, the remote party may be identified solely as a Tor onion service or some anonymous cloud provider. It is then desirable to pass on the work only if the recipient can still be identified as trustworthy, e.g. by remote attestation (guaranteeing a specific calculation via the actual executable and its secure environment). Even if the location and identity of the operator is known, this is very desirable. Moreover, each entity in a chain of calculation should remain oblivious of all non-directly connected steps and any authentication information for those, including any additional data or the exact work instructions. This paper proposes a scheme to pass on work packages in a secure manner to a verified next step, while keeping all non-directly involved data hidden.

U2 - 10.35011/IDIMT-2025-55

DO - 10.35011/IDIMT-2025-55

M3 - Conference proceedings

SN - 978-3-99151-856-3

T3 - Schriftenreihe Informatik

SP - 55

EP - 62

BT - IDIMT 2025 - ICT in Business

A2 - Doucek, Petr

A2 - Sonntag, Michael

A2 - Nedomova, Lea

PB - TRAUNER Verlag

ER -

A Secure Scheme for Chained Authentication Combined with Attestation

Abstract

Publication series

Fields of science

JKU Focus areas

Access to Document

Activities

A Secure Scheme for Chained Authentication Combined with Attestation

IDIMT-2025: ICT in Business: AI Everywhere? Glory and Disgrace of AI

Cite this