Abstract
For many years, trusted computing research has focused on the trustworthiness of single computer platforms. For example, how can I decide whether I can trust my personal computer (A) or another computer (B), who communicates with A? In reality, both A and B are part of a computing network, in which there are many other computers, and these computers’ behaviour affects the trustworthiness of any communication between A and B. Obviously, the target of trusted computing is not only to build trusted devices but also trusted networks. Attestation is a mechanism initially designed to ascertain the trustworthiness of a single device. To check on the trustworthiness of a network, we need a network attestation mechanism. The basis of attestation is a root of trust, and research on building roots of trust for individual devices has been successful. One of the next challenges, the most important one, is to create a root of trust for network attestation. In this paper, we introduce our research on designing such a root of trust. This uses devices’ individual roots of trust and a decentralised ledger together with the techniques of “zero trust but verify”, which means that to start with, any entity in the system is not trusted until its functionality can be verified. Based on the verification results, the entities can establish trust. We aim to use such a root of trust to aggregate the attestation evidence and verification results from multiple devices in a network and to achieve trust in the network.