How to build a secure architecture for network function virtualization (NFV) is an important issue. Trusted computing has the ability to provide security for NFV and it is called trusted NFV system. In this paper, we propose a new NFV direct anonymous attestation (NFV⁃DAA) scheme based on trusted NFV architecture. It is based on the Elliptic curve cryptography and transfers the computation of variable D from the trusted platform module (TPM) to the issuer. With the mutual authentication mechanism that those existing DAA schemes do not have and an efficient batch proof and verification scheme, the performance of trusted NFV system is optimized. The proposed NFV⁃DAA scheme was proved to have a higher security level and higher efficiency than those existing DAA schemes. We have reduced the computation load in Join protocol from 3G1 to 2G1 exponential operation, while the time of NFV⁃DAA scheme’s Sign protocol is reduced up to 49%.
NFV; trusted computation; DAA; bilinear pairings