Secure and Scalable Device Attestation Protocol with Aggregate Signature

In cloud computing environments, security challenges emerge due to compromised firmware and supply chain attacks that target devices deployed within data centers. The Secure Protocol and Data Model (SPDM) has been widely adopted for device attestation, which verifies device identity and firmware integrity. However, the scalability of the SPDM is challenged by the resource constraints of peripheral devices and the inherent asymmetry of the protocol, where a heavy verification burden on the central requester leads to a potential bottleneck. In order to solve these problems, we propose a secure and scalable device attestation protocol, SPDM-AggSig, that integrates a chainless-certificate-based aggregate signature scheme within the SPDM framework supporting group messaging. Our protocol reduces the communication overhead by replacing the conventional X.509 certificates with lightweight chainless certificates. It also improves the scalability through group-based attestation with constant-size aggregated signatures. The proposed delegation mitigates the asymmetry in the attestation, introducing a tendency toward functional symmetry by distributing the verification burdens from the central requester to group leaders. We also provide a formal security proof demonstrating existential unforgeability under an adaptive chosen message attack (EUF-ACMA). SPDM-AggSig achieves an approximately 84.18% improvement in the computation overhead and a 96.22% decrease in the communication overhead compared to the baseline.