A delegation based cross trusted domain direct anonymous attestation scheme

Direct Anonymous Attestation (DAA) is a complex cryptographic protocol for remote attestation and provides both signer authentication and privacy. It was adopted by the Trusted Computing Group (TCG) as a technical standard. However, the DAA scheme in TCG specifications is designed for the single trusted domain attestation, and cannot be deployed in different trusted domain directly. It limits its application range in mobile networks, cloud computing, Internet of Things networks when users and authentication servers belong to different domains. Based on delegation of the trusted relationship, a new cross trusted domain direct anonymous attestation scheme is proposed in this paper. The proxy signature is used for trusted relationship delegation among different domains, and the DAA method is used for the computation platform authentication when a trusted platform accessing different trusted domains. Then the authentication protocol is designed and analyzed under Canetti-Krawczyk (CK) model for the platform remote attestation. The further analysis shows that our proposal can resist platform masquerade attacks and replay attacks, and the authentication protocol is provably secure. The security of the DAA remote attestation system is enhanced by the session key agreement. Finally, a prototype implementation and some experiments are given, the results show that the proposed scheme is effective and suitable for cross domain applications.

[1]  J. Camenisch,et al.  A Group Signature Scheme Based on an RSA-Variant , 1998 .

[2]  Liqun Chen,et al.  Lightweight Anonymous Authentication with TLS and DAA for Embedded Mobile Devices , 2010, ISC.

[3]  Xiaotie Deng,et al.  Formal Security Definition and Efficient Construction for Roaming with a Privacy-Preserving Extension , 2008, J. Univers. Comput. Sci..

[4]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[5]  Jiangtao Li,et al.  Simplified security notions of direct anonymous attestation and a concrete scheme from pairings , 2009, International Journal of Information Security.

[6]  Xiaofeng Chen,et al.  Direct Anonymous Attestation for Next Generation TPM , 2008, J. Comput..

[7]  Stephen R. Tate,et al.  A Direct Anonymous Attestation Scheme for Embedded Devices , 2007, Public Key Cryptography.

[8]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[9]  Eiji Okamoto,et al.  Proxy signatures for delegating signing operation , 1996, CCS '96.

[10]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[11]  Jiangtao Li,et al.  Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities , 2012, IEEE Trans. Dependable Secur. Comput..

[12]  M. Mambo,et al.  Proxy Signatures: Delegation of the Power to Sign Messages (Special Section on Information Theory and Its Applications) , 1996 .

[13]  Hu Aiqun,et al.  A Lightweight Inter-domain Direct Anonymous Attestation Scheme for Machine-to-Machine Networks , 2013, CloudCom 2013.

[14]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[15]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[16]  Charles E. Perkins,et al.  IP Mobility Support , 1996, RFC.

[17]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[18]  Georg Fuchsbauer,et al.  Efficient Signatures of Knowledge and DAA in the Standard Model , 2013, ACNS.

[19]  Bogdan Warinschi,et al.  Secure Proxy Signature Schemes for Delegation of Signing Rights , 2010, Journal of Cryptology.

[20]  Liqun Chen,et al.  A DAA Scheme Using Batch Proof and Verification , 2010, TRUST.

[21]  Wei-Bin Lee,et al.  A new delegation-based authentication protocol for use in portable communication systems , 2005, IEEE Transactions on Wireless Communications.

[22]  Fucai Zhou,et al.  A strict inter-domain anonymity attestation scheme , 2010, 2010 International Conference On Computer Design and Applications.

[23]  Liqun Chen,et al.  A DAA Scheme Requiring Less TPM Resources , 2009, Inscrypt.

[24]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[25]  Li Yu,et al.  A TPM Authentication Scheme for Mobile IP , 2007, 2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007).

[26]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[27]  Li,et al.  A Novel Direct Anonymous Attestation Protocol Based on Zero Knowledge Proof for Different Trusted Domains , 2010 .

[28]  Jianfeng Ma,et al.  Security Flaws and Improvements to a Direct Anonymous Attestation Scheme for Mobile Computing Platforms , 2010, 2010 International Conference on Computational Intelligence and Security.