Improving the security of direct anonymous attestation under host corruptions

Direct anonymous attestation (DAA) enables a platform including a trusted platform module (TPM) to produce a signature in order to remotely attest that it is in a certified state while preserving its anonymity. A main feature of DAA is that a TPM and a host together act as a signer, where the TPM is less powerful but trustworthy, whereas the host is more powerful but vulnerable to corruptions. Although DAA is standardized and widely implemented in various fields, current security notions for DAA have been defined ambiguously in terms of host corruptions. In this study, we redefine DAA security notions, including static and dynamic host corruptions, and formalize them as concrete security models in a game-based framework. Compared with the recent simulation-based security notions (without subverted TPMs) by Camenisch et al., the proposed notions cover a broader range of realistic attack scenarios for DAA and reach the expected level of security that DAA originally desires. Furthermore, we present a DAA instantiation with the security improvement by demonstrating that a variant of the LRSW–DAA by Camenisch et al. is provably secure in the new game-based security models.

[1]  Georg Fuchsbauer,et al.  Anonymous attestation with user-controlled linkability , 2013, International Journal of Information Security.

[2]  Jan Camenisch,et al.  Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited , 2016, TRUST.

[3]  Liqun Chen,et al.  A DAA Scheme Requiring Less TPM Resources , 2009, Inscrypt.

[4]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[5]  Jiangtao Li,et al.  Enhanced Privacy ID from Bilinear Pairing for Hardware Authentication and Attestation , 2010, 2010 IEEE Second International Conference on Social Computing.

[6]  Alec Wolman,et al.  fTPM: A Software-Only Implementation of a TPM Chip , 2016, USENIX Security Symposium.

[7]  Liqun Chen,et al.  On Proofs of Security for DAA Schemes , 2008, ProvSec.

[8]  Steve A. Schneider,et al.  Privacy-enhanced capabilities for VANETs using direct anonymous attestation , 2017, 2017 IEEE Vehicular Networking Conference (VNC).

[9]  Jan Camenisch,et al.  One TPM to Bind Them All: Fixing TPM 2.0 for Provably Secure Anonymous Attestation , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[10]  Jiangtao Li,et al.  Flexible and scalable digital signatures in TPM 2.0 , 2013, CCS.

[11]  Liqun Chen,et al.  On the Design and Implementation of an Efficient DAA Scheme , 2010, IACR Cryptol. ePrint Arch..

[12]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[13]  Liqun Chen,et al.  Pairings in Trusted Computing , 2008, Pairing.

[14]  Jan Camenisch,et al.  Anonymous Attestation with Subverted TPMs , 2017, CRYPTO.

[15]  Jan Camenisch,et al.  Get Shorty via Group Signatures without Encryption , 2010, SCN.

[16]  Xiaofeng Chen,et al.  Direct Anonymous Attestation for Next Generation TPM , 2008, J. Comput..

[17]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[18]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[19]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[20]  Chris I. Dalton,et al.  Trusted Computing Platforms: TPM2.0 in Context , 2015 .

[21]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[22]  Chris I. Dalton,et al.  Trusted Computing Platforms , 2014, Springer International Publishing.

[23]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[24]  Li Xi,et al.  DAA-Related APIs in TPM 2.0 Revisited , 2014, TRUST.

[25]  Liqun Chen,et al.  DAA-A: Direct Anonymous Attestation with Attributes , 2015, TRUST.

[26]  Marc Fischlin,et al.  Communication-Efficient Non-interactive Proofs of Knowledge with Online Extractors , 2005, CRYPTO.

[27]  Jiangtao Li,et al.  Simplified security notions of direct anonymous attestation and a concrete scheme from pairings , 2009, International Journal of Information Security.

[28]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[29]  Matthew Green,et al.  Decentralized Anonymous Credentials , 2014, NDSS.

[30]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[31]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[32]  Xiaofeng Chen,et al.  A New Direct Anonymous Attestation Scheme from Bilinear Maps , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[33]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[34]  Silvio Micali,et al.  The All-or-Nothing Nature of Two-Party Secure Computation , 1999, CRYPTO.

[35]  Jiangtao Li,et al.  A Pairing-Based DAA Scheme Further Reducing TPM Resources , 2010, TRUST.

[36]  Marc Fischlin,et al.  Adaptive proofs of knowledge in the random oracle model , 2015, IET Inf. Secur..

[37]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[38]  Jiangtao Li,et al.  Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities , 2007, IEEE Transactions on Dependable and Secure Computing.

[39]  Jiangtao Li,et al.  A (Corrected) DAA Scheme Using Batch Proof and Verification , 2011, INTRUST.

[40]  Jan Camenisch,et al.  Universally Composable Direct Anonymous Attestation , 2016, Public Key Cryptography.