Direct Anonymous Attestation (DAA): Ensuring Privacy with Corrupt Administrators

The Direct Anonymous Attestation (DAA) scheme provides a means for remotely authenticating a trusted platform whilst preserving the user's privacy. The protocol has been adopted by the Trusted Computing Group (TCG) in the latest version of its Trusted Platform Module (TPM) specification. In this paper we show DAA places an unnecessarily large burden on the TPM host. We demonstrate how corrupt administrators can exploit this weakness to violate privacy. The paper provides a fix for the vulnerability. Further privacy issues concerning linkability are identified and a framework for their resolution is developed. In addition an optimisation to reduce the number of messages exchanged is proposed.

[1]  Alfred Menezes,et al.  Another Look at "Provable Security". II , 2006, INDOCRYPT.

[2]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[3]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[4]  Jan Camenisch,et al.  Separability and Efficiency for Generic Group Signature Schemes , 1999, CRYPTO.

[5]  Carl Pomerance A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology , 1987 .

[6]  Ernest F. Brickell,et al.  Gradual and Verifiable Release of a Secret , 1987, CRYPTO.

[7]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[8]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[9]  J. Camenisch,et al.  A Group Signature Scheme Based on an RSA-Variant , 1998 .

[10]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[11]  Jan Camenisch,et al.  Group Signatures: Better Efficiency and New Theoretical Aspects , 2004, SCN.

[12]  Tor Helleseth,et al.  Workshop on the theory and application of cryptographic techniques on Advances in cryptology , 1994 .

[13]  A. Pfitzmann,et al.  Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management – A Consolidated Proposal for Terminology , 2002 .

[14]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[15]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[16]  Aaron Weiss Trusted computing , 2006, NTWK.

[17]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[18]  Anna Lysyanskaya,et al.  Signature schemes and applications to cryptographic protocol design , 2002 .

[19]  David Chaum,et al.  Zero-Knowledge Undeniable Signatures , 1991, EUROCRYPT.

[20]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[21]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[22]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[23]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[24]  John Sullivan,et al.  Another Look at , 1979 .

[25]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[26]  Catherine A. Meadows,et al.  Formal methods for cryptographic protocol analysis: emerging issues and trends , 2003, IEEE J. Sel. Areas Commun..

[27]  Tatsuo Tanaka Possible Economic Consequences of Digital Cash , 1996, First Monday.

[28]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[29]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[30]  Jan Camenisch,et al.  The DAA scheme in context , 2005 .

[31]  Jan Camenisch,et al.  A Group Signature Scheme with Improved Efficiency , 1998, ASIACRYPT.

[32]  Ben Smyth,et al.  Direct Anonymous Attestation (DAA): An implementation and security analysis , 2006 .

[33]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[34]  Ronald Cramer,et al.  Improved Privacy in Wallets with Observers (Extended Abstract) , 1994, EUROCRYPT.

[35]  Alfred Menezes,et al.  Another Look at "Provable Security" , 2005, Journal of Cryptology.

[36]  David Chaum,et al.  Demonstrating Possession of a Discrete Logarithm Without Revealing It , 1986, CRYPTO.