Implementation Aspects of Anonymous Credential Systems for Mobile Trusted Platforms

Anonymity and privacy protection are very important issues for Trusted Computing enabled platforms. Protection mechanisms are required in order to hide activities of the trusted platforms when performing cryptography based transactions over the Internet, which would otherwise compromise the platform's privacy and with it the users's anonymity. In order to address this problem, the Trusted Computing Group (TCG) has introduced two concepts addressing the question how the anonymity of Trusted Platform Modules (TPMs) and their enclosing platforms can be protected. The most promising of these two concepts is the Direct Anonymous Attestation (DAA) scheme which eliminates the requirement of a remote authority but includes complex mathematical computations. Moreover, DAA requires a comprehensive infrastructure consisting of various components in order to allow anonymous signatures to be used in real-world scenarios. In this paper, we discuss the results of our analysis of an infrastructure for anonymous credential systems which is focused on the Direct Anonymous Attestation (DAA) scheme as specified by the TCG. For the analysis, we especially focus on mobile trusted platforms and their requirements. We discuss our experiences and experimental results when designing and implementing the infrastructure and give suggestions for improvements and propose concepts and models for - from our point of view - missing components.

[1]  Liqun Chen,et al.  Lightweight Anonymous Authentication with TLS and DAA for Embedded Mobile Devices , 2010, ISC.

[2]  Ors Yalcin,et al.  Radio Frequency Identification: Security and Privacy Issues - 6th International Workshop, RFIDSec 2010, Istanbul, Turkey, June 8-9, 2010, Revised Selected Papers , 2010, RFIDSec.

[3]  Liqun Chen,et al.  On the Design and Implementation of an Efficient DAA Scheme , 2010, IACR Cryptol. ePrint Arch..

[4]  Johannes Winter,et al.  Implementation Aspects of Mobile and Embedded Trusted Computing , 2009, TRUST.

[5]  Gene Tsudik,et al.  Security and Privacy in Ad-hoc and Sensor Networks, Second European Workshop, ESAS 2005, Visegrad, Hungary, July 13-14, 2005, Revised Selected Papers , 2005, ESAS.

[6]  Kurt Dietrich An integrated architecture for trusted computing for java enabled embedded devices , 2007, STC '07.

[7]  Mark Ryan,et al.  Direct Anonymous Attestation (DAA): Ensuring Privacy with Corrupt Administrators , 2007, ESAS.

[8]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[9]  Jan Camenisch,et al.  Anonymous credentials on a standard java card , 2009, CCS.

[10]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[11]  Aaron Weiss Trusted computing , 2006, NTWK.

[12]  Chris Mitchell Trusted Computing (Professional Applications of Computing) (Professional Applications of Computing) , 2005 .

[13]  Kurt Dietrich,et al.  Anonymous Credentials for Java Enabled Platforms: A Performance Evaluation , 2009, INTRUST.

[14]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[15]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[16]  Bart De Decker,et al.  Communications and Multimedia Security , 2013, Lecture Notes in Computer Science.

[17]  Kurt Dietrich Anonymous Client Authentication for Transport Layer Security , 2010, Communications and Multimedia Security.

[18]  Ingrid Verbauwhede,et al.  Efficient implementation of anonymous credentials on Java Card smart cards , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).