An Anonymous Remote Attestation Protocol to Prevent Masquerading Attack

Since TCG v1.2, an anonymous attestation protocol was proposed, called direct anonymous attestation (DAA), which is designed to preserve the user privacy. However, this scheme is vulnerable to the masquerading attack, meanwhile not be practically deployed with existing network protocols. In this paper, we proposed a novel anonymous remote attestation protocol based on the direct anonymous attestation and the transport layer security (TLS) protocol. We integrate anonymous attestation, integrity report and key agreement mechanisms to establish a trusted channel, which provides platform configuration attestation and anonymous identity authentication. Security analysis shows that our protocol satisfies anonymity, unforgeability, uncloneability and user-control link ability in identity authentication as well as resists the replay attack and the masquerading attack.

[1]  Mark Ryan,et al.  Direct Anonymous Attestation (DAA): Ensuring Privacy with Corrupt Administrators , 2007, ESAS.

[2]  Ahmad-Reza Sadeghi,et al.  Beyond secure channels , 2007, STC '07.

[3]  Kenneth G. Paterson,et al.  Challenges for Trusted Computing , 2008, IEEE Security & Privacy Magazine.

[4]  Jiangtao Li,et al.  A Pairing-Based DAA Scheme Further Reducing TPM Resources , 2010, TRUST.

[5]  Ronald Perez,et al.  Linking remote attestation to secure tunnel endpoints , 2006, STC '06.

[6]  Liqun Chen,et al.  A DAA Scheme Requiring Less TPM Resources , 2009, Inscrypt.

[7]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[8]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[9]  Jiangtao Li,et al.  Simplified security notions of direct anonymous attestation and a concrete scheme from pairings , 2009, International Journal of Information Security.

[10]  Patrick Röder,et al.  A Robust Integrity Reporting Protocol for Remote Attestation , 2006 .

[11]  Kurt Dietrich Anonymous Client Authentication for Transport Layer Security , 2010, Communications and Multimedia Security.

[12]  Xiaofeng Chen,et al.  Direct Anonymous Attestation for Next Generation TPM , 2008, J. Comput..

[13]  Frederik Armknecht,et al.  An efficient implementation of trusted channels based on openssl , 2008, STC '08.

[14]  Jiangtao Li,et al.  Key Exchange with Anonymous Authentication Using DAA-SIGMA Protocol , 2010, INTRUST.

[15]  Bodo Möller,et al.  Network Working Group Elliptic Curve Cryptography (ecc) Cipher Suites for Transport Layer Security (tls) , 2006 .

[16]  Liqun Chen,et al.  On the Design and Implementation of an Efficient DAA Scheme , 2010, IACR Cryptol. ePrint Arch..

[17]  Jiangtao Li,et al.  Flexible and scalable digital signatures in TPM 2.0 , 2013, CCS.