论文信息 - A Direct Anonymous Attestation Protocol Based on Hierarchical Group Signature

A Direct Anonymous Attestation Protocol Based on Hierarchical Group Signature

Virtualization makes virtual machines with a wide range of security requirements run simultaneously on the same commodity hardware. Direct Anonymous Attestation (DAA) for virtual machine is a cryptographic mechanism that enables remote attestation of virtual machine instances ( VMIs ) while preserving privacy under the user’s control. However, Trusted Platform Module (TPM) with only limited storage space and communication capability is an indispensable component in remote attestation of multiply VMIs. In this paper, an optimized direct anonymous attestation protocol is proposed based on a hierarchical group signature without random oracles from asymmetric pairing. The analysis result of the proposed protocol shows that cost of TPM is lower than the most efficient CMS-DAA scheme to date, the computational cost of host and verifier are highly reduced. Furthermore, security of the proposed scheme is similar to CMS-DAA.

Lina Wang | Rongwei Yu | Xiao-yan Ma | Bo Kuang

[1] Stefan Berger,et al. TVDc: managing security in the trusted virtual datacenter , 2008, OPSR.

[2] Xiaofeng Chen,et al. A New Direct Anonymous Attestation Scheme from Bilinear Maps , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[3] Dan Boneh,et al. Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[4] Ran Canetti,et al. Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[5] Ahmad-Reza Sadeghi,et al. Trusted Computing - Special Aspects and Challenges , 2008, SOFSEM.

[6] Xiaohui Liang,et al. Short Group Signature Without Random Oracles , 2007, ICICS.

[7] Liqun Chen,et al. On Proofs of Security for DAA Schemes , 2008, ProvSec.

[8] Jiangtao Li,et al. A New Direct Anonymous Attestation Scheme from Bilinear Maps , 2008, TRUST.

[9] Liqun Chen,et al. Pairings in Trusted Computing , 2008, Pairing.

[10] Chris I. Dalton,et al. Towards automated provisioning of secure virtualized networks , 2007, CCS '07.

[11] Ernest F. Brickell,et al. Direct anonymous attestation , 2004, CCS '04.

[12] Rafail Ostrovsky,et al. Non-interactive Zaps and New Techniques for NIZK , 2006, CRYPTO.