Direct Anonymous Attestation
Direct Anonymous Attestation (DAA) is a
Historical perspective
In principle the privacy issue could be resolved using any standard signature scheme (or public key encryption) and a single key pair. Manufacturers would embed the private key into every TPM produced and the public key would be published as a certificate. Signatures produced by the TPM must have originated from the private key, by the nature of the technology, and since all TPMs use the same private key they are indistinguishable ensuring the user's privacy. This rather naive solution relies upon the assumption that there exists a global secret. One only needs to look at the precedent of Content Scramble System (CSS), an encryption system for DVDs, to see that this assumption is fundamentally flawed. Furthermore, this approach fails to realize a secondary goal: the ability to detect rogue TPMs. A rogue TPM is a TPM that has been compromised and had its secrets extracted.
The solution first adopted by the TCG (TPM specification v1.1) required a trusted third-party, namely a privacy certificate authority (privacy CA). Each TPM has an embedded
The EPID 2.0 solution embeds the private key in the microprocessor when it is manufactured, inherently distributes the key with the physical device shipment, and has the key provisioned and ready for use with 1st power-on.
Overview
The DAA protocol is based on three entities and two different steps. The entities are the DAA Member (TPM platform or EPID-enabled microprocessor), the DAA Issuer and the DAA Verifier. The issuer is charged to verify the TPM platform during the Join step and to issue DAA credential to the platform. The platform (Member) uses the DAA credential with the Verifier during the Sign step. Through a zero-knowledge proof the Verifier can verify the credential without attempting to violate the platform's privacy. The protocol also supports a blocklisting capability so that Verifiers can identify attestations from TPMs that have been compromised.
Privacy properties
The protocol allows differing degrees of privacy. Interactions are always anonymous, but the Member/Verifier may negotiate as to whether the Verifier is able to link transactions. This would allow user profiling and/or the rejection of requests originating from a host which has made too many requests. The Member and Verifier can also elect to reveal additional information to accomplish non-anonymous interactions (just as you can choose to tell a stranger your full name, or not). Thus, known identity can be built on top of an anonymous start. (Contrast this with: if you start with known identity, you can never prove you un-know that identity to regress to anonymity.)
Implementations and attacks
The first Direct Anonymous Attestation scheme was due to Brickell, Camenisch, and Chen;[2] that scheme proved insecure and required a fix.[3] Brickell, Chen, and Li improved efficiency of that first scheme using symmetric pairings, rather than RSA.[4] And Chen, Morrissey, and Smart attempted to further improve efficiency by switching from a symmetric to an asymmetric setting;[5][6] unfortunately, the asymmetric scheme was also insecure.[7] Chen, Page, and Smart proposed a new
See also
- Cryptographic protocol
- Digital credential
- Trusted platform module
- Enhanced Privacy ID
- Privacy enhancing technologies
References
- ^ TPM Specification
- ^ Brickell; Camenisch; Chen (2004). "Direct Anonymous Attestation" (PDF). ACM Conference on Computer and Communications Security: 132–145.
- ^ Smyth; Ryan; Chen (2015). "Formal analysis of privacy in Direct Anonymous Attestation schemes" (PDF). Science of Computer Programming. 111 (2): 300–317. .
- ^
Brickell; Chen; Li (2009). "Simplified security notions of Direct Anonymous Attestation and a concrete scheme from pairings" (PDF). International Journal of Information Security. 8 (5): 315–330. S2CID 16688581.
- ^ Chen; Morrissey; Smart (2008). "On Proofs of Security for DAA Schemes". 3rd International Conference on Trust and Trustworthy Computing. 5324: 156–175.
- ^ Chen; Morrissey; Smart (2008). "Pairings in Trusted Computing". 2nd International Conference on Pairing-Based Cryptography. 5209: 1–17.
- ^ Chen; Li (2010). "A note on the Chen-Morrissey-Smart DAA scheme". Information Processing Letters. 110 (12–13): 485–488. .
- ^ Chen; Page; Smart (2010). "On the Design and Implementation of an Efficient DAA Scheme" (PDF). 9th International Conference on Smart Card Research and Advanced Applications. 6035: 223–237.
- ^ https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.16.pdf[bare URL PDF]
- ^ https://www.trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2-0-v43-150126.pdf[bare URL PDF]
- ^ EPID SDK
External links
- E. Brickell, J. Camenisch, and L. Chen: Direct anonymous attestation. In Proceedings of 11th ACM Conference on Computer and Communications Security, ACM Press, 2004. (PDF)
- E. Brickell, J. Camenisch, and L. Chen: Direct anonymous attestation . ([1])
- Interdomain User Authentication and Privacy by Andreas Pashalidis - section 6