Abstract
Direct anonymous attestation (DAA) enables a platform including a trusted platform module (TPM) to produce a signature in order to remotely attest that it is in a certified state while preserving its anonymity. A main feature of DAA is that a TPM and a host together act as a signer, where the TPM is less powerful but trustworthy, whereas the host is more powerful but vulnerable to corruptions. Although DAA is standardized and widely implemented in various fields, current security notions for DAA have been defined ambiguously in terms of host corruptions. In this study, we redefine DAA security notions, including static and dynamic host corruptions, and formalize them as concrete security models in a game-based framework. Compared with the recent simulation-based security notions (without subverted TPMs) by Camenisch et al., the proposed notions cover a broader range of realistic attack scenarios for DAA and reach the expected level of security that DAA originally desires. Furthermore, we present a DAA instantiation with the security improvement by demonstrating that a variant of the LRSW–DAA by Camenisch et al. is provably secure in the new game-based security models.
Similar content being viewed by others
References
Ballard, L., Green, M., de Medeiros, B., Monrose, F.: Correlation-resistant storage. Technical report, TR-SP-BGMM-050507, Johns Hopkins University Department of Computer Science (2005)
Baric, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Advances in Cryptology—EUROCRYPT ’97. Lecture Notes in Computer Science, vol. 1233, pp. 480–494. Springer (1997)
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Selected Areas in Cryptography—SAC ’05. Lecture Notes in Computer Science, vol. 3897, pp. 319–331. Springer (2005)
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Computer and Communications Security—CCS ’93. pp. 62–73. ACM (1993)
Bernhard, D., Fischlin, M., Warinschi, B.: Adaptive proofs of knowledge in the random oracle model. Public-Key Cryptography—PKC ’15. Lecture Notes in Computer Science, vol. 9020, pp. 625–649. Springer (2015)
Bernhard, D., Fuchsbauer, G., Ghadafi, E., Smart, N.P., Warinschi, B.: Anonymous attestation with user-controlled linkability. Int. J. Inf. Sec. 12(3), 219–249 (2013)
Bichsel, P., Camenisch, J., Neven, G., Smart, N.P., Warinschi, B.: Get shorty via group signatures without encryption. In: Security and Cryptography for Networks- SCN ’10. Lecture Notes in Computer Science, vol. 6280, pp. 381–398. Springer (2010)
Boneh, D., Boyen, X.: Short signatures without random oracles. In: Advances in Cryptology—EUROCRYPT ’04. Lecture Notes in Computer Science, vol. 3027, pp. 56–73. Springer (2004)
Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Advances in Cryptology—CRYPTO ’04. Lecture Notes in Computer Science, vol. 3152, pp. 41–55. Springer (2004)
Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Computer and Communications Security—CCS ’04. pp. 132–145. ACM (2004)
Brickell, E., Chen, L., Li, J.: A new direct anonymous attestation scheme from bilinear maps. In: Trusted Computing: Challenges and Applications—TRUST ’08. Lecture Notes in Computer Science, vol. 4968, pp. 166–178. Springer (2008)
Brickell, E., Chen, L., Li, J.: Simplified security notions of direct anonymous attestation and a concrete scheme from pairings. Int. J. Inf. Sec. 8(5), 315–330 (2009)
Brickell, E., Chen, L., Li, J.: A (corrected) DAA scheme using batch proof and verification. In: Trusted Systems—INTRUST ’11. Lecture Notes in Computer Science, vol. 7222, pp. 304–337. Springer (2011)
Brickell, E., Li, J.: Enhanced privacy id: a direct anonymous attestation scheme with enhanced revocation capabilities. In: Workshop on Privacy in the Electronic Society—WPES ’07. pp. 21–30. ACM (2007)
Brickell, E., Li, J.: A pairing-based DAA scheme further reducing TPM resources. In: Trust and Trustworthy Computing—TRUST ’10. Lecture Notes in Computer Science, vol. 6101, pp. 181–195. Springer (2010)
Brickell, E., Li, J.: Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. Int. J. Inf. Priv. Secur. Integr. 1(1), 3–33 (2011)
Beimel, A., Malkin, T., Micali, S.: The All-or-nothing nature of two-party secure computation. In: Advances in Cryptology—CRYPTO ’99. Lecture Notes in Computer Science, vol. 1666, pp. 80–97. Springer (1999)
Camenisch, J., Chen, L., Drijvers, M., Lehmann, A., Novick, D., Urian, R.: One TPM to bind them all: Fixing TPM 2.0 for provably secure anonymous attestation. In: Security and Privacy—SP ’17. pp. 901–920. IEEE Computer Society (2017)
Camenisch, J., Drijvers, M., Edgington, A., Lehmann, A., Lindemann, R., Urian, R.: FIDO ECDAA algorithm (2017), https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido-ecdaa-algorithm-v1.1-id-20170202.html
Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong diffie hellman assumption revisited. In: Trust and Trustworthy Computing—TRUST ’16. Lecture Notes in Computer Science, vol. 9824, pp. 1–20. Springer (2016)
Camenisch, J., Drijvers, M., Lehmann, A.: Universally composable direct anonymous attestation. In: Public-Key Cryptography—PKC ’16 Part II. Lecture Notes in Computer Science, vol. 9615, pp. 234–264. Springer (2016)
Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation with subverted tpms. In: Advances in Cryptology—CRYPTO ’17 Part III. Lecture Notes in Computer Science, vol. 10403, pp. 427–461. Springer (2017)
Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups (extended abstract). In: Advances in Cryptology—CRYPTO ’97. Lecture Notes in Computer Science, vol. 1294, pp. 410–424. Springer (1997)
Chen, L.: A DAA scheme requiring less TPM resources. In: Information Security and Cryptology—Inscrypt ’09. Lecture Notes in Computer Science, vol. 6151, pp. 350–365. Springer (2009)
Chen, L., Li, J.: Flexible and scalable digital signatures in TPM 2.0. In: Computer and Communications Security—CCS ’13. pp. 37–48. ACM (2013)
Chen, L., Morrissey, P., Smart, N.P.: On proofs of security for DAA schemes. In: Provable Security, Second International Conference—ProvSec ’08. Lecture Notes in Computer Science, vol. 5324, pp. 156–175. Springer (2008)
Chen, L., Morrissey, P., Smart, N.P.: Pairings in trusted computing. In: Pairing-Based Cryptography—Pairing ’08. Lecture Notes in Computer Science, vol. 5209, pp. 1–17. Springer (2008)
Chen, L., Page, D., Smart, N.P.: On the design and implementation of an efficient DAA scheme. In: Smart Card Research and Advanced Application—CARDIS ’10. Lecture Notes in Computer Science, vol. 6035, pp. 223–237. Springer (2010)
Chen, L., Urian, R.: DAA-A: direct anonymous attestation with attributes. In: Trust and Trustworthy Computing—TRUST ’15. Lecture Notes in Computer Science, vol. 9229, pp. 228–245. Springer (2015)
Chen, X., Feng, D.: Direct anonymous attestation for next generation TPM. J. Compt. 3(12), 43–50 (2008)
Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Advances in Cryptology—CRYPTO ’86. Lecture Notes in Computer Science, vol. 263, pp. 186–194. Springer (1986)
Fischlin, M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Advances in Cryptology—CRYPTO ’05. Lecture Notes in Computer Science, vol. 3621, pp. 152–168. Springer (2005)
Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008)
Garman, C., Green, M., Miers, I.: Decentralized anonymous credentials. In: Network and Distributed System Security Symposium—NDSS ’14. The Internet Society (2014)
Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Advances in Cryptology—ASIACRYPT ’06. Lecture Notes in Computer Science, vol. 4284, pp. 444–459. Springer (2006)
ISO: ISO/IEC 20008-2. Information technology: Security techniques—Anonymous digital signatures—Part 2: Mechanisms using a group public key approach. Standard, International Organization for Standardization (2013)
Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Selected Areas in Cryptography—SAC ’99. Lecture Notes in Computer Science, vol. 1758, pp. 184–199. Springer (1999)
Proudler, G., Chen, L., Dalton, C.: Trusted Computing Platforms—TPM2.0 in Context. Springer (2014)
Raj, H., Saroiu, S., Wolman, A., Aigner, R., Cox, J., England, P., Fenner, C., Kinshumann, K., Löser, J., Mattoon, D., Nyström, M., Robinson, D., Spiger, R., Thom, S., Wooten, D.: fTPM: A software-only implementation of a TPM chip. In: USENIX Security Symposium ’16. pp. 841–856. USENIX Association (2016)
Trusted Computing Group (TCG): TPM main specification version 1.2 (2004), https://trustedcomputinggroup.org
Trusted Computing Group (TCG): 2.0 Automotive Thin Profile (2014),https://trustedcomputinggroup.org
Trusted Computing Group (TCG): Trusted platform module library specification, family “2.0” (2014), https://trustedcomputinggroup.org
Whitefield, J., Chen, L., Giannetsos, T., Schneider, S., Treharne, H.: Privacy-enhanced capabilities for vanets using direct anonymous attestation. In: Vehicular Networking Conference—VNC ’17. pp. 123–130. IEEE (2017)
Xi, L., Yang, K., Zhang, Z., Feng, D.: DAA-related apis in TPM 2.0 revisited. In: Trust and Trustworthy Computing—TRUST ’14. Lecture Notes in Computer Science, vol. 8564, pp. 1–18. Springer (2014)
Acknowledgements
This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No.2016-6-00599, A Study on Functional Signature and Its Applications). Jong Hwan Park and Dong Hoon Lee are the co-corresponding authors of this paper.
Funding
This study was funded by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kim, H., Lee, K., Park, J.H. et al. Improving the security of direct anonymous attestation under host corruptions. Int. J. Inf. Secur. 20, 475–492 (2021). https://doi.org/10.1007/s10207-020-00507-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-020-00507-6