Abstract
Direct anonymous attestation (DAA) is a practical and efficient protocol for authenticated attestation with satisfaction of strong privacy requirements. This recently developed protocol is already adopted by the Trusted Computing Group and included in the standardized trusted platform module TPM. This paper shows that the main privacy goal of DAA can be violated by the inclusion of covert identity information. This problem is very relevant, as the privacy attack is both efficient and very difficult to detect.
Please use the following formal when citing this chapter: Rudolph, C, 2007, in IFIP International Federation for Information Processing, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H., ElotT, M., Labuschagne, L., Eloff, J., von Solms, R., (Boston: Springer), pp. 443–448.
Chapter PDF
Similar content being viewed by others
References
R. Anderson. ‘trusted computing’ frequently asked questions. http://www.cl.cam.ac.uk/rjaM/tcparfaq.html, 2003.
E. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In 11th ACM Conference on Computer and Communications Security. ACM Press, 2004.
J. Camenisch. Better privacy for trusted computing platforms. In 9th European Symposium On Research in Computer Security (ESORICS 2004), 2004.
J. Camenisch and A. Lysyanskaya. A signature scheme with efficient protocols. In Security in Communication Networks, Third International Conference, SCN 2003, volume 2576 of Lecture Notes in Computer Science, pages 268–289. Springer Verlag, 2003.
Trusted Computing Group. TCG TPM Specification 1.2 revision 94. http://www.trustedcomputing.org, 2006.
M. Hansen. A double-edged blade — on trusted computing’s impact on privacy. In Datenschutz und Datensicherheit, pages 525-528, 2004.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Rudolph, C. (2007). Covert Identity Information in Direct Anonymous Attestation (DAA). In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_38
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_38
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)