On a Possible Privacy Flaw in Direct Anonymous Attestation (DAA)

  • Adrian Leung
  • Liqun Chen
  • Chris J. Mitchell
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4968)


A possible privacy flaw in the TCG implementation of the Direct Anonymous Attestation (DAA) protocol has recently been discovered by Rudolph. This flaw allows a DAA Issuer to covertly include identifying information within DAA Certificates, enabling a colluding DAA Issuer and one or more verifiers to link and uniquely identify users, compromising user privacy and thereby invalidating the key feature provided by DAA . In this paper we argue that, in typical usage scenarios, the weakness identified by Rudolph is not likely to lead to a feasible attack; specifically we argue that the attack is only likely to be feasible if honest DAA signers and verifiers never check the behaviour of issuers. We also suggest possible ways of avoiding the threat posed by Rudolph’s observation.


Direct Anonymous Attestation DAA Privacy Trusted Computing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington DC, USA, October 25–29, 2004, pp. 132–145. ACM Press, New York (2004)CrossRefGoogle Scholar
  2. 2.
    Mitchell, C.J. (ed.): Trusted Computing. IEE Press, London (2005)Google Scholar
  3. 3.
    Trusted Computing Group (TCG): TCG Specification Architecture Overview. Version 1.2, The Trusted Computing Group, Portland, Oregon, USA (2004)Google Scholar
  4. 4.
    Rudolph, C.: Covert identity information in direct anonymous attestation (DAA). In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) 22nd IFIP TC-11 International Information Security Conference (SEC 2007) on New Approaches for Security, Privacy and Trust in Complex Environments, Sandton, South Africa, May 14-16, 2007. IFIP International Federation for Information Processing, vol. 232, pp. 443–448. Springer, Boston (2007)CrossRefGoogle Scholar
  5. 5.
    Balfe, S., Lakhani, A.D., Paterson, K.G.: Trusted computing: Providing security for peer-to-peer networks. In: Proceedings of the Fifth International Conference on Peer-to-Peer Computing (P2P 2005), Konstanz, Germany, August 31–September 2, 2005, pp. 117–124. IEEE Computer Society, Los Alamitos (2005)CrossRefGoogle Scholar
  6. 6.
    Leung, A., Mitchell, C.J.: Ninja: Non identity based, privacy preserving authentication for ubiquitous environments. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 73–90. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Leung, A., Poh, G.S.: An anonymous watermarking scheme for content distribution protection using trusted computing. In: Proceedings of the International Conference on Security and Cryptography (SECRYPT 2007), Barcelona, Spain, August 28–31, 2007, pp. 319–326. INSTICC Press (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Adrian Leung
    • 1
  • Liqun Chen
    • 2
  • Chris J. Mitchell
    • 1
  1. 1.Information Security GroupRoyal Holloway, University of LondonEghamUK
  2. 2.Hewlett-Packard Laboratories Stoke GiffordUK

Personalised recommendations