A Direct Anonymous Attestation Scheme for Embedded Devices

  • He Ge
  • Stephen R. Tate
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4450)

Abstract

Direct anonymous attestation (DAA) is an anonymous authentication scheme adopted by the Trusted Computing Group in its specifications for trusted computing platforms. This paper presents an efficient construction that implements all anonymous authentication features specified in DAA, including authentication with total anonymity, authentication with variable anonymity, and rogue TPM tagging. The current DAA construction is mainly targeted for powerful devices such as personal computers, and their corresponding application areas, but is not entirely suitable for embedded devices with limited computing capabilities (e.g., cell phones or hand-held PDAs). We propose a new construction with more efficient sign and verify protocols, making it more attractive for embedded devices. We prove that the new construction is secure under the strong RSA assumption and the decisional Diffie-Hellman assumption.

Keywords

Direct Anonymous Attestation Group signature Privacy Authentication Trusted Computing Platform Cryptographic Protocol 
Download to read the full conference paper text

References

  1. 1.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Baric, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient procotols. In: First ACM Conference On computer and Communication Security, pp. 62–73. ACM Press, New York (1993)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
  5. 5.
    Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: Proc. of the 11th ACM Conference on Computer and Communications Security (CCS 2004), pp. 168–177. ACM Press, New York (2004)CrossRefGoogle Scholar
  6. 6.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: ACM Conference on Computer and Communications Security, pp. 132–145. ACM Press, New York (2004)Google Scholar
  7. 7.
    Camenisch, J., Groth, J.: Group signatures: Better efficiency and new theoretical aspects. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 120–133. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Camenisch, J., Michels, M.: A group signature scheme based on an RSA-variants. Technical Report RS-98-27, BRICS, University of Aarhus (Nov. 1998)Google Scholar
  9. 9.
    Camenisch, J., Stadler, M.: Efficient group signature schemems for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)Google Scholar
  10. 10.
    Camenisch, J., Stadler, M.: A group signature scheme with improved efficiency. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 160–174. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  11. 11.
    Chan, A., Frankel, Y., Tsiounis, Y.: Easy come - easy go divisible cash. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 561–574. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  12. 12.
    Chaum, D., van Heyst, E.: Group signature. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 390–407. Springer, Heidelberg (1991)Google Scholar
  13. 13.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  14. 14.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  15. 15.
    Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)Google Scholar
  16. 16.
    Fujisaki, E., Okamoto, T.: A practical and provably secure scheme for publicly verifable secret sharing and its applications. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 32–46. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Kiayias, A., Tsiounis, Y., Yung, M.: Traceable signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 571–589. Springer, Heidelberg (2004)Google Scholar
  18. 18.
    Mao, W.: Modern Cryptography: Theory & Practice. Prentice Hall PTR, Englewood Cliffs (2004)Google Scholar
  19. 19.
    Menezes, A.J., Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography, pp. 613–619. CRC Press, Boca Raton (1997)MATHGoogle Scholar
  20. 20.
    Shamir, A.: On the generation of cryptograpically strong psedorandom sequences. ACM Transaction on computer systems 1 (1983)Google Scholar
  21. 21.
  22. 22.
    TCG. TPM V1.2 Specification Changes: A summary of changes with respect to the v1.1b TPM specification (2003)Google Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • He Ge
    • 1
  • Stephen R. Tate
    • 2
  1. 1.Microsoft Corporation, One Microsoft Way, Redmond 98005 
  2. 2.Department of Computer Science and Engineering, University of North Texas, Denton, TX 76203 

Personalised recommendations