Mdaak: A Flexible and Efficient Framework for Direct Anonymous Attestation on Mobile Devices

  • Qianying Zhang
  • Shijun Zhao
  • Li Xi
  • Wei Feng
  • Dengguo Feng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8958)


In this paper, we investigate how to implement Direct Anonymous Attestation (DAA) on mobile devices, whose processing and storage capabilities are limited. We propose a generic framework providing a secure and efficient DAA functionality based on ARM TrustZone. Our framework is flexible enough to support multiple DAA schemes, and is efficient by leveraging the powerful ARM processor in secure mode to perform computations originally delegated to the Trusted Platform Module (TPM). Besides, our framework uses an SRAM PUF commonly available in the On-Chip Memory (OCM) of mobile devices for secure storage of user signing keys, which achieves a low-cost design. We present a prototype system that supports four DAA schemes on real TrustZone hardware, and give evaluations on its code size and performance together with comparisons of the four schemes with different curve parameters. The evaluation results indicate that our solution is feasible, efficient, and well-suited for mobile devices.


Direct anonymous attestation Mobile devices ARM TrustZone Physical unclonable functions Performance evaluation 



This work was supported by the National Natural Science Foundation of China (91118006 and 61202414), and the National Basic Research Program of China (2013CB338003).


  1. 1.
    IEEE P1636.3/D1: Draft standard for identity-based public-key cryptographyusing pairings (2008)Google Scholar
  2. 2.
    ISO/IEC 11889: 2009 Information technology-Security techniques-Trusted Platform (2009)Google Scholar
  3. 3.
    ISO/IEC 15946–5: 2009 Information technology-Security techniques-Cryptographic techniques based on elliptic curves-Part 5: Elliptic curve generation (2009)Google Scholar
  4. 4.
    ISO/IEC 20008–2: 2013 Information technology-Security techniques-Anonymous digital signatures-Part 2: Mechanisms using a group public key (2013)Google Scholar
  5. 5.
    Anne’s fashion shoes: ALTERA EP2C8F256 Core Board (2014)Google Scholar
  6. 6.
  7. 7.
  8. 8.
    Balasch, J.: Smart card implementation of anonymous credentials. Master’s thesis, K.U. Leuven (2008)Google Scholar
  9. 9.
    Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard java card. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 600–610. ACM (2009)Google Scholar
  10. 10.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  11. 11.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 132–145. ACM (2004)Google Scholar
  12. 12.
    Brickell, E., Chen, L., Li, J.: A new direct anonymous attestation scheme from bilinear maps. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 166–178. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  13. 13.
    Brickell, E., Li, J.: Enhanced privacy ID from bilinear pairing. IACR Cryptology ePrint Archive (2009)Google Scholar
  14. 14.
    Brickell, E., Li, J.: A pairing-based DAA scheme further reducing TPM resources. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 181–195. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  15. 15.
    Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  16. 16.
    Chaum, D., Evertse, J.-H.: A secure and privacy-protecting protocol for transmitting personal information between organizations. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 118–167. Springer, Heidelberg (1987) CrossRefGoogle Scholar
  17. 17.
    Chen, L.: A DAA scheme requiring less TPM resources. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 350–365. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  18. 18.
    Chen, L., Li, J.: Flexible and scalable digital signatures in TPM 2.0. In: Proceedings of the 20th ACM Conference on Computer and Communications Security, pp. 37–48. ACM (2013)Google Scholar
  19. 19.
    Chen, L., Page, D., Smart, N.P.: On the design and implementation of an efficient DAA scheme. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 223–237. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  20. 20.
    Chen, X., Feng, D.: Direct anonymous attestation for next generation TPM. J. Comput. 3(12), 43–50 (2008)MathSciNetGoogle Scholar
  21. 21.
    Dietrich, K.: Anonymous credentials for java enabled platforms: a performance evaluation. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 88–103. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  22. 22.
    Dietrich, K.: Anonymous RFID authentication using trusted computing technologies. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 91–102. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  23. 23.
    Dietrich, K., Winter, J., Luzhnica, G., Podesser, S.: Implementation aspects of anonymous credential systems for mobile trusted platforms. In: De Decker, B., Lapon, J., Naessens, V., Uhl, A. (eds.) CMS 2011. LNCS, vol. 7025, pp. 45–58. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  24. 24.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  25. 25.
    GlobalPlatform: GlobalPlatform Device Specifications.
  26. 26.
    GlobalPlatform: TEE client API specification version 1.0 (2010)Google Scholar
  27. 27.
    Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  28. 28.
  29. 29.
  30. 30.
    Lynn, B.: PBC Library - The Pairing-Based Cryptography Library.
  31. 31.
    Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems (Extended Abstract). In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  32. 32.
    Morelos-Zaragoza, R.: Encoder/decoder for binary BCH codes in C (Version 3.1) (1994)Google Scholar
  33. 33.
    NIST: Recommendation for Key Derivation Using Pseudorandom Functions (2009)Google Scholar
  34. 34.
    Oren, Y., Sadeghi, A.-R., Wachsmann, C.: On the effectiveness of the remanence decay side-channel to clone memory-based PUFs. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 107–125. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  35. 35.
    Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002)CrossRefGoogle Scholar
  36. 36.
    RSA Laboratories: RSAREF(TM): A Cryptographic Toolkit Library Reference Manual (1994)Google Scholar
  37. 37.
    Sanders, L.: Secure Boot of Zynq-7000 All Programmable SoC (2013)Google Scholar
  38. 38.
    Sterckx, M., Gierlichs, B., Preneel, B., Verbauwhede, I.: Efficient implementation of anonymous credentials on Java Card smart cards. In: Proceedings of the 1st IEEE International Workshop on Information Forensics and Security, pp. 106–110. IEEE (2009)Google Scholar
  39. 39.
    Strasser, M.: TPM Emulator.
  40. 40.
    TCG: TPM Main Specification Level 2 Version 1.2, Revision 116 (2011)Google Scholar
  41. 41.
    TCG: Trusted Platform Module Library Specification Family “2.0” Level 00, Revision 01.07 (2013)Google Scholar
  42. 42.
    Tuyls, P., Schrijen, G.-J., Škorić, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-proof hardware from protective coatings. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 369–383. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  43. 43.
    Wachsmann, C., Chen, L., Dietrich, K., Löhr, H., Sadeghi, A.-R., Winter, J.: Lightweight anonymous authentication with TLS and DAA for embedded mobile devices. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 84–98. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  44. 44.
    Xilinx: Zynq-7000 All Programmable SoC ZC702 Evaluation Kit.

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Qianying Zhang
    • 1
  • Shijun Zhao
    • 1
  • Li Xi
    • 1
  • Wei Feng
    • 1
  • Dengguo Feng
    • 1
  1. 1.Trusted Computing and Information Assurance LaboratoryInstitute of Software, Chinese Academy of SciencesBeijingChina

Personalised recommendations