Abstract
The privacy-CA solution (PCAS) designed by the Trusted Computing Group (TCG) was specified in TCG Trusted Platform Module (TPM) Specification Version 1.2 in 2003 and allows a TPM to obtain from a certification authority (CA) certificates on short term keys. The PCAS protocol is a lighter alternative to the Direct Anonymous Attestation (DAA) scheme for anonymous platform authentication.
The first rigorous analysis of PCAS was recently performed by Chen and Warinschi who focus on an unforgeability property (a TPM cannot obtain a certificate without the CA knowing its identity). The analysis in that paper holds only when no TPM is corrupt as, otherwise, an attack can be easily mounted. The authors also propose a stronger protocol (which we refer to as the enhanced PCAS or ePCAS) intended to withstand attacks of corrupt TPMs, but the protocol had never been formally analyzed.
The contribution of this paper is two-fold. We formalize three security properties desired from the ePCAS protocol. Unforgeability refines the earlier model for the case where TPMs may be corrupted. Deniability is the property that a CA cannot prove to a third party that he engaged in a run of the protocol with a certain TPM. Finally, anonymity is the property that third parties cannot tell the identity of TPMs based on the certificates that the TPM uses. The second contribution are proofs that the ePCAS protocol does indeed satisfy the security requirements that we formalize in this paper.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellare, M., Boldyreva, A., Micali, S.: Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259–274. Springer, Heidelberg (2000)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: The 11th ACM Conference on Computer and Communications Security, pp. 132–145. ACM Press (2004)
Brickell, E., Chen, L., Li, J.: Simplified security notions for direct anonymous attestation and a concrete scheme from pairings. Int. Journal of Information Security 8, 315–330 (2009)
Bellare, M., Micciancio, D., Warinschi, B.: Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003)
Bellare, M., Shi, H., Zhang, C.: Foundations of Group Signatures: The Case of Dynamic Groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005)
Camenisch, J.: Better Privacy for Trusted Computing Platforms. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 73–88. Springer, Heidelberg (2004)
Chen, L., Morrissey, P., Smart, N.P.: DAA: Fixing the pairing based protocols. Cryptology ePrint Archive. Report 2009/198, http://eprint.iacr.org/2009/198
Chen, L., Warinschi, B.: Security of the TCG privacy-CA solution. In: Proceedings of IEEE TrustCom 2010 (December 2010)
ISO/IEC 11889:2009 Information technology – Security techniques – Trusted Platform Module
Trusted Computing Group. TCG TPM specification 1.2 (2003), http://www.trustedcomputinggroup.org
Trusted Computing Group, http://www.trustedcomputinggroup.org (last accessed on June 30, 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, L., Lee, MF., Warinschi, B. (2012). Security of the Enhanced TCG Privacy-CA Solution. In: Bruni, R., Sassone, V. (eds) Trustworthy Global Computing. TGC 2011. Lecture Notes in Computer Science, vol 7173. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30065-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-30065-3_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30064-6
Online ISBN: 978-3-642-30065-3
eBook Packages: Computer ScienceComputer Science (R0)