Abstract
Direct Anonymous Attestation (DAA) is a digital signature scheme designed for anonymous authentication. A major application of DAA is privacy-preserving remote authentication of a trusted platform module (\(\mathsf{TPM}\)). The private key used by DAA is stored within the \(\mathsf{TPM}\). The resource of \(\mathsf{TPM}\) is limited, thus \(\mathsf{TPM}\) devices usually implement only necessary secret-related algorithms and only store sensitive data. Recently, in CCS 2013, Chen and Li proposed the notion of \(\mathsf{TPM}\) 2.0 signature, which implements a simple yet generic algorithm taking the private key as an input, for a wide range of higher applications such as DAA and others (e.g., Schnorr’s signature, U-Prove). However, the reuse of the same \(\mathsf{TPM}\) algorithm and private key for multiple purposes may introduce vulnerability, even within the same context of DAA. In particular, there are two situations in which the DAA scheme uses the same signature scheme and private key, namely, signing or authentication, and joining the system (for proving the knowledge of the private key to the issuer of the DAA credential). In this paper, we analyzed the current security model of DAA schemes with this in mind, identified the weakness and the corresponding implementation flaw which leads to insecurity, and suggested a fix. Our study provides more comprehensive security analysis for DAA which suggests a prudent practice of DAA implementation.
This work is supported by grant 439713 from Research Grants Council (RGC), Hong Kong, and grants (4055018, 4930034) from Chinese University of Hong Kong. Sherman Chow is supported by the Early Career Award from RGC, Hong Kong. The authors would like to thank Liqun Chen for inspiration of this research.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Sumrall, N., Novoa, M.: Trusted computing group (TCG) and the TPM 1.2 specification. In: Intel Developer Forum 2003, vol. 32 (2003)
Chen, L., Li, J.: Flexible and scalable digital signatures in TPM 2.0. In: CCS 2013, pp. 37–48. ACM (2013)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: CCS 2004, pp. 132–145. ACM (2004)
Brickell, E., Li, J.: Enhanced privacy ID: a direct anonymous attestation scheme with enhanced revocation capabilities. In: Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society, pp. 21–30. ACM (2007)
Chen, L.: A DAA scheme requiring less TPM resources. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 350–365. Springer, Heidelberg (2010)
Leung, A., Chen, L., Mitchell, C.J.: On a possible privacy flaw in direct anonymous attestation (DAA). In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 179–190. Springer, Heidelberg (2008)
Rudolph, C.: Covert identity information in direct anonymous attestation (DAA). In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments, pp. 443–448. Springer, New York (2007)
Brickell, E., Chen, L., Li, J.: Simplified security notions of direct anonymous attestation and a concrete scheme from pairings. Int. J. Inf. Secur. 8(5), 315–330 (2009)
Chen, L., Morrissey, P., Smart, N.P.: On proofs of security for DAA schemes. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 156–175. Springer, Heidelberg (2008)
Chen, X., Feng, D.: Direct anonymous attestation for next generation TPM. J. Comput. 3(12), 43–50 (2008)
Brickell, E., Li, J.: A pairing-based DAA scheme further reducing TPM resources. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 181–195. Springer, Heidelberg (2010)
Brickell, E., Chen, L., Li, J.: A new direct anonymous attestation scheme from bilinear maps. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 166–178. Springer, Heidelberg (2008)
Brickell, E., Chen, L., Li, J.: A (corrected) DAA scheme using batch proof and verification. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 304–337. Springer, Heidelberg (2012)
Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In: IEEE SP 2008, pp. 202–215. IEEE (2008)
Chen, L., Page, D., Smart, N.P.: On the design and implementation of an efficient DAA scheme. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 223–237. Springer, Heidelberg (2010)
Xi, L., Yang, K., Zhang, Z., Feng, D.: DAA-related APIs in TPM 2.0 revisited. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 1–18. Springer, Heidelberg (2014)
Acar, T., Nguyen, L., Zaverucha, G.: A TPM Diffie-Hellman oracle. Technical Report MSR-TR-2013-105, Microsoft Research (2013) Also available at Cryptology ePrint Archive 2013/667
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhang, T., Chow, S.S.M. (2015). Security of Direct Anonymous Authentication Using TPM 2.0 Signature. In: Lin, D., Yung, M., Zhou, J. (eds) Information Security and Cryptology. Inscrypt 2014. Lecture Notes in Computer Science(), vol 8957. Springer, Cham. https://doi.org/10.1007/978-3-319-16745-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-16745-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16744-2
Online ISBN: 978-3-319-16745-9
eBook Packages: Computer ScienceComputer Science (R0)