Abstract
Direct Anonymous Attestation (DAA) has been studied for applying to mobile devices based on ARM TrustZone. However, current solutions bring in extra performance overheads and security risks when adapting existing DAA schemes originally designed for PC platform. In this paper, we propose a complete and efficient DAA scheme (DAA-TZ) specifically designed for mobile devices using TrustZone. By considering the application scenarios, DAA-TZ extends the interactive model of original DAA and provides anonymity for a device and its user against remote service providers. The proposed scheme requires only one-time switch of TrustZone for signing phase and elaborately takes pre-computation into account. Consequently, the frequent on-line signing just needs at most three exponentiations on elliptic curve. Moreover, we present the architecture for trusted mobile devices. The issues about key derivation and sensitive data management relying on a root of trust from SRAM Physical Unclonable Function (PUF) are discussed. We implement a prototype system and execute DAA-TZ using MNT and BN curves with different security levels. The comparison result and performance evaluation indicate that our scheme meets the demanding requirement of mobile users in respects of both security and efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Utilizing PKI solution, a Certificate Authority (CA) issues a public key certificate for \(p{{k}_{\mathcal {I}}}\) to the issuer \(\mathcal {I}\).
- 2.
If the public key of an existing issuer has expired, it should refresh its public key by creating a new one and obtaining the corresponding certificate.
References
Bernhard, D., Fuchsbauer, G., Ghadafi, E., Smart, N.P., Warinschi, B.: Anonymous attestation with user-controlled linkability. Int. J. Inf. Secur. 12(3), 219–249 (2013)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM CCS, pp. 132–145. ACM (2004)
Brickell, E., Chen, L., Li, J.: A New Direct Anonymous Attestation Scheme from Bilinear Maps. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 166–178. Springer, Heidelberg (2008)
Brickell, E., Li, J.: A pairing-based DAA scheme further reducing TPM resources. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 181–195. Springer, Heidelberg (2010)
Chen, L., Li, J.: Flexible and scalable digital signatures in tpm 2.0. In: Proceedings of the 20th ACM CCS, pp. 37–48. ACM (2013)
Chen, L., Page, D., Smart, N.P.: On the design and implementation of an efficient DAA scheme. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 223–237. Springer, Heidelberg (2010)
Chen, X., Feng, D.: Direct anonymous attestation for next generation tpm. J. Comput. 3(12), 43–50 (2008)
Commission, F.T., et al.: Mobile privacy disclosures: Building trust through transparency. Federal Trade Commission Staff Report (2013)
Galbraith, S., Paterson, K., Smart, N.: Pairings for cryptographers. Discrete Appl. Math. 156(16), 3113–3121 (2008)
Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)
Jang, J., Kong, S., Kim, M., Kim, D., Kang, B.B.: Secret: Secure channel between rich execution environment and trusted execution environment. In: NDSS 2015 (2015)
Maganis, G., Shi, E., Chen, H., Song, D.: Opaak: using mobile phones to limit anonymous identities online. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, pp. 295–308. ACM (2012)
Morelos-Zaragoza, R.: Encoder/decoder for binary bch codes in c (version 3.1)
Oren, Y., Sadeghi, A.-R., Wachsmann, C.: On the effectiveness of the remanence decay side-channel to clone memory-based PUFs. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 107–125. Springer, Heidelberg (2013)
ARM: Trustzone. http://www.arm.com/products/processors/technologies/trustzone. Last accessed 5 May 2015
GENODE: An exploration of arm trustzone technology. http://genode.org/documentation/articles/trustzone. Last accessed 1 May 2015
GlobalPlatform: Tee client api specification version 1.0 (2010)
Integrated Silicon Solution Inc: IS61LV6416-10TL. http://www.alldatasheet.com/datasheet-pdf/pdf/505020/ISSI/IS61LV6416-10TL.html
ISO/IEC: 15946–5: 2009 information technology-security techniques: Cryptographic techniques based on elliptic curves: Part 5: Elliptic curve generation (2009)
Proxama (2015). http://www.proxama.com/platform/
Sansa Security: Discretix (2014). https://www.sansasecurity.com/blog/discretix-becomes-sansa-security/. Last accessed 22 June 2014
Trusted Computing Group: TPM main specification version1.2, revision 116 (2011). http://www.trustedcomputinggroup.org. Last accessed 25 October 2014
Trusted Computing Group: Trusted platform module library, family 2.0 (2013). http://www.trustedcomputinggroup.org. Last accessed 10 March 2015
Xilinx: Zynq-7000 all programmable soc zc702 evaluation kit. http://www.xilinx.com/products/boards-and-kits/EK-Z7-ZC702-G.htm
Wachsmann, C., Chen, L., Dietrich, K., Löhr, H., Sadeghi, A.-R., Winter, J.: Lightweight anonymous authentication with TLS and DAA for embedded mobile devices. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 84–98. Springer, Heidelberg (2011)
Wilson, P., Frey, A., Mihm, T., Kershaw, D., Alves, T.: Implementing embedded security on dual-virtual-cpu systems. IEEE Des. Test 24(6), 582–591 (2007)
Xi, L., Yang, K., Zhang, Z., Feng, D.: DAA-related APIs in TPM 2.0 revisited. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 1–18. Springer, Heidelberg (2014)
Yang, B., Feng, D., Qin, Y.: A lightweight anonymous mobile shopping scheme based on daa for trusted mobile platform. In: 2014 IEEE 13th International Conference on TrustCom, pp. 9–17. IEEE (2014)
Yang, B., Yang, K., Qin, Y., Zhang, Z., Feng, D.: DAA-TZ: An effcient DAA scheme for mobile devices using ARM Trust Zone (full version) (2015) (ePrint)
Zhang, Q., Zhao, S., Xi, L., Feng, W., Feng, D.: Mdaak: A flexible and efficient framework for direct anonymous attestation on mobile devices. In: Information and Communications Security. Springer (2014)
Zhao, S., Zhang, Q., Hu, G., Qin, Y., Feng, D.: Providing root of trust for arm trustzone using on-chip sram. In: Proceedings of the 4th International Workshop on Trustworthy Embedded Devices, pp. 25–36. ACM (2014)
Acknowledgment
We thank Shijun Zhao and the anonymous reviewers for their valuable comments. This work was supported in part by grants from the National Natural Science Foundation of China (No. 91118006, No. 61202414 and No. 61402455) and the National 973 Program of China (No. 2013CB338003).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Yang, B., Yang, K., Qin, Y., Zhang, Z., Feng, D. (2015). DAA-TZ: An Efficient DAA Scheme for Mobile Devices Using ARM TrustZone. In: Conti, M., Schunter, M., Askoxylakis, I. (eds) Trust and Trustworthy Computing. Trust 2015. Lecture Notes in Computer Science(), vol 9229. Springer, Cham. https://doi.org/10.1007/978-3-319-22846-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-22846-4_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22845-7
Online ISBN: 978-3-319-22846-4
eBook Packages: Computer ScienceComputer Science (R0)