direct anonymous attestation daa
play

Direct Anonymous Attestation (DAA) Liqun Chen Trusted Systems - PowerPoint PPT Presentation

Direct Anonymous Attestation (DAA) Liqun Chen Trusted Systems Laboratory Hewlett Packard Laboratories, Bristol 12 October 2005 The slides presented here were made for a DAA seminar last year outline outline what is DAA? what is DAA


  1. Direct Anonymous Attestation (DAA) Liqun Chen Trusted Systems Laboratory Hewlett Packard Laboratories, Bristol 12 October 2005 The slides presented here were made for a DAA seminar last year

  2. outline outline • what is DAA? • what is DAA for? • why DAA? • how does DAA work? Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 2

  3. outline • what is DAA? • what is DAA for? • why DAA? • how does DAA work? Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 3

  4. DAA is a signature scheme DAA is a signature scheme designed for TCG • – signer: TPM (trusted platform module) – verifier: an external partner the name of DAA is from • Direct proof – without a TTP involvement – Anonymous – do not disclose the identity of the signer – Attestation – statement/claim from a TPM – DAA was adopted by TCG and specified in TCG TPM • Specification Version 1.2, available at www.trustcomputinggroup.org designers: Ernie Brickell of Intel, Jan Camenisch of IBM and • Liqun Chen of HP Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 4

  5. category of signature schemes – from a verifier’s point of view • 1–out–1 signatures: ordinary signatures – a verifier is given an authenticated public key of a signer • 1–out–n signatures: ring signatures, designated- verifier signatures, concurrent signatures, …… – a verifier is given authenticated public keys of all potential signers • 1–out–group signatures: group signatures, DAA – a verifier is given an authenticated group public key Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 5

  6. group signatures and DAA • a group signature has fixed-traceability and unlinkability – a group member certificate indicates an identity-disclosure authority – the authority can recover the identity of the real signer from a group signature • a DAA signature has flexible-traceability and flexible- linkability – there is no identity-disclosure authority (a DAA signature cannot be opened by any TTP) – a DAA signature provides the user-control link that can be used to link some selected signatures from the same signer for the same verifier Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 6

  7. outline • what is DAA? • what is DAA for? – for TCG • why DAA? • how does DAA work? Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 7

  8. goals of the TCG architecture ensure user’ ’s s ensure user protect protect choice on use of choice on use of user’ ’s s user security security information information mechanism mechanism protect protect protect user’ ’s s protect user user’ ’s s user computing computing privacy privacy environment environment Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 8

  9. obstacle to achieving the goals of the TCG architecture security might be fundamentally incompatible with privacy Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 9

  10. obstacle to achieving the goals of the TCG architecture security might be fundamentally incompatible with privacy high security & low privacy Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 10

  11. obstacle to achieving the goals of the TCG architecture security might be fundamentally incompatible with privacy high security high privacy & & low privacy low security Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 11

  12. obstacle to achieving the goals of the TCG architecture security might be fundamentally incompatible with privacy high security high privacy & & what we want: deliver security and low privacy low security provide user control of privacy Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 12

  13. TPM (trusted platform module) the TPM is the root of trust for reporting - – it offers smartcard-like security capability embedded into the platform – it is trusted to operate as expected (conforms to the TCG spec) – it is uniquely bound to a single platform – its functions and storage are isolated from all other components of the platform (e.g., the CPU) Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 13

  14. TPM (trusted platform module) the TPM is the root of trust for reporting - – it offers smartcard-like security capability embedded into the platform – it is trusted to operate as expected (conforms to the TCG spec) – it is uniquely bound to a single platform – its functions and storage are isolated from all other components of the platform (e.g., the CPU) random num ber N on-volatile generation M em ory Processor M em ory asym m etric hash I/O signing and key encryption H M AC generation clock/tim er pow er detection Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 14

  15. platform attestation • TCG requires a TPM to have an embedded “endorsement key (EK)”, to prove that a TPM is a particular genuine TPM • EK is not a platform identity • TCG lets a TPM control “multiple pseudonymous attestation identities” by using “attestation identity key (AIK)” • AIK is a platform identity, to attest to platform properties we need a link between EK and AIK Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 15

  16. privacy issue I want to know I don’t want to that AIK came disclose which from a TPM TPM the AIK is from AIK an external partner a user TPM – trusted platform module EK – endorsement key AIK – attestation identity key Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 16

  17. privacy issue I want to know I don’t want to that AIK came disclose which from a TPM TPM the AIK is from AIK an external partner a user we seek a solution to convince an TPM – trusted platform module external party that an AIK is held in a EK – endorsement key TPM without identifying the TPM AIK – attestation identity key Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 17

  18. outline • what is DAA? • what is DAA for? • why DAA? • how does DAA work? Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 18

  19. previous solution is not good enough the previous solution (before TCG TPM spec. v1.2) - • involves a TTP to issue certificates • allows choice of any (different) certification authorities (privacy-CA) to certify each TPM identity • can help prevent correlation, however anonymity is dependent upon the private-CA Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 19

  20. our goal and solution • our goal: a solution provides – anonymity without a TTP – authentication without a certificate • our solution: – direct anonymous attestation (DAA) direct proof replaces the TTP Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 20

  21. a simple picture of DAA TPM EK AIK #1 DAA AIK #2 Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 21

  22. a simple picture of DAA stock broker medical clinic verifier verifier TPM EK AIK #1 DAA AIK #2 Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 22

  23. a simple picture of DAA stock broker medical clinic verifier verifier a DAA a DAA signature of signature of AIK #1 AIK #2 TPM EK AIK #1 DAA AIK #2 Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 23

  24. a simple picture of DAA I know that AIK #1 I know that AIK #2 came from a TPM, came from a TPM, but I don’t know but I don’t know which one. which one. stock broker medical clinic verifier verifier a DAA a DAA signature of signature of AIK #1 AIK #2 TPM EK AIK #1 DAA AIK #2 Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 24

  25. a simple picture of DAA we can’t tell if We can’t tell if AIK #1 and AIK #2 Key #1 and Key came from the #2 came from the I know that AIK #1 I know that AIK #2 same TPM or not. same TPM or not. came from a TPM, came from a TPM, but I don’t know but I don’t know which one. which one. stock broker medical clinic verifier verifier a DAA a DAA signature of signature of AIK #1 AIK #2 TPM EK AIK #1 DAA AIK #2 Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 25

  26. a simple picture of DAA we can’t tell if We can’t tell if AIK #1 and AIK #2 Key #1 and Key came from the #2 came from the I know that AIK #1 I know that AIK #2 same TPM or not. same TPM or not. came from a TPM, came from a TPM, but I don’t know but I don’t know which one. which one. but stock broker medical clinic if the client behaves verifier verifier badly, I can stop him to use my service a DAA a DAA signature of signature of AIK #1 AIK #2 TPM EK AIK #1 DAA AIK #2 Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 26

  27. outline • what is DAA? • what is DAA for? • why DAA? • how does DAA work? Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 27

Recommend


More recommend