Covert Identity Information in Direct Anonymous Attestation (DAA)

نویسنده

Carsten Rudolph

چکیده

Direct anonymous attestation (DAA) is a practical and efficient protocol for authenticated attestation with satisfaction of strong privacy requirements. This recently developed protocol is already adopted by the Trusted Computing Group and included in the standardized trusted platform module TPM. This paper shows that the main privacy goal of DAA can be violated by the inclusion of covert identity information. This problem is very relevant, as the privacy attack is both efficient and very difficult to detect.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Direct Anonymous Attestation: Enhancing Cloud Service User Privacy

We introduce a privacy enhancing cloud service architecture based on the Direct Anonymous Attestation (DAA) scheme. In order to protect user data, the architecture provides cloud users with the abilities of controlling the extent of data sharing among their service accounts. A user is then enabled to link Cloud Service applications in such a way, that his/her personal data are shared only among...

متن کامل

On a Possible Privacy Flaw in Direct Anonymous Attestation (DAA)

A possible privacy flaw in the TCG implementation of the Direct Anonymous Attestation (DAA) protocol has recently been discovered by Rudolph. This flaw allows a DAA Issuer to covertly include identifying information within DAA Certificates, enabling a colluding DAA Issuer and one or more verifiers to link and uniquely identify users, compromising user privacy and thereby invalidating the key fe...

متن کامل

Direct Anonymous Attestation for Next Generation TPM

Trusted computing platforms have been proposed as a promising approach to enhance the security of general-purpose computing systems. Direct Anonymous Attestation(DAA) is a scheme that allows a Trusted Platform Module (TPM) which is the core component of the trusted computing platform to remotely convince a communication partner that it is indeed a Trusted Platform Module while preserving the us...

متن کامل

A Pairing-Based DAA Scheme Further Reducing TPM Resources

Direct Anonymous Attestation (DAA) is an anonymous signature scheme designed for anonymous attestation of a Trusted Platform Module (TPM) while preserving the privacy of the device owner. Since TPM has limited bandwidth and computational capability, one interesting feature of DAA is to split the signer role between two entities: a TPM and a host platform where the TPM is attached. Recently, Che...

متن کامل

Direct Anonymous Attestation (DAA): Ensuring Privacy with Corrupt Administrators

The Direct Anonymous Attestation (DAA) scheme provides a means for remotely authenticating a trusted platform whilst preserving the user’s privacy. The protocol has been adopted by the Trusted Computing Group (TCG) in the latest version of its Trusted Platform Module (TPM) specification. In this paper we show DAA places an unnecessarily large burden on the TPM host. We demonstrate how corrupt a...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2007

Covert Identity Information in Direct Anonymous Attestation (DAA)

نویسنده

چکیده

منابع مشابه

Direct Anonymous Attestation: Enhancing Cloud Service User Privacy

On a Possible Privacy Flaw in Direct Anonymous Attestation (DAA)

Direct Anonymous Attestation for Next Generation TPM

A Pairing-Based DAA Scheme Further Reducing TPM Resources

Direct Anonymous Attestation (DAA): Ensuring Privacy with Corrupt Administrators

عنوان ژورنال:

اشتراک گذاری