skip to main content
10.1145/3098243.3098258acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
research-article

Anonymous attestations made practical

Published:18 July 2017Publication History

ABSTRACT

Direct Anonymous Attestation (DAA) is a privacy preserving authentication protocol initially designed for Trusted Platform Modules (TPMs). This cryptographic protocol, and some of its extensions such as Intel's Enhanced Privacy ID (EPID), have been widely deployed in millions of chips. Usually part of the attestation computation is delegated to the host (in most cases, either a PC or a smartphone) embedding the TPM, which is generally much more powerful. However, in Machine-to-Machine (M2M) and Internet of Things (IoT) use cases, the host may be as resource constrained as the TPM. Furthermore, any malware residing in the host may enable the tracking of the TPM owner.

In this paper, we propose an efficient DAA scheme, defined on elliptic curves, that involves bilinear pairings computations only on the verifier's side. Consequently, all computations on the platform side required to verify the validity of a group signing key or to generate a DAA can be, contrarily to previous solutions, entirely carried out by a resource constrained TPM. Our DAA scheme, which is more efficient than all existing DAA schemes, is formally proven secure under a variant of the LRSW assumption and can be extended to support private key and signature based revocations as well as group signing keys with attributes. As it is suitable for resource constrained environments such as SIM cards, our DAA scheme can be of particular interest for M2M applications involving a SIM card. More precisely, we show how to design a privacy-preserving authentication protocol for embedded SIMs (eSIM) so as to cope with a real issue that has arisen at GSM Association (GSMA). By implementing our DAA scheme on a Global Platform compliant SIM card, we show its efficiency and suitability for real-world use cases. Actually, a TPM can be anonymously authenticated in only 169 ms.

References

  1. P. S. L. M. Barreto and M. Naehrig. Pairing-friendly elliptic curves of prime order. In SAC 2005, pages 319--331. Springer Berlin Heidelberg, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. L. Batina, J.-H. Hoepman, B. Jacobs, W. Mostowski, and P. Vullers. Developing Efficient Blinded Attribute Certificates on Smart Cards via Pairings, pages 209--222. Springer Berlin Heidelberg, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Bellare, Namprempre, Pointcheval, and Semanko. The one-more-rsa-inversion problems and the security of chaum's blind signature scheme. Journal of Cryptology, 16(3):185--215, 2003.Google ScholarGoogle ScholarCross RefCross Ref
  4. D. Bernhard, G. Fuchsbauer, E. Ghadafi, N. P. Smart, and B. Warinschi. Anonymous attestation with user-controlled linkability. In International Journal of Information Security, volume 12, pages 219--249, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. S. Brands. Rapid demonstration of linear relations connected by boolean operators. In EUROCRYPT '97, pages 318--333. Springer Berlin Heidelberg, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. S. A. Brands. An efficient off-line electronic cash system based on the representation problem. CWI (Centre for Mathematics and Computer Science), 1993.Google ScholarGoogle Scholar
  7. E. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In ACM CCS 2004, pages 132--145. ACM, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. E. Brickell and J. Li. Enhanced Privacy Id: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities. In WPES 2007, pages 21--30. ACM, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. E. Brickell and J. Li. A pairing-based daa scheme further reducing tpm resources. In TRUST 2010, pages 181--195. Springer Berlin Heidelberg, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. E. Brickell and J. Li. Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. In IJIPSI, volume 1, pages 3--33, 2011.Google ScholarGoogle ScholarCross RefCross Ref
  11. J. Camenisch, M. Drijvers, and A. Lehmann. Anonymous attestation using the strong diffie hellman assumption revisited. In TRUST 2016, pages 1--20. Springer International Publishing, 2016.Google ScholarGoogle ScholarCross RefCross Ref
  12. J. Camenisch, M. Drijvers, and A. Lehmann. Anonymous attestation using the strong diffie hellman assumption revisited. Cryptology ePrint Archive, Report 2016/663, 2016.Google ScholarGoogle Scholar
  13. J. Camenisch, M. Drijvers, and A. Lehmann. Universally composable direct anonymous attestation. In PKC 2016, pages 234--264, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. S. Canard, B. Schoenmakers, M. Stam, and J. Traoré. List signature schemes. In Discrete Applied Mathematics, volume 154, pages 189--201, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. L. Chen. A daa scheme requiring less tpm resources. In Inscrypt 2009, pages 350--365. Springer Berlin Heidelberg, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. L. Chen, D. Page, and N. P. Smart. On the design and implementation of an efficient daa scheme. In CARDIS 2010, pages 223--237. Springer Berlin Heidelberg, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. L. Chen and R. Urian. DAA-A: Direct anonymous attestation with attributes. In TRUST 2015, pages 228--245. Springer International Publishing, 2015.Google ScholarGoogle ScholarCross RefCross Ref
  18. X. Chen and D. Feng. Direct anonymous attestation for next generation TPM. In JCP, volume 3, pages 43--50, 2008.Google ScholarGoogle ScholarCross RefCross Ref
  19. I. Damgård. Efficient concurrent zero-knowledge in the auxiliary string model. In EUROCRYPT 2000, pages 418--430. Springer Berlin Heidelberg, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. A. de la Piedra, J.-H. Hoepman, and P. Vullers. Towards a Full-Featured Implementation of Attribute Based Credentials on Smart Cards, pages 270--289. Springer International Publishing, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. N. Desmoulins, R. Lescuyer, O. Sanders, and J. Traoré. Direct anonymous attestations with dependent basename opening. In CANS 2014, pages 206--221. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. G. AlLee, Intel. EPID for IoT Identity. https://img.en25.com/Web/McAfeeE10BuildProduction/%7Ba6dd7393-63f8-4c08-b3aa-89923182a7e5%7D_EPID_Overview_Public_2016-02-08.pdf?elqTrackId=48387d7899274c7985c6ac808d6ecbac&elqaid=7811&elqat=2, 2016.Google ScholarGoogle Scholar
  23. GSMA. SGP.01 Embedded SIM Remote Provisioning Architecture, Technical Specification, V3.1, 2014.Google ScholarGoogle Scholar
  24. GSMA. SGP.02 Remote Provisioning Architecture for Embedded UICC, Technical Specification, V1.1, 2016.Google ScholarGoogle Scholar
  25. GSMA. SGP.21 RSP Architecture V2.0, 2016.Google ScholarGoogle Scholar
  26. GSMA. SGP.22 Remote SIM Provisioning Technical Specification; Version 1.1, 2016.Google ScholarGoogle Scholar
  27. International Organization for Standardization. ISO/IEC 20008--2: Information technology - Security techniques - Anonymous digital signatures - Part 2: Mechanisms using a group public key, 2013.Google ScholarGoogle Scholar
  28. W. Lueks, G. Alpár, J.-H. Hoepman, and P. Vullers. Fast Revocation of Attribute-Based Credentials for Both Users and Verifiers, pages 463--478. Springer International Publishing, 2015.Google ScholarGoogle Scholar
  29. A. Lysyanskaya, R. L. Rivest, A. Sahai, and S. Wolf. Pseudonym systems. In H. Heys and C. Adams, editors, SAC'99, 1999 Proceedings, pages 184--199. Springer Berlin Heidelberg, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. U. Maurer. Cryptography and Coding: 10th IMA International Conference, 2005. Proceedings, chapter Abstract Models of Computation in Cryptography, pages 1--12. Springer Berlin Heidelberg, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. V. I. Nechaev. Complexity of a determinate algorithm for the discrete logarithm. Mathematical Notes, 55(2):165--172, 1994.Google ScholarGoogle ScholarCross RefCross Ref
  32. D. Pointcheval and O. Sanders. Short randomizable signatures. In Topics in Cryptology - CT-RSA 2016, pages 111--126. Springer International Publishing, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. V. Shoup. Advances in Cryptology --- EUROCRYPT '97: International Conference on the Theory and Application of Cryptographic Techniques Konstanz, Germany, May 11--15, 1997 Proceedings, chapter Lower Bounds for Discrete Logarithms and Related Problems, pages 256--266. Springer Berlin Heidelberg, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Trusted Computing Group. TPM main specification (version 1.2), 2004. http://www.trustedcomputinggroup.org/tpm-main-specification/.Google ScholarGoogle Scholar

Index Terms

  1. Anonymous attestations made practical

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in
      • Published in

        cover image ACM Conferences
        WiSec '17: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks
        July 2017
        297 pages
        ISBN:9781450350846
        DOI:10.1145/3098243

        Copyright © 2017 ACM

        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 18 July 2017

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article

        Acceptance Rates

        Overall Acceptance Rate98of338submissions,29%

        Upcoming Conference

        WiSec '24

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader