110:.) The host/TPM is now able to authenticate itself with respect to the certificate. This approach permits two possibilities to detecting rogue TPMs: firstly the privacy CA should maintain a list of TPMs identified by their EK known to be rogue and reject requests from them, secondly if a privacy CA receives too many requests from a particular TPM it may reject them and blocklist the TPMs EK. The number of permitted requests should be subject to a risk management exercise. This solution is problematic since the privacy CA must take part in every transaction and thus must provide high availability whilst remaining secure. Furthermore, privacy requirements may be violated if the privacy CA and verifier collude. Although the latter issue can probably be resolved using blind signatures, the first remains.
78:) and a single key pair. Manufacturers would embed the private key into every TPM produced and the public key would be published as a certificate. Signatures produced by the TPM must have originated from the private key, by the nature of the technology, and since all TPMs use the same private key they are indistinguishable ensuring the user's privacy. This rather naive solution relies upon the assumption that there exists a
137:
requests. The Member and
Verifier can also elect to reveal additional information to accomplish non-anonymous interactions (just as you can choose to tell a stranger your full name, or not). Thus, known identity can be built on top of an anonymous start. (Contrast this with: if you start with known identity, you can never prove you un-know that identity to regress to anonymity.)
122:
The DAA protocol is based on three entities and two different steps. The entities are the DAA Member (TPM platform or EPID-enabled microprocessor), the DAA Issuer and the DAA Verifier. The issuer is charged to verify the TPM platform during the Join step and to issue DAA credential to the platform.
101:
key pair called an
Endorsement Key (EK) which the privacy CA is assumed to know. In order to attest the TPM generates a second RSA key pair called an Attestation Identity Key (AIK). It sends the public AIK, signed by EK, to the privacy CA who checks its validity and issues a certificate for the AIK.
150:
scheme using
BarretoβNaehrig curves. This scheme is implemented by both EPID 2.0 and the TPM 2.0 standard. It is recommended for TPMs in general and required for TPMs that conform to the PC client profile. In addition, the Intel EPID 2.0 implementation of ISO/IEC 20008 DAA and the available open
145:
The first Direct
Anonymous Attestation scheme was due to Brickell, Camenisch, and Chen; that scheme proved insecure and required a fix. Brickell, Chen, and Li improved efficiency of that first scheme using symmetric pairings, rather than RSA. And Chen, Morrissey, and Smart attempted to further
136:
The protocol allows differing degrees of privacy. Interactions are always anonymous, but the Member/Verifier may negotiate as to whether the
Verifier is able to link transactions. This would allow user profiling and/or the rejection of requests originating from a host which has made too many
151:
source SDK can be used for members and verifiers to do attestation. Since one of the DAA attestation methods in TPM 2.0 is identical to EPID 2.0, work is underway to make ISO/IEC 20008 DAA and TPM 2.0 DAA attestation read consistently with each other at the spec level.
90:, to see that this assumption is fundamentally flawed. Furthermore, this approach fails to realize a secondary goal: the ability to detect rogue TPMs. A rogue TPM is a TPM that has been compromised and had its secrets extracted.
127:
the
Verifier can verify the credential without attempting to violate the platform's privacy. The protocol also supports a blocklisting capability so that Verifiers can identify attestations from TPMs that have been compromised.
113:
The EPID 2.0 solution embeds the private key in the microprocessor when it is manufactured, inherently distributes the key with the physical device shipment, and has the key provisioned and ready for use with 1st power-on.
146:
improve efficiency by switching from a symmetric to an asymmetric setting; unfortunately, the asymmetric scheme was also insecure. Chen, Page, and Smart proposed a new
420:
494:
404:
180:
147:
170:
83:
75:
47:
43:
35:
160:
489:
93:
The solution first adopted by the TCG (TPM specification v1.1) required a trusted third-party, namely a
124:
471:
454:. In Proceedings of 11th ACM Conference on Computer and Communications Security, ACM Press, 2004. (
198:
175:
55:
296:
274:"Simplified security notions of Direct Anonymous Attestation and a concrete scheme from pairings"
165:
123:
The platform (Member) uses the DAA credential with the
Verifier during the Sign step. Through a
51:
39:
361:
288:
252:
17:
98:
74:
In principle the privacy issue could be resolved using any standard signature scheme (or
59:
42:
whilst preserving privacy of the platform's user. The protocol has been adopted by the
483:
455:
211:
300:
257:
365:
292:
436:
388:
9th
International Conference on Smart Card Research and Advanced Applications
102:(For this to work, either a) the privacy CA must know the TPM's public EK
314:
Chen; Morrissey; Smart (2008). "On Proofs of
Security for DAA Schemes".
380:
273:
237:
215:
466:
63:
238:"Formal analysis of privacy in Direct Anonymous Attestation schemes"
352:
Chen; Li (2010). "A note on the Chen-Morrissey-Smart DAA scheme".
333:
Chen; Morrissey; Smart (2008). "Pairings in
Trusted Computing".
316:
3rd International Conference on Trust and Trustworthy Computing
87:
381:"On the Design and Implementation of an Efficient DAA Scheme"
335:
2nd International Conference on Pairing-Based Cryptography
50:(TPM) specification to address privacy concerns (see also
421:
TCG PC Client Platform. TPM Profile (PTP) Specification
223:
ACM Conference on Computer and Communications Security
405:
Trusted Platform Module Library. Part 1: Architecture
106:, or b) the TPM's manufacturer must have provided an
54:). ISO/IEC 20008 specifies DAA, as well, and Intel's
272:Brickell, Ernie; Chen, Liqun; Li, Jiangtao (2009).
281:International Journal of Information Security
82:. One only needs to look at the precedent of
8:
236:Smyth, Ben; Ryan, Mark; Chen, Liqun (2015).
473:Interdomain User Authentication and Privacy
256:
38:which enables remote authentication of a
461:E. Brickell, J. Camenisch, and L. Chen:
450:E. Brickell, J. Camenisch, and L. Chen:
191:
97:(privacy CA). Each TPM has an embedded
7:
46:(TCG) in the latest version of its
25:
476:by Andreas Pashalidis - section 6
86:(CSS), an encryption system for
245:Science of Computer Programming
66:along with an open source SDK.
354:Information Processing Letters
216:"Direct Anonymous Attestation"
181:Privacy enhancing technologies
1:
95:privacy certificate authority
463:Direct anonymous attestation
452:Direct anonymous attestation
28:Direct Anonymous Attestation
18:Direct anonymous attestation
258:10.1016/j.scico.2015.04.004
148:elliptic curve cryptography
141:Implementations and attacks
62:is available for licensing
511:
425:trustedcomputinggroup.org,
409:trustedcomputinggroup.org,
379:Chen; Page; Smart (2010).
56:Enhanced Privacy ID (EPID)
52:Loss of Internet anonymity
495:Internet privacy software
366:10.1016/j.ipl.2010.04.017
293:10.1007/s10207-009-0076-3
171:Trusted platform module
108:endorsement certificate
84:Content Scramble System
58:2.0 implementation for
48:Trusted Platform Module
44:Trusted Computing Group
36:cryptographic primitive
427:Retrieved 25 June 2024
411:Retrieved 25 June 2024
214:; Chen, Liqun (2004).
161:Cryptographic protocol
70:Historical perspective
76:public key encryption
125:zero-knowledge proof
176:Enhanced Privacy ID
360:(12β13): 485β488.
166:Digital credential
132:Privacy properties
210:Brickell, Ernie;
199:TPM Specification
16:(Redirected from
502:
439:
434:
428:
418:
412:
402:
396:
395:
385:
376:
370:
369:
349:
343:
342:
330:
324:
323:
311:
305:
304:
278:
269:
263:
262:
260:
242:
233:
227:
226:
220:
207:
201:
196:
40:trusted computer
21:
510:
509:
505:
504:
503:
501:
500:
499:
480:
479:
447:
442:
435:
431:
419:
415:
403:
399:
383:
378:
377:
373:
351:
350:
346:
332:
331:
327:
313:
312:
308:
276:
271:
270:
266:
240:
235:
234:
230:
218:
209:
208:
204:
197:
193:
189:
157:
143:
134:
120:
72:
60:microprocessors
23:
22:
15:
12:
11:
5:
508:
506:
498:
497:
492:
482:
481:
478:
477:
469:
459:
446:
445:External links
443:
441:
440:
429:
413:
397:
371:
344:
325:
306:
287:(5): 315β330.
264:
251:(2): 300β317.
228:
212:Camenisch, Jan
202:
190:
188:
185:
184:
183:
178:
173:
168:
163:
156:
153:
142:
139:
133:
130:
119:
116:
71:
68:
24:
14:
13:
10:
9:
6:
4:
3:
2:
507:
496:
493:
491:
488:
487:
485:
475:
474:
470:
467:
464:
460:
457:
453:
449:
448:
444:
438:
433:
430:
426:
422:
417:
414:
410:
406:
401:
398:
393:
389:
382:
375:
372:
367:
363:
359:
355:
348:
345:
340:
336:
329:
326:
321:
317:
310:
307:
302:
298:
294:
290:
286:
282:
275:
268:
265:
259:
254:
250:
246:
239:
232:
229:
224:
217:
213:
206:
203:
200:
195:
192:
186:
182:
179:
177:
174:
172:
169:
167:
164:
162:
159:
158:
154:
152:
149:
140:
138:
131:
129:
126:
117:
115:
111:
109:
105:
100:
96:
91:
89:
85:
81:
80:global secret
77:
69:
67:
65:
61:
57:
53:
49:
45:
41:
37:
33:
29:
19:
490:Cryptography
472:
462:
451:
432:
424:
416:
408:
400:
391:
387:
374:
357:
353:
347:
338:
334:
328:
319:
315:
309:
284:
280:
267:
248:
244:
231:
222:
205:
194:
144:
135:
121:
112:
107:
103:
94:
92:
79:
73:
31:
27:
26:
484:Categories
394:: 223β237.
322:: 156β175.
225:: 132β145.
187:References
437:EPID SDK
301:16688581
155:See also
118:Overview
104:a priori
341:: 1β17.
34:) is a
299:
64:RAND-Z
384:(PDF)
297:S2CID
277:(PDF)
241:(PDF)
219:(PDF)
392:6035
339:5209
320:5324
88:DVDs
465:. (
456:PDF
362:doi
358:110
289:doi
253:doi
249:111
99:RSA
32:DAA
486::
423:.
407:.
390:.
386:.
356:.
337:.
318:.
295:.
283:.
279:.
247:.
243:.
221:.
468:)
458:)
368:.
364::
303:.
291::
285:8
261:.
255::
30:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.