direct anonymous attestation daa
play

Direct Anonymous Attestation (DAA) Liqun Chen Trusted Systems - PowerPoint PPT Presentation

Sep 13, 2022 •334 likes •863 views

Direct Anonymous Attestation (DAA) Liqun Chen Trusted Systems Laboratory Hewlett Packard Laboratories, Bristol 12 October 2005 The slides presented here were made for a DAA seminar last year outline outline what is DAA? what is DAA

  1. Direct Anonymous Attestation (DAA) Liqun Chen Trusted Systems Laboratory Hewlett Packard Laboratories, Bristol 12 October 2005 The slides presented here were made for a DAA seminar last year

  2. outline outline • what is DAA? • what is DAA for? • why DAA? • how does DAA work? Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 2

  3. outline • what is DAA? • what is DAA for? • why DAA? • how does DAA work? Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 3

  4. DAA is a signature scheme DAA is a signature scheme designed for TCG • – signer: TPM (trusted platform module) – verifier: an external partner the name of DAA is from • Direct proof – without a TTP involvement – Anonymous – do not disclose the identity of the signer – Attestation – statement/claim from a TPM – DAA was adopted by TCG and specified in TCG TPM • Specification Version 1.2, available at www.trustcomputinggroup.org designers: Ernie Brickell of Intel, Jan Camenisch of IBM and • Liqun Chen of HP Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 4

  5. category of signature schemes – from a verifier’s point of view • 1–out–1 signatures: ordinary signatures – a verifier is given an authenticated public key of a signer • 1–out–n signatures: ring signatures, designated- verifier signatures, concurrent signatures, …… – a verifier is given authenticated public keys of all potential signers • 1–out–group signatures: group signatures, DAA – a verifier is given an authenticated group public key Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 5

  6. group signatures and DAA • a group signature has fixed-traceability and unlinkability – a group member certificate indicates an identity-disclosure authority – the authority can recover the identity of the real signer from a group signature • a DAA signature has flexible-traceability and flexible- linkability – there is no identity-disclosure authority (a DAA signature cannot be opened by any TTP) – a DAA signature provides the user-control link that can be used to link some selected signatures from the same signer for the same verifier Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 6

  7. outline • what is DAA? • what is DAA for? – for TCG • why DAA? • how does DAA work? Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 7

  8. goals of the TCG architecture ensure user’ ’s s ensure user protect protect choice on use of choice on use of user’ ’s s user security security information information mechanism mechanism protect protect protect user’ ’s s protect user user’ ’s s user computing computing privacy privacy environment environment Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 8

  9. obstacle to achieving the goals of the TCG architecture security might be fundamentally incompatible with privacy Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 9

  10. obstacle to achieving the goals of the TCG architecture security might be fundamentally incompatible with privacy high security & low privacy Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 10

  11. obstacle to achieving the goals of the TCG architecture security might be fundamentally incompatible with privacy high security high privacy & & low privacy low security Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 11

  12. obstacle to achieving the goals of the TCG architecture security might be fundamentally incompatible with privacy high security high privacy & & what we want: deliver security and low privacy low security provide user control of privacy Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 12

  13. TPM (trusted platform module) the TPM is the root of trust for reporting - – it offers smartcard-like security capability embedded into the platform – it is trusted to operate as expected (conforms to the TCG spec) – it is uniquely bound to a single platform – its functions and storage are isolated from all other components of the platform (e.g., the CPU) Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 13

  14. TPM (trusted platform module) the TPM is the root of trust for reporting - – it offers smartcard-like security capability embedded into the platform – it is trusted to operate as expected (conforms to the TCG spec) – it is uniquely bound to a single platform – its functions and storage are isolated from all other components of the platform (e.g., the CPU) random num ber N on-volatile generation M em ory Processor M em ory asym m etric hash I/O signing and key encryption H M AC generation clock/tim er pow er detection Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 14

  15. platform attestation • TCG requires a TPM to have an embedded “endorsement key (EK)”, to prove that a TPM is a particular genuine TPM • EK is not a platform identity • TCG lets a TPM control “multiple pseudonymous attestation identities” by using “attestation identity key (AIK)” • AIK is a platform identity, to attest to platform properties we need a link between EK and AIK Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 15

  16. privacy issue I want to know I don’t want to that AIK came disclose which from a TPM TPM the AIK is from AIK an external partner a user TPM – trusted platform module EK – endorsement key AIK – attestation identity key Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 16

  17. privacy issue I want to know I don’t want to that AIK came disclose which from a TPM TPM the AIK is from AIK an external partner a user we seek a solution to convince an TPM – trusted platform module external party that an AIK is held in a EK – endorsement key TPM without identifying the TPM AIK – attestation identity key Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 17

  18. outline • what is DAA? • what is DAA for? • why DAA? • how does DAA work? Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 18

  19. previous solution is not good enough the previous solution (before TCG TPM spec. v1.2) - • involves a TTP to issue certificates • allows choice of any (different) certification authorities (privacy-CA) to certify each TPM identity • can help prevent correlation, however anonymity is dependent upon the private-CA Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 19

  20. our goal and solution • our goal: a solution provides – anonymity without a TTP – authentication without a certificate • our solution: – direct anonymous attestation (DAA) direct proof replaces the TTP Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 20

  21. a simple picture of DAA TPM EK AIK #1 DAA AIK #2 Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 21

  22. a simple picture of DAA stock broker medical clinic verifier verifier TPM EK AIK #1 DAA AIK #2 Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 22

  23. a simple picture of DAA stock broker medical clinic verifier verifier a DAA a DAA signature of signature of AIK #1 AIK #2 TPM EK AIK #1 DAA AIK #2 Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 23

  24. a simple picture of DAA I know that AIK #1 I know that AIK #2 came from a TPM, came from a TPM, but I don’t know but I don’t know which one. which one. stock broker medical clinic verifier verifier a DAA a DAA signature of signature of AIK #1 AIK #2 TPM EK AIK #1 DAA AIK #2 Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 24

  25. a simple picture of DAA we can’t tell if We can’t tell if AIK #1 and AIK #2 Key #1 and Key came from the #2 came from the I know that AIK #1 I know that AIK #2 same TPM or not. same TPM or not. came from a TPM, came from a TPM, but I don’t know but I don’t know which one. which one. stock broker medical clinic verifier verifier a DAA a DAA signature of signature of AIK #1 AIK #2 TPM EK AIK #1 DAA AIK #2 Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 25

  26. a simple picture of DAA we can’t tell if We can’t tell if AIK #1 and AIK #2 Key #1 and Key came from the #2 came from the I know that AIK #1 I know that AIK #2 same TPM or not. same TPM or not. came from a TPM, came from a TPM, but I don’t know but I don’t know which one. which one. but stock broker medical clinic if the client behaves verifier verifier badly, I can stop him to use my service a DAA a DAA signature of signature of AIK #1 AIK #2 TPM EK AIK #1 DAA AIK #2 Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 26

  27. outline • what is DAA? • what is DAA for? • why DAA? • how does DAA work? Direct anonymous attestation – a signature scheme for TCG 12/10/2005 page 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Direct Anonymous Attestation Revisited Jan Camenisch IBM Research Zurich Joint work with

Direct Anonymous Attestation Revisited Jan Camenisch IBM Research Zurich Joint work with

Direct Anonymous Attestation Revisited Jan Camenisch IBM Research Zurich Joint work with Ernie Brickell, Liqun Chen, Manu Drivers, Anja Lehmann. jca@zurich.ibm.com, @JanCamenisch, ibm.biz/jancamenisch Direct Anonymous Attestation What

655 views • 31 slides
A Static Diffie-Hellman Attack on Several Direct Anonymous Attestation Schemes Ernie Brickell 1

A Static Diffie-Hellman Attack on Several Direct Anonymous Attestation Schemes Ernie Brickell 1

A Static Diffie-Hellman Attack on Several Direct Anonymous Attestation Schemes Ernie Brickell 1 Liqun Chen 2 Jiangtao Li 1 1. Intel Corporation, Hillsboro, Oregon, USA 2. Hewlett-Packard Laboratories, Bristol, UK InTrust 2012 Royal Holloway,

827 views • 17 slides
Direct Anonymous Attestation in the Wild 10th January 2019, RWC 2019, San Jose Matuhew Casey,

Direct Anonymous Attestation in the Wild 10th January 2019, RWC 2019, San Jose Matuhew Casey,

Direct Anonymous Attestation in the Wild 10th January 2019, RWC 2019, San Jose Matuhew Casey, Liqun Chen, Thanassis Giannetsos, Chris Newton, Ralf Sasse, Steve Schneider, Helen Treharne, Jorden Whitefjeld 1 Outline DAA in Theory History

338 views • 14 slides
ZISC Information Security Colloquium June 15, 2004 Direct Anonymous Attestation: Achieving

ZISC Information Security Colloquium June 15, 2004 Direct Anonymous Attestation: Achieving

Zurich Research Laboratory ZISC Information Security Colloquium June 15, 2004 Direct Anonymous Attestation: Achieving Privacy in Remote Authentication Jan Camenisch IBM Zurich Research Laboratory jca@zurich.ibm.com Joint work with Ernie

353 views • 24 slides
BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance

BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance

BEHAVIORAL HEALTH AGENCY (BHA)- LICENSING, ATTESTATION, AND DEEMING Attestation for Substance Use Disorder (SUD) Services DOH agrees that an attestation process for SUD services should be an option The attestation process for SUD

474 views • 8 slides
PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new

PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new

PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new release which allows signing using symmetric attestation keys (using COSE Mac0) Fully documented in ARM IHI 0085 TF-M master is slightly behind the

542 views • 17 slides
Attestation (RATS/EAT) Overview Laurence Lundblade February 2020 Entity Attestation Good

Attestation (RATS/EAT) Overview Laurence Lundblade February 2020 Entity Attestation Good

Attestation (RATS/EAT) Overview Laurence Lundblade February 2020 Entity Attestation Good Devices Token Chip & device manufacturer Banking risk engine IoT backend Device ID (e.g. serial number) Boot state, debug state

956 views • 34 slides
Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work with Ben Kreuter, Tancrde Lepoint, Mariana Raykova ia.cr/2020/072 1 Definition Anonymous tokens are lightweight, single-use anonymous credentials.

657 views • 61 slides
Anonymous classes Polymorphism Anonymous classes motivation You probably have many buttons

Anonymous classes Polymorphism Anonymous classes motivation You probably have many buttons

Two cool ideas: Anonymous classes Polymorphism Anonymous classes motivation You probably have many buttons and/or menu items in your VectorGraphics project Three approaches for responding to the events from selecting those buttons /

406 views • 6 slides
12-STEP PROGRAMS Alcoholics Anonymous The Preamble Alcoholics Anonymous is a fellowship

12-STEP PROGRAMS Alcoholics Anonymous The Preamble Alcoholics Anonymous is a fellowship

12-STEP PROGRAMS Alcoholics Anonymous The Preamble Alcoholics Anonymous is a fellowship of men and women who share their experience, strength and hope with each other that they may solve their common problem and help others to recover

1.11k views • 76 slides
Cocaine Anonymous A Presentation to Professionals Presentation Contents Our Aims Today The

Cocaine Anonymous A Presentation to Professionals Presentation Contents Our Aims Today The

Cocaine Anonymous A Presentation to Professionals Presentation Contents Our Aims Today The CA Group Cocaine Anonymous Is The 12 Steps Cocaine Anonymous Is Not Spirituality History of Cocaine Anonymous Sponsorship

700 views • 37 slides
Remote Side-Channel Attacks on Anonymous Transactions In Zcash & Monero Florian Tramr and

Remote Side-Channel Attacks on Anonymous Transactions In Zcash & Monero Florian Tramr and

Remote Side-Channel Attacks on Anonymous Transactions In Zcash & Monero Florian Tramr and Dan Boneh and Kenny Paterson USENIX Security Symposium Meet Alice the Anonymous Activist Blogger PK A anonymous 2 Alices Lack of Privacy Send

395 views • 21 slides
Task Computability in Unreliable Anonymous Networks Nayuta Yanagisawa DeNA Co., Ltd. Petr

Task Computability in Unreliable Anonymous Networks Nayuta Yanagisawa DeNA Co., Ltd. Petr

Task Computability in Unreliable Anonymous Networks Nayuta Yanagisawa DeNA Co., Ltd. Petr Kuznetsov Telecom ParisTech I am here to talk about ... the computability issues of failure-prone anonymous broadcast models. Anonymous Model

660 views • 21 slides
A Minimalist Approach to Remote Attestation Aurlien Francillon Eurecom Quan Nguyen, Kasper B.

A Minimalist Approach to Remote Attestation Aurlien Francillon Eurecom Quan Nguyen, Kasper B.

A Minimalist Approach to Remote Attestation Aurlien Francillon Eurecom Quan Nguyen, Kasper B. Rasmussen, Gene Tsudik UC Irvine Overview Motivation Definition of Remote Attestation From Definition to Properties From Properties

452 views • 17 slides
THE SECULAR COMING OF AGE INSIDE ALCOHOLICS ANONYMOUS In the 1939 book, Alcoholics Anonymous ,

THE SECULAR COMING OF AGE INSIDE ALCOHOLICS ANONYMOUS In the 1939 book, Alcoholics Anonymous ,

THE SECULAR COMING OF AGE INSIDE ALCOHOLICS ANONYMOUS In the 1939 book, Alcoholics Anonymous , the concept, God as you understand Him including everyone. In 2017 not so much How Many Atheists are there? (last updated May 31,

400 views • 21 slides
Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ April 12, CFP 2005 Talk Outline Motivation: Why anonymous communication? Myth 1: This is only for privacy

488 views • 33 slides
Compliance & HIPAA 2017 Annual Education 1 The purpose of this education is to The purpose

Compliance & HIPAA 2017 Annual Education 1 The purpose of this education is to The purpose

Compliance & HIPAA 2017 Annual Education 1 The purpose of this education is to The purpose of this education is to UPDATE and REFRESH understanding of: UPDATE and REFRESH your understanding of: Aultmans Compliance Program. The HIPAA

510 views • 27 slides
Welcome to the Performance Driven Academy! We will begin the webinar shortly. If you havent

Welcome to the Performance Driven Academy! We will begin the webinar shortly. If you havent

Welcome to the Performance Driven Academy! We will begin the webinar shortly. If you havent already done so, please complete the End Semester 1/Midpoint Survey (link in chat box). Everyone should complete this individually. If you viewed

786 views • 47 slides
Active Bystander Education Stacy DeRooy Title I X Coordinator Office of Com pliance and Ethics

Active Bystander Education Stacy DeRooy Title I X Coordinator Office of Com pliance and Ethics

Active Bystander Education Stacy DeRooy Title I X Coordinator Office of Com pliance and Ethics February, 2 0 1 8 What is an Active Bystander? Step Up Video Bystander 2 An Active Bystander Does 5 Things Notices an event

280 views • 13 slides
F unctionality- A ware FA FASE: S ecurity E nforcement Petar Tsankov Marco Pistoia Omer Tripp

F unctionality- A ware FA FASE: S ecurity E nforcement Petar Tsankov Marco Pistoia Omer Tripp

F unctionality- A ware FA FASE: S ecurity E nforcement Petar Tsankov Marco Pistoia Omer Tripp Martin Vechev Pietro Ferrara ETH Zurich IBM T.J. Watson Google Inc. ETH Zurich Julia Research Center Information Flow Vulnerabilities in

550 views • 26 slides
Retur eturn to Sc n to School hool Saf Safety ety REOPENING IS A SHARED RESPONSIBILITY

Retur eturn to Sc n to School hool Saf Safety ety REOPENING IS A SHARED RESPONSIBILITY

Retur eturn to Sc n to School hool Saf Safety ety REOPENING IS A SHARED RESPONSIBILITY Entry process/screening: Hand-washing on entry to all schools, with soap and water or hand sanitizer Screening for symptoms in children and

385 views • 25 slides
Medical Event Reporting and Impact on Medical Licensee Patient Safety Culture Vasken Dilsizian,

Medical Event Reporting and Impact on Medical Licensee Patient Safety Culture Vasken Dilsizian,

Medical Event Reporting and Impact on Medical Licensee Patient Safety Culture Vasken Dilsizian, MD ACMUI Nuclear Cardiologist March 8, 2018 ME Reporting ME reporting has not changed significantly for many years. The annual number of

421 views • 20 slides
Operating a g an Effect ctive He Health Car Care Com Complian ance P Progr ogram Brent

Operating a g an Effect ctive He Health Car Care Com Complian ance P Progr ogram Brent

Operating a g an Effect ctive He Health Car Care Com Complian ance P Progr ogram Brent Wilson Deputy Chief Compliance Officer University of Utah Health ISB Health Law Section February 5, 2020 Why C Compliance Ma Matters DOJ FCA

321 views • 14 slides
Academic conduct: truth in reporting and conflict of interest Konstantinos Ameranis and Dina

Academic conduct: truth in reporting and conflict of interest Konstantinos Ameranis and Dina

Academic conduct: truth in reporting and conflict of interest Konstantinos Ameranis and Dina Bashkirova Content Allocation of credit Plagiarism Conflict of interest Dishonesty in academic report Data privacy and use

214 views • 20 slides

More recommend