Sciweavers

ESAS
2007
Springer

Direct Anonymous Attestation (DAA): Ensuring Privacy with Corrupt Administrators

14 years 5 months ago
Direct Anonymous Attestation (DAA): Ensuring Privacy with Corrupt Administrators
The Direct Anonymous Attestation (DAA) scheme provides a means for remotely authenticating a trusted platform whilst preserving the user’s privacy. The protocol has been adopted by the Trusted Computing Group (TCG) in the latest version of its Trusted Platform Module (TPM) specification. In this paper we show DAA places an unnecessarily large burden on the TPM host. We demonstrate how corrupt administrators can exploit this weakness to violate privacy. The paper provides a fix for the vulnerability. Further privacy issues concerning linkability are identified and a framework for their resolution is developed. In addition an optimisation to reduce the number of messages exchanged is proposed.
Ben Smyth, Mark Ryan, Liqun Chen
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where ESAS
Authors Ben Smyth, Mark Ryan, Liqun Chen
Comments (0)