In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used ...In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.展开更多
In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anony...In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anonymous attestation(DAA) is an attractive cryptographic scheme that provides an elegant balance between platform authentication and anonymity. However, because of the low-level computing capability and limited transmission bandwidth in UAV, the existing DAA schemes are not suitable for NC-UAV communication systems. In this paper, we propose an enhanced DAA scheme with mutual authentication(MA-DAA scheme), which meets the security requirements of NC-UAV communication systems. The proposed MA-DAA scheme, which is based on asymmetric pairings, bundles the identities of trusted platform module(TPM) and Host to solve the malicious module changing attacks. Credential randomization, batch proof and verification, and mutual authentication are realized in the MA-DAA scheme. The computational workload in TPM and Host is reduced in order to meet the low computation and resource requirements in TPM and Host.The entire scheme and protocols are presented,and the security and efficiency of the proposed MA-DAA scheme are proved and analyzed.Our experiment results also confirm the high efficiency of the proposed scheme.展开更多
Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by w...Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.展开更多
For the problem of the original direct anonymous attestation (DAA) scheme's complexity and great time consumption, a new DAA scheme based on symmetric bilinear pairings is presented, which gives a practical solutio...For the problem of the original direct anonymous attestation (DAA) scheme's complexity and great time consumption, a new DAA scheme based on symmetric bilinear pairings is presented, which gives a practical solution to ECC-based TPM in protecting the privacy of the TPM. The scheme still includes five procedures or algorithms: Setup, Join, Sign, Verify and Rogue tagging, but gets rid of zero-knowledge proof and takes on a new process and framework, of which the main operations are addition, scalar multiplication and bilinear maps on supersingular elliptic curve systems. Moreover, the scheme adequately utilizes the properties of bilinear maps as well as the signature and verification of the ecliptic curve system itself. Compared with other schemes, the new DAA scheme not only satis- fies the same properties, and shows better simplicity and high effi- ciency. This paper gives not only a detailed security proof of the proposed scheme, but also a careful performance analysis by comparing with the existing DAA schemes.展开更多
Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflict with trustworth...Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer's identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%7 the service selection failure rate is less than 0.15.展开更多
A new multi-signature scheme was proposed with the extension of the direct anonymous attestation (DAA) protocol supported by trusted computing (TC) technology. Analysis and simulation results show that the signer...A new multi-signature scheme was proposed with the extension of the direct anonymous attestation (DAA) protocol supported by trusted computing (TC) technology. Analysis and simulation results show that the signer's privacy is well protected with dynamic anonymity, the public key and signatures have length independent of the number of signature members, new signers are allowed to join the signature without modifying the public key, and attacks caused by secret key dumping or leaking can be avoided.展开更多
基金Acknowledgements This work was supported by Research Funds of Information Security Key Laboratory of Beijing Electronic Science & Technology Institute National Natural Science Foundation of China(No. 61070219) Building Together Specific Project from Beijing Municipal Education Commission.
文摘In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains,based on the original DAA scheme,a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed,in which,the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly.Our designed mechanism accords with present trusted computing group (TCG) international specification,and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently.Compared with present DAA scheme,in our protocol,the anonymity,unforgeability can be guaranteed,and the replay-attack also can be avoided.It has important referenced and practical application value in trusted computing field.
基金supported in part by the European Commission Marie Curie IRSES project "AdvIOT"the National Natural Science Foundation of China (NSFC) under grant No.61372103
文摘In network-connected UAV(NCUAV) communication systems, user authentication is replaced by platform identity authentication and integrity check because many NC-UAVs are operated without human intervention. Direct anonymous attestation(DAA) is an attractive cryptographic scheme that provides an elegant balance between platform authentication and anonymity. However, because of the low-level computing capability and limited transmission bandwidth in UAV, the existing DAA schemes are not suitable for NC-UAV communication systems. In this paper, we propose an enhanced DAA scheme with mutual authentication(MA-DAA scheme), which meets the security requirements of NC-UAV communication systems. The proposed MA-DAA scheme, which is based on asymmetric pairings, bundles the identities of trusted platform module(TPM) and Host to solve the malicious module changing attacks. Credential randomization, batch proof and verification, and mutual authentication are realized in the MA-DAA scheme. The computational workload in TPM and Host is reduced in order to meet the low computation and resource requirements in TPM and Host.The entire scheme and protocols are presented,and the security and efficiency of the proposed MA-DAA scheme are proved and analyzed.Our experiment results also confirm the high efficiency of the proposed scheme.
基金Supported by the National High Technology Research and Development Program of China (2005AA145110)
文摘Trusted computing (TC) technology is brought out by trusted computing group (TCG) to make computing as safe and reliable as people expect. Attestation is one main function specified by TCG, which is the means by which a trusted computer assures a remote computer whose platform is not tampered with. There are two protocols that implement attestation without disclosing the platform's real identity, which are Privacy CA-based protocol and direct anonymous attestation (DAA) protocol. However, in the first protocol the privacy CA is the bottleneck and the platform's identity will be disclosed if the privacy CA is compromise, while DAA protocol can do profiling when dealing with rogue hardware device. In this paper, we propose a DAA-extended new approach to ensure full anonymous attestation that can not only detect a rogue TPM, but also reveal rogue TPM's real identity.
基金Supported by the National Natural Science Foundation of China (60970113)Sichuan Youth Science and Technology Foundation (2011JQ0038)
文摘For the problem of the original direct anonymous attestation (DAA) scheme's complexity and great time consumption, a new DAA scheme based on symmetric bilinear pairings is presented, which gives a practical solution to ECC-based TPM in protecting the privacy of the TPM. The scheme still includes five procedures or algorithms: Setup, Join, Sign, Verify and Rogue tagging, but gets rid of zero-knowledge proof and takes on a new process and framework, of which the main operations are addition, scalar multiplication and bilinear maps on supersingular elliptic curve systems. Moreover, the scheme adequately utilizes the properties of bilinear maps as well as the signature and verification of the ecliptic curve system itself. Compared with other schemes, the new DAA scheme not only satis- fies the same properties, and shows better simplicity and high effi- ciency. This paper gives not only a detailed security proof of the proposed scheme, but also a careful performance analysis by comparing with the existing DAA schemes.
基金The National High-Tech Research and Development (863) Program of China (No. 2005AA145110, No. 2006AA01Z436) The Natural Science Foundation of Shanghai (No. 05ZR14083) The Pudong New Area Technology Innovation Public Service Platform of China (No. PDPT2005-04)
文摘Trust is one of the most important security requirements in the design and implementation of peer-to-peer (P2P) systems. In an environment where peers' identity privacy is important, it may conflict with trustworthiness that is based on the knowledge related to the peer's identity, while identity privacy is usually achieved by hiding such knowledge. A trust model based on trusted computing (TC) technology was proposed to enhance the identity privacy of peers during the trustworthiness evaluation process between peers from different groups. The simulation results show that, the model can be implemented in an efficient way, and when the degree of anonymity within group (DAWG) is up to 0.6 and the percentage of malicious peers is up to 70%7 the service selection failure rate is less than 0.15.
基金the National High Technology Research and Development Program of China(863 Program) (2005AA145110, 2006AA01Z436)the Natural Science Foundation of Shanghai (05ZR14083)the Pudong New Area Technology Innovation Public Service Platform of China (PDPT2005-04)
文摘A new multi-signature scheme was proposed with the extension of the direct anonymous attestation (DAA) protocol supported by trusted computing (TC) technology. Analysis and simulation results show that the signer's privacy is well protected with dynamic anonymity, the public key and signatures have length independent of the number of signature members, new signers are allowed to join the signature without modifying the public key, and attacks caused by secret key dumping or leaking can be avoided.