Improving the security of direct anonymous attestation under host corruptions

Hyoseung Kim, Kwangsu Lee, Jong Hwan Park, Dong Hoon Lee

    Research output: Contribution to journalArticlepeer-review

    2 Citations (Scopus)

    Abstract

    Direct anonymous attestation (DAA) enables a platform including a trusted platform module (TPM) to produce a signature in order to remotely attest that it is in a certified state while preserving its anonymity. A main feature of DAA is that a TPM and a host together act as a signer, where the TPM is less powerful but trustworthy, whereas the host is more powerful but vulnerable to corruptions. Although DAA is standardized and widely implemented in various fields, current security notions for DAA have been defined ambiguously in terms of host corruptions. In this study, we redefine DAA security notions, including static and dynamic host corruptions, and formalize them as concrete security models in a game-based framework. Compared with the recent simulation-based security notions (without subverted TPMs) by Camenisch et al., the proposed notions cover a broader range of realistic attack scenarios for DAA and reach the expected level of security that DAA originally desires. Furthermore, we present a DAA instantiation with the security improvement by demonstrating that a variant of the LRSW–DAA by Camenisch et al. is provably secure in the new game-based security models.

    Original languageEnglish
    Pages (from-to)475-492
    Number of pages18
    JournalInternational Journal of Information Security
    Volume20
    Issue number4
    DOIs
    Publication statusPublished - 2021 Aug

    Bibliographical note

    Publisher Copyright:
    © 2020, Springer-Verlag GmbH Germany, part of Springer Nature.

    Keywords

    • Anonymous attestation
    • DAA
    • Host corruption
    • LRSW
    • TPM

    ASJC Scopus subject areas

    • Software
    • Information Systems
    • Safety, Risk, Reliability and Quality
    • Computer Networks and Communications

    Fingerprint

    Dive into the research topics of 'Improving the security of direct anonymous attestation under host corruptions'. Together they form a unique fingerprint.

    Cite this