Privacy Enhancements for Hardware-Based Security Modules
The increasing growth in the use of Hardware Security Modules (HSMs) towards identification and authentication of a security endpoint have raised numerous privacy and security concerns. HSMs have the ability to tie a system or an object, along with its users to the physical world. However, this enables tracking of the user and/or an object associated with the HSM. Current systems do not adequately address the privacy needs and as such are susceptible to various attacks.
In this work, we analyse various security and privacy concerns that arise when deploying such hardware security modules and propose a system that allow users to create pseudonyms from a trusted master public-secret key pair. The proposed system is based on the intractability of factoring and finding square roots of a quadratic residue modulo a composite number, where the composite number is a product of two large primes. Along with the standard notion of protecting privacy of an user, the proposed system offers colligation between seemingly independent pseudonyms. This new property when combined with HSMs that store the master secret key is extremely beneficial to a user, as it offers a convenient way to generate a large number of pseudonyms using relatively small storage requirements.
KeywordsPseudonyms Anonymity Hardware-based security
Unable to display preview. Download preview PDF.
- 1.Trusted computing group (2008), https://www.trustedcomputinggroup.org/
- 2.TCG: Trusted computing group main specification v1.1 (2001)Google Scholar
- 3.Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: 11th ACM Conference on Computer and Communications Security. ACM Press, New York (2004)Google Scholar
- 4.TCG: Trusted computing group main specification v1.2 (2007)Google Scholar
- 5.Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 101–120. Springer, Heidelberg (2002)Google Scholar
- 9.Canetti, R., Charikar, M.S., Rajagopalan, S., Ravikumar, S., Sahai, A., Tomkins, A.S.: Non-transferable anonymous credentials. Patent No: 7222362 (2000)Google Scholar
- 13.Chaum, D.: Blind signatures for untraceable payments. In: Advances in Cryptology - CRYPTO 1982, pp. 199–203 (1982)Google Scholar
- 21.Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security 1993, pp. 62–73 (1993)Google Scholar