Abstract
Direct Anonymous Attestation (DAA) is an anonymous signature scheme designed for anonymous attestation of a Trusted Platform Module (TPM) while preserving the privacy of the device owner. In 2004, Brickell, Camenisch, and Chen provided the first DAA scheme based on the strong RSA assumption and decisional Diffie-Hellman assumption. This scheme was adopted by the Trusted Computing Group in the TPM 1.2 Specification and has been implemented in hundreds of millions of computer platforms. Since then, multiple DAA schemes have been developed, many of which are based on bilinear maps. In this paper, we discover that in a large number of DAA schemes, including the original one adopted in TPM 1.2, a malicious user can treat a TPM as a static Diffie-Hellman (DH) oracle, therefore security of these schemes are based on the hardness of the static DH problem. However, this security feature has not been analyzed in the security proofs of most of these schemes. Brown and Gallant showed that one can break the Static DH problem in a group of order ρ with only O(ρ 1/3) oracle queries and O(ρ 1/3) group operations. Our discovery means that the security level of these DAA schemes can be significantly weaken, only roughly 2/3 of the claimed security level. We discuss the impact of our discovery and present how to patch the affected DAA schemes to avoid this attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ISO/IEC PAS DIS 11889: Information technology – Security techniques – Trusted platform module
Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 202–215. IEEE Computer Society (2008)
Barreto, P.S.L.M., Naehrig, M.: Pairing-Friendly Elliptic Curves of Prime Order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)
Bellare, M., Shi, H., Zhang, C.: Foundations of Group Signatures: The Case of Dynamic Groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005)
Boneh, D., Boyen, X., Shacham, H.: Short Group Signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 132–145. ACM Press (2004)
Brickell, E., Chen, L., Li, J.: A New Direct Anonymous Attestation Scheme from Bilinear Maps. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 166–178. Springer, Heidelberg (2008)
Brickell, E., Chen, L., Li, J.: Simplified security notions of direct anonymous attestation and a concrete scheme from pairings. International Journal of Information Security 8(5), 315–330 (2009)
Brickell, E., Chen, L., Li, J.: A (Corrected) DAA Scheme Using Batch Proof and Verification. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 304–337. Springer, Heidelberg (2012)
Brickell, E., Li, J.: Enhanced Privacy ID: A direct anonymous attestation scheme with enhanced revocation capabilities. In: Proceedings of the 6th ACM Workshop on Privacy in the Electronic Society, pp. 21–30 (October 2007)
Brickell, E., Li, J.: Enhanced Privacy ID from bilinear pairing for hardware authentication and attestation. In: Proceedings of 2nd IEEE International Conference on Information Privacy, Security, Risk and Trust, pp. 768–775 (2010)
Brickell, E., Li, J.: A Pairing-Based DAA Scheme Further Reducing TPM Resources. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 181–195. Springer, Heidelberg (2010)
Brown, D.R.L., Gallant, R.P.: The static Diffie-Hellman problem. Cryptology ePrint Archive, Report 2004/306 (2004), http://eprint.iacr.org/
Camenisch, J.L., Lysyanskaya, A.: A Signature Scheme with Efficient Protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)
Camenisch, J.L., Lysyanskaya, A.: Signature Schemes and Anonymous Credentials from Bilinear Maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)
Chaum, D., van Antwerpen, H.: Undeniable Signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, Heidelberg (1990)
Chen, L.: A DAA Scheme Requiring Less TPM Resources. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 350–365. Springer, Heidelberg (2010)
Chen, L.: A DAA Scheme Using Batch Proof and Verification. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 166–180. Springer, Heidelberg (2010)
Chen, L., Morrissey, P., Smart, N.P.: Pairings in Trusted Computing. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 1–17. Springer, Heidelberg (2008)
Chen, L., Morrissey, P., Smart, N.P.: DAA: Fixing the pairing based protocols. Cryptology ePrint Archive, Report 2009/198 (2009), http://eprint.iacr.org/
Chen, L., Page, D., Smart, N.P.: On the Design and Implementation of an Efficient DAA Scheme. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 223–237. Springer, Heidelberg (2010)
Chen, X., Feng, D.: Direct anonymous attestation for next generation TPM. Journal of Computers 3(12), 43–50 (2008)
Cheon, J.H.: Security Analysis of the Strong Diffie-Hellman Problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 1–11. Springer, Heidelberg (2006)
El Gamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)
Ford, W., Kaliski, B.S.: Server-assisted generation of a strong secret from a password. In: Proceedings of the IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 176–180 (2000)
Ge, H., Tate, S.R.: A Direct Anonymous Attestation Scheme for Embedded Devices. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 16–30. Springer, Heidelberg (2007)
Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym Systems (Extended Abstract). In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)
Menezes, A.J., Oorschot, P.C.V., Vanstone, S.A.: Handbook of Applied Cryptography (revised reprint with updates). CRC Press (1997)
Montgomery, P.L.: A survey of modern integer factorization algorithms. CWI Quarterly 7, 337–366 (1994)
Trusted Computing Group. TCG TPM specification 1.2 (2003), http://www.trustedcomputinggroup.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brickell, E., Chen, L., Li, J. (2012). A Static Diffie-Hellman Attack on Several Direct Anonymous Attestation Schemes. In: Mitchell, C.J., Tomlinson, A. (eds) Trusted Systems. INTRUST 2012. Lecture Notes in Computer Science, vol 7711. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35371-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-35371-0_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35370-3
Online ISBN: 978-3-642-35371-0
eBook Packages: Computer ScienceComputer Science (R0)