On a Possible Privacy Flaw in Direct Anonymous Attestation (DAA)

Authors:
Adrian Leung;Liqun Chen;Chris J. Mitchell
Affiliations:
Information Security Group, Royal Holloway, University of London, Egham, UK TW20 0EX;Hewlett-Packard Laboratories, , Stoke Gifford, UK BS34 8QZ;Information Security Group, Royal Holloway, University of London, Egham, UK TW20 0EX
Venue:
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Year:
2008

Citing 3
Cited 8

Direct anonymous attestation

Proceedings of the 11th ACM conference on Computer and communications security
Trusted Computing: Providing Security for Peer-to-Peer Networks

P2P '05 Proceedings of the Fifth IEEE International Conference on Peer-to-Peer Computing
Ninja: non identity based, privacy preserving authentication for ubiquitous environments

UbiComp '07 Proceedings of the 9th international conference on Ubiquitous computing

A DAA scheme using batch proof and verification

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
A DAA scheme requiring less TPM resources

Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Trust extension as a mechanism for secure code execution on commodity computers

Trust extension as a mechanism for secure code execution on commodity computers
Direct anonymous attestation: enhancing cloud service user privacy

OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part II
Trusted computing enhanced user authentication with OpenID and trustworthy user interface

International Journal of Internet Technology and Secured Transactions
A (corrected) DAA scheme using batch proof and verification

INTRUST'11 Proceedings of the Third international conference on Trusted Systems
DAA protocol analysis and verification

INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Attacking and fixing Helios: An analysis of ballot secrecy

Journal of Computer Security

Quantified Score

Hi-index	0.02

Visualization

Abstract

A possible privacy flaw in the TCG implementation of the Direct Anonymous Attestation (DAA) protocol has recently been discovered by Rudolph. This flaw allows a DAA Issuer to covertly include identifying information within DAA Certificates, enabling a colluding DAA Issuer and one or more verifiers to link and uniquely identify users, compromising user privacy and thereby invalidating the key feature provided by DAA . In this paper we argue that, in typical usage scenarios, the weakness identified by Rudolph is not likely to lead to a feasible attack; specifically we argue that the attack is only likely to be feasible if honest DAA signers and verifiers never check the behaviour of issuers. We also suggest possible ways of avoiding the threat posed by Rudolph's observation.