Implementation aspects of anonymous credential systems for mobile trusted platforms

Authors:
Kurt Dietrich;Johannes Winter;Granit Luzhnica;Siegfried Podesser
Affiliations:
Institute for Applied Information Processing and Communications Graz, University of Technology, Graz, Austria;Institute for Applied Information Processing and Communications Graz, University of Technology, Graz, Austria;Institute for Applied Information Processing and Communications Graz, University of Technology, Graz, Austria;Institute for Applied Information Processing and Communications Graz, University of Technology, Graz, Austria
Venue:
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Year:
2011

Citing 9
Cited 1

Design and implementation of the idemix anonymous credential system

Proceedings of the 9th ACM conference on Computer and communications security
Direct anonymous attestation

Proceedings of the 11th ACM conference on Computer and communications security
An integrated architecture for trusted computing for java enabled embedded devices

Proceedings of the 2007 ACM workshop on Scalable trusted computing
Implementation Aspects of Mobile and Embedded Trusted Computing

Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Anonymous credentials on a standard java card

Proceedings of the 16th ACM conference on Computer and communications security
Direct anonymous attestation (DAA): ensuring privacy with corrupt administrators

ESAS'07 Proceedings of the 4th European conference on Security and privacy in ad-hoc and sensor networks
Lightweight anonymous authentication with TLS and DAA for embedded mobile devices

ISC'10 Proceedings of the 13th international conference on Information security
Anonymous credentials for java enabled platforms: a performance evaluation

INTRUST'09 Proceedings of the First international conference on Trusted Systems
Anonymous client authentication for transport layer security

CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security

Practical privacy preserving cloud resource-payment for constrained clients

PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

Anonymity and privacy protection are very important issues for Trusted Computing enabled platforms. Protection mechanisms are required in order to hide activities of the trusted platforms when performing cryptography based transactions over the Internet, which would otherwise compromise the platform's privacy and with it the users's anonymity. In order to address this problem, the Trusted Computing Group (TCG) has introduced two concepts addressing the question how the anonymity of Trusted Platform Modules (TPMs) and their enclosing platforms can be protected. The most promising of these two concepts is the Direct Anonymous Attestation (DAA) scheme which eliminates the requirement of a remote authority but includes complex mathematical computations. Moreover, DAA requires a comprehensive infrastructure consisting of various components in order to allow anonymous signatures to be used in real-world scenarios. In this paper, we discuss the results of our analysis of an infrastructure for anonymous credential systems which is focused on the Direct Anonymous Attestation (DAA) scheme as specified by the TCG. For the analysis, we especially focus on mobile trusted platforms and their requirements. We discuss our experiences and experimental results when designing and implementing the infrastructure and give suggestions for improvements and propose concepts and models for - from our point of view - missing components.