A secure and practical approach for providing anonymity protection for trusted platforms

Abstract

Two different anonymisation schemes for Trusted Computing platforms have been proposed by the Trusted Computing Group - the PrivacyCA scheme and the Direct Anonymous Attestation scheme. These schemes rely on trusted third parties that issue either temporary one-time certificates or group credentials to trusted platforms which enable these platforms to create anonymous signatures on behalf of a group. Moreover, the schemes require trust in these third parties and the platforms have to be part of their groups. However, there are certain use-cases where group affiliation is either not preferred or cannot be established. Hence, these existing schemes cannot be used in all situations where anonymity is needed and a new scheme without a trusted third party would be required. In order to overcome these problems, we present an anonymity preserving approach that allows trusted platforms to protect their anonymity without involvement of a trusted third party. We show how this new scheme can be used with existing Trusted Platform Modules version 1.2 and provide a detailed discussion of our proof-of-concept prototype implementation. © 2010 Springer-Verlag.