The Direct Anonymous Attestation (DAA) scheme provides a means for remotely authenticating a trusted platform whilst preserving the user's privacy. The protocol has been adopted by the Trusted Computing Group (TCG) in the latest version of its Trusted Platform Module (TPM) specification. In this paper we show DAA places an unnecessarily large burden on the TPM host. We demonstrate how corrupt administrators can exploit this weakness to violate privacy. The paper provides a fix for the vulnerability. Further privacy issues concerning linkability are identified and a framework for their resolution is developed. In addition an optimisation to reduce the number of messages exchanged is proposed. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Smyth, B., Ryan, M., & Chen, L. (2007). Direct anonymous attestation (DAA): Ensuring privacy with corrupt administrators. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4572 LNCS, pp. 218–231). Springer Verlag. https://doi.org/10.1007/978-3-540-73275-4_16
Mendeley helps you to discover research relevant for your work.